Package software.amazon.awscdk.services.eks

Class CfnAccessEntry

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.eks.CfnAccessEntry
All Implemented Interfaces:
IInspectable, IAccessEntryRef, IEnvironmentAware, ITaggableV2, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.120.0 (build 192dc88)", date="2025-12-05T22:26:36.217Z") @Stability(Stable) public class CfnAccessEntry extends CfnResource implements IInspectable, IAccessEntryRef, ITaggableV2
Creates an access entry.

An access entry allows an IAM principal to access your cluster. Access entries can replace the need to maintain entries in the aws-auth ConfigMap for authentication. You have the following options for authorizing an IAM principal to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you to create and manage Kubernetes Role , ClusterRole , RoleBinding , and ClusterRoleBinding objects, in addition to managing access entries. If you use Amazon EKS authorization exclusively, you don't need to create and manage Kubernetes Role , ClusterRole , RoleBinding , and ClusterRoleBinding objects.

For more information about access entries, see Access entries in the Amazon EKS User Guide .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.eks.*;
 CfnAccessEntry cfnAccessEntry = CfnAccessEntry.Builder.create(this, "MyCfnAccessEntry")
         .clusterName("clusterName")
         .principalArn("principalArn")
         // the properties below are optional
         .accessPolicies(List.of(AccessPolicyProperty.builder()
                 .accessScope(AccessScopeProperty.builder()
                         .type("type")
                         // the properties below are optional
                         .namespaces(List.of("namespaces"))
                         .build())
                 .policyArn("policyArn")
                 .build()))
         .kubernetesGroups(List.of("kubernetesGroups"))
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .type("type")
         .username("username")
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnAccessEntry

      protected CfnAccessEntry(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnAccessEntry

      protected CfnAccessEntry(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnAccessEntry

      @Stability(Stable) public CfnAccessEntry(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnAccessEntryProps props)
      Create a new AWS::EKS::AccessEntry.

      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • arnForAccessEntry

      @Stability(Stable) @NotNull public static String arnForAccessEntry(@NotNull IAccessEntryRef resource)
      Parameters:
      resource - This parameter is required.

    • isCfnAccessEntry

      @Stability(Stable) @NotNull public static Boolean isCfnAccessEntry(@NotNull Object x)
      Checks whether the given object is a CfnAccessEntry.

      Parameters:
      x - This parameter is required.

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAccessEntryRef

      @Stability(Stable) @NotNull public AccessEntryReference getAccessEntryRef()
      A reference to a AccessEntry resource.
      Specified by:
      getAccessEntryRef in interface IAccessEntryRef

    • getAttrAccessEntryArn

      @Stability(Stable) @NotNull public String getAttrAccessEntryArn()
      The ARN of the access entry.

    • getCdkTagManager

      @Stability(Stable) @NotNull public TagManager getCdkTagManager()
      Tag Manager which manages the tags for this resource.
      Specified by:
      getCdkTagManager in interface ITaggableV2

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getClusterName

      @Stability(Stable) @NotNull public String getClusterName()
      The name of your cluster.

    • setClusterName

      @Stability(Stable) public void setClusterName(@NotNull String value)
      The name of your cluster.

    • getPrincipalArn

      @Stability(Stable) @NotNull public String getPrincipalArn()
      The ARN of the IAM principal for the AccessEntry .

    • setPrincipalArn

      @Stability(Stable) public void setPrincipalArn(@NotNull String value)
      The ARN of the IAM principal for the AccessEntry .

    • getAccessPolicies

      @Stability(Stable) @Nullable public Object getAccessPolicies()
      The access policies to associate to the access entry.

      Returns union: either IResolvable or Listinvalid input: '<'either IResolvable or CfnAccessEntry.AccessPolicyProperty>

    • setAccessPolicies

      @Stability(Stable) public void setAccessPolicies(@Nullable IResolvable value)
      The access policies to associate to the access entry.

    • setAccessPolicies

      @Stability(Stable) public void setAccessPolicies(@Nullable List<Object> value)
      The access policies to associate to the access entry.

    • getKubernetesGroups

      @Stability(Stable) @Nullable public List<String> getKubernetesGroups()
      The value for name that you've specified for kind: Group as a subject in a Kubernetes RoleBinding or ClusterRoleBinding object.

    • setKubernetesGroups

      @Stability(Stable) public void setKubernetesGroups(@Nullable List<String> value)
      The value for name that you've specified for kind: Group as a subject in a Kubernetes RoleBinding or ClusterRoleBinding object.

    • getTags

      @Stability(Stable) @Nullable public List<CfnTag> getTags()
      Metadata that assists with categorization and organization.

    • setTags

      @Stability(Stable) public void setTags(@Nullable List<CfnTag> value)
      Metadata that assists with categorization and organization.

    • getType

      @Stability(Stable) @Nullable public String getType()
      The type of the new access entry.

    • setType

      @Stability(Stable) public void setType(@Nullable String value)
      The type of the new access entry.

    • getUsername

      @Stability(Stable) @Nullable public String getUsername()
      The username to authenticate to Kubernetes with.

    • setUsername

      @Stability(Stable) public void setUsername(@Nullable String value)
      The username to authenticate to Kubernetes with.