Package software.amazon.awscdk.services.eks

Class CfnCluster

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.eks.CfnCluster
All Implemented Interfaces:
IInspectable, IClusterRef, IEnvironmentAware, ITaggable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.120.0 (build 192dc88)", date="2025-12-05T10:47:20.219Z") @Stability(Stable) public class CfnCluster extends CfnResource implements IInspectable, IClusterRef, ITaggable
Creates an Amazon EKS control plane.

The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.

The cluster control plane is provisioned across multiple Availability Zones and fronted by an ELB Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec , logs , and proxy data flows).

Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.

You can use the endpointPublicAccess and endpointPrivateAccess parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. The endpoint domain name and IP address family depends on the value of the ipFamily for the cluster. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .

You can use the logging parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .

CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing .

In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Allowing users to access your cluster and Launching Amazon EKS nodes in the Amazon EKS User Guide .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.eks.*;
 CfnCluster cfnCluster = CfnCluster.Builder.create(this, "MyCfnCluster")
         .resourcesVpcConfig(ResourcesVpcConfigProperty.builder()
                 .subnetIds(List.of("subnetIds"))
                 // the properties below are optional
                 .endpointPrivateAccess(false)
                 .endpointPublicAccess(false)
                 .publicAccessCidrs(List.of("publicAccessCidrs"))
                 .securityGroupIds(List.of("securityGroupIds"))
                 .build())
         .roleArn("roleArn")
         // the properties below are optional
         .accessConfig(AccessConfigProperty.builder()
                 .authenticationMode("authenticationMode")
                 .bootstrapClusterCreatorAdminPermissions(false)
                 .build())
         .bootstrapSelfManagedAddons(false)
         .computeConfig(ComputeConfigProperty.builder()
                 .enabled(false)
                 .nodePools(List.of("nodePools"))
                 .nodeRoleArn("nodeRoleArn")
                 .build())
         .controlPlaneScalingConfig(ControlPlaneScalingConfigProperty.builder()
                 .tier("tier")
                 .build())
         .deletionProtection(false)
         .encryptionConfig(List.of(EncryptionConfigProperty.builder()
                 .provider(ProviderProperty.builder()
                         .keyArn("keyArn")
                         .build())
                 .resources(List.of("resources"))
                 .build()))
         .force(false)
         .kubernetesNetworkConfig(KubernetesNetworkConfigProperty.builder()
                 .elasticLoadBalancing(ElasticLoadBalancingProperty.builder()
                         .enabled(false)
                         .build())
                 .ipFamily("ipFamily")
                 .serviceIpv4Cidr("serviceIpv4Cidr")
                 .serviceIpv6Cidr("serviceIpv6Cidr")
                 .build())
         .logging(LoggingProperty.builder()
                 .clusterLogging(ClusterLoggingProperty.builder()
                         .enabledTypes(List.of(LoggingTypeConfigProperty.builder()
                                 .type("type")
                                 .build()))
                         .build())
                 .build())
         .name("name")
         .outpostConfig(OutpostConfigProperty.builder()
                 .controlPlaneInstanceType("controlPlaneInstanceType")
                 .outpostArns(List.of("outpostArns"))
                 // the properties below are optional
                 .controlPlanePlacement(ControlPlanePlacementProperty.builder()
                         .groupName("groupName")
                         .build())
                 .build())
         .remoteNetworkConfig(RemoteNetworkConfigProperty.builder()
                 .remoteNodeNetworks(List.of(RemoteNodeNetworkProperty.builder()
                         .cidrs(List.of("cidrs"))
                         .build()))
                 // the properties below are optional
                 .remotePodNetworks(List.of(RemotePodNetworkProperty.builder()
                         .cidrs(List.of("cidrs"))
                         .build()))
                 .build())
         .storageConfig(StorageConfigProperty.builder()
                 .blockStorage(BlockStorageProperty.builder()
                         .enabled(false)
                         .build())
                 .build())
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .upgradePolicy(UpgradePolicyProperty.builder()
                 .supportType("supportType")
                 .build())
         .version("version")
         .zonalShiftConfig(ZonalShiftConfigProperty.builder()
                 .enabled(false)
                 .build())
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnCluster

      protected CfnCluster(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnCluster

      protected CfnCluster(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnCluster

      @Stability(Stable) public CfnCluster(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnClusterProps props)
      Create a new AWS::EKS::Cluster.

      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • arnForCluster

      @Stability(Stable) @NotNull public static String arnForCluster(@NotNull IClusterRef resource)
      Parameters:
      resource - This parameter is required.

    • fromClusterArn

      @Stability(Stable) @NotNull public static IClusterRef fromClusterArn(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String arn)
      Creates a new IClusterRef from an ARN.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      arn - This parameter is required.

    • fromClusterName

      @Stability(Stable) @NotNull public static IClusterRef fromClusterName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String clusterName)
      Creates a new IClusterRef from a clusterName.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      clusterName - This parameter is required.

    • isCfnCluster

      @Stability(Stable) @NotNull public static Boolean isCfnCluster(@NotNull Object x)
      Checks whether the given object is a CfnCluster.

      Parameters:
      x - This parameter is required.

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrArn

      @Stability(Stable) @NotNull public String getAttrArn()
      The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod .

    • getAttrCertificateAuthorityData

      @Stability(Stable) @NotNull public String getAttrCertificateAuthorityData()
      The certificate-authority-data for your cluster.

    • getAttrClusterSecurityGroupId

      @Stability(Stable) @NotNull public String getAttrClusterSecurityGroupId()
      The cluster security group that was created by Amazon EKS for the cluster.

      Managed node groups use this security group for control plane to data plane communication.

      This parameter is only returned by Amazon EKS clusters that support managed node groups. For more information, see Managed node groups in the Amazon EKS User Guide .

    • getAttrEncryptionConfigKeyArn

      @Stability(Stable) @NotNull public String getAttrEncryptionConfigKeyArn()
      Amazon Resource Name (ARN) or alias of the customer master key (CMK).

    • getAttrEndpoint

      @Stability(Stable) @NotNull public String getAttrEndpoint()
      The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com .

    • getAttrId

      @Stability(Stable) @NotNull public String getAttrId()
      The ID of your local Amazon EKS cluster on an AWS Outpost.

      This property isn't available for an Amazon EKS cluster on the AWS cloud.

    • getAttrKubernetesNetworkConfigServiceIpv6Cidr

      @Stability(Stable) @NotNull public String getAttrKubernetesNetworkConfigServiceIpv6Cidr()
      The CIDR block that Kubernetes Service IP addresses are assigned from if you created a 1.21 or later cluster with version >1.10.1 or later of the Amazon VPC CNI add-on and specified ipv6 for ipFamily when you created the cluster. Kubernetes assigns Service addresses from the unique local address range ( fc00::/7 ) because you can't specify a custom IPv6 CIDR block when you create the cluster.

    • getAttrOpenIdConnectIssuerUrl

      @Stability(Stable) @NotNull public String getAttrOpenIdConnectIssuerUrl()
      The issuer URL for the OIDC identity provider of the cluster, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E . If you need to remove https:// from this output value, you can include the following code in your template.

      !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]]

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getClusterRef

      @Stability(Stable) @NotNull public ClusterReference getClusterRef()
      A reference to a Cluster resource.
      Specified by:
      getClusterRef in interface IClusterRef

    • getTags

      @Stability(Stable) @NotNull public TagManager getTags()
      Tag Manager which manages the tags for this resource.
      Specified by:
      getTags in interface ITaggable

    • getResourcesVpcConfig

      @Stability(Stable) @NotNull public Object getResourcesVpcConfig()
      The VPC configuration that's used by the cluster control plane.

      Returns union: either IResolvable or CfnCluster.ResourcesVpcConfigProperty

    • setResourcesVpcConfig

      @Stability(Stable) public void setResourcesVpcConfig(@NotNull IResolvable value)
      The VPC configuration that's used by the cluster control plane.

    • setResourcesVpcConfig

      @Stability(Stable) public void setResourcesVpcConfig(@NotNull CfnCluster.ResourcesVpcConfigProperty value)
      The VPC configuration that's used by the cluster control plane.

    • getRoleArn

      @Stability(Stable) @NotNull public String getRoleArn()
      The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.

    • setRoleArn

      @Stability(Stable) public void setRoleArn(@NotNull String value)
      The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.

    • getAccessConfig

      @Stability(Stable) @Nullable public Object getAccessConfig()
      The access configuration for the cluster.

      Returns union: either IResolvable or CfnCluster.AccessConfigProperty

    • setAccessConfig

      @Stability(Stable) public void setAccessConfig(@Nullable IResolvable value)
      The access configuration for the cluster.

    • setAccessConfig

      @Stability(Stable) public void setAccessConfig(@Nullable CfnCluster.AccessConfigProperty value)
      The access configuration for the cluster.

    • getBootstrapSelfManagedAddons

      @Stability(Stable) @Nullable public Object getBootstrapSelfManagedAddons()
      If you set this value to False when creating a cluster, the default networking add-ons will not be installed.

      Returns union: either Boolean or IResolvable

    • setBootstrapSelfManagedAddons

      @Stability(Stable) public void setBootstrapSelfManagedAddons(@Nullable Boolean value)
      If you set this value to False when creating a cluster, the default networking add-ons will not be installed.

    • setBootstrapSelfManagedAddons

      @Stability(Stable) public void setBootstrapSelfManagedAddons(@Nullable IResolvable value)
      If you set this value to False when creating a cluster, the default networking add-ons will not be installed.

    • getComputeConfig

      @Stability(Stable) @Nullable public Object getComputeConfig()
      Indicates the current configuration of the compute capability on your EKS Auto Mode cluster.

      Returns union: either IResolvable or CfnCluster.ComputeConfigProperty

    • setComputeConfig

      @Stability(Stable) public void setComputeConfig(@Nullable IResolvable value)
      Indicates the current configuration of the compute capability on your EKS Auto Mode cluster.

    • setComputeConfig

      @Stability(Stable) public void setComputeConfig(@Nullable CfnCluster.ComputeConfigProperty value)
      Indicates the current configuration of the compute capability on your EKS Auto Mode cluster.

    • getControlPlaneScalingConfig

      @Stability(Stable) @Nullable public Object getControlPlaneScalingConfig()
      The control plane scaling tier configuration.

      Returns union: either IResolvable or CfnCluster.ControlPlaneScalingConfigProperty

    • setControlPlaneScalingConfig

      @Stability(Stable) public void setControlPlaneScalingConfig(@Nullable IResolvable value)
      The control plane scaling tier configuration.

    • setControlPlaneScalingConfig

      @Stability(Stable) public void setControlPlaneScalingConfig(@Nullable CfnCluster.ControlPlaneScalingConfigProperty value)
      The control plane scaling tier configuration.

    • getDeletionProtection

      @Stability(Stable) @Nullable public Object getDeletionProtection()
      The current deletion protection setting for the cluster.

      Returns union: either Boolean or IResolvable

    • setDeletionProtection

      @Stability(Stable) public void setDeletionProtection(@Nullable Boolean value)
      The current deletion protection setting for the cluster.

    • setDeletionProtection

      @Stability(Stable) public void setDeletionProtection(@Nullable IResolvable value)
      The current deletion protection setting for the cluster.

    • getEncryptionConfig

      @Stability(Stable) @Nullable public Object getEncryptionConfig()
      The encryption configuration for the cluster.

      Returns union: either IResolvable or Listinvalid input: '<'either IResolvable or CfnCluster.EncryptionConfigProperty>

    • setEncryptionConfig

      @Stability(Stable) public void setEncryptionConfig(@Nullable IResolvable value)
      The encryption configuration for the cluster.

    • setEncryptionConfig

      @Stability(Stable) public void setEncryptionConfig(@Nullable List<Object> value)
      The encryption configuration for the cluster.

    • getForce

      @Stability(Stable) @Nullable public Object getForce()
      Set this value to true to override upgrade-blocking readiness checks when updating a cluster.

      Returns union: either Boolean or IResolvable

    • setForce

      @Stability(Stable) public void setForce(@Nullable Boolean value)
      Set this value to true to override upgrade-blocking readiness checks when updating a cluster.

    • setForce

      @Stability(Stable) public void setForce(@Nullable IResolvable value)
      Set this value to true to override upgrade-blocking readiness checks when updating a cluster.

    • getKubernetesNetworkConfig

      @Stability(Stable) @Nullable public Object getKubernetesNetworkConfig()
      The Kubernetes network configuration for the cluster.

      Returns union: either IResolvable or CfnCluster.KubernetesNetworkConfigProperty

    • setKubernetesNetworkConfig

      @Stability(Stable) public void setKubernetesNetworkConfig(@Nullable IResolvable value)
      The Kubernetes network configuration for the cluster.

    • setKubernetesNetworkConfig

      @Stability(Stable) public void setKubernetesNetworkConfig(@Nullable CfnCluster.KubernetesNetworkConfigProperty value)
      The Kubernetes network configuration for the cluster.

    • getLogging

      @Stability(Stable) @Nullable public Object getLogging()
      The logging configuration for your cluster.

      Returns union: either IResolvable or CfnCluster.LoggingProperty

    • setLogging

      @Stability(Stable) public void setLogging(@Nullable IResolvable value)
      The logging configuration for your cluster.

    • setLogging

      @Stability(Stable) public void setLogging(@Nullable CfnCluster.LoggingProperty value)
      The logging configuration for your cluster.

    • getName

      @Stability(Stable) @Nullable public String getName()
      The unique name to give to your cluster.

    • setName

      @Stability(Stable) public void setName(@Nullable String value)
      The unique name to give to your cluster.

    • getOutpostConfig

      @Stability(Stable) @Nullable public Object getOutpostConfig()
      An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost.

      Returns union: either IResolvable or CfnCluster.OutpostConfigProperty

    • setOutpostConfig

      @Stability(Stable) public void setOutpostConfig(@Nullable IResolvable value)
      An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost.

    • setOutpostConfig

      @Stability(Stable) public void setOutpostConfig(@Nullable CfnCluster.OutpostConfigProperty value)
      An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost.

    • getRemoteNetworkConfig

      @Stability(Stable) @Nullable public Object getRemoteNetworkConfig()
      The configuration in the cluster for EKS Hybrid Nodes.

      Returns union: either IResolvable or CfnCluster.RemoteNetworkConfigProperty

    • setRemoteNetworkConfig

      @Stability(Stable) public void setRemoteNetworkConfig(@Nullable IResolvable value)
      The configuration in the cluster for EKS Hybrid Nodes.

    • setRemoteNetworkConfig

      @Stability(Stable) public void setRemoteNetworkConfig(@Nullable CfnCluster.RemoteNetworkConfigProperty value)
      The configuration in the cluster for EKS Hybrid Nodes.

    • getStorageConfig

      @Stability(Stable) @Nullable public Object getStorageConfig()
      Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster.

      Returns union: either IResolvable or CfnCluster.StorageConfigProperty

    • setStorageConfig

      @Stability(Stable) public void setStorageConfig(@Nullable IResolvable value)
      Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster.

    • setStorageConfig

      @Stability(Stable) public void setStorageConfig(@Nullable CfnCluster.StorageConfigProperty value)
      Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster.

    • getTagsRaw

      @Stability(Stable) @Nullable public List<CfnTag> getTagsRaw()
      The metadata that you apply to the cluster to assist with categorization and organization.

    • setTagsRaw

      @Stability(Stable) public void setTagsRaw(@Nullable List<CfnTag> value)
      The metadata that you apply to the cluster to assist with categorization and organization.

    • getUpgradePolicy

      @Stability(Stable) @Nullable public Object getUpgradePolicy()
      This value indicates if extended support is enabled or disabled for the cluster.

      Returns union: either IResolvable or CfnCluster.UpgradePolicyProperty

    • setUpgradePolicy

      @Stability(Stable) public void setUpgradePolicy(@Nullable IResolvable value)
      This value indicates if extended support is enabled or disabled for the cluster.

    • setUpgradePolicy

      @Stability(Stable) public void setUpgradePolicy(@Nullable CfnCluster.UpgradePolicyProperty value)
      This value indicates if extended support is enabled or disabled for the cluster.

    • getVersion

      @Stability(Stable) @Nullable public String getVersion()
      The desired Kubernetes version for your cluster.

    • setVersion

      @Stability(Stable) public void setVersion(@Nullable String value)
      The desired Kubernetes version for your cluster.

    • getZonalShiftConfig

      @Stability(Stable) @Nullable public Object getZonalShiftConfig()
      The configuration for zonal shift for the cluster.

      Returns union: either IResolvable or CfnCluster.ZonalShiftConfigProperty

    • setZonalShiftConfig

      @Stability(Stable) public void setZonalShiftConfig(@Nullable IResolvable value)
      The configuration for zonal shift for the cluster.

    • setZonalShiftConfig

      @Stability(Stable) public void setZonalShiftConfig(@Nullable CfnCluster.ZonalShiftConfigProperty value)
      The configuration for zonal shift for the cluster.