Package software.amazon.awscdk.services.eks

Interface ClusterAttributes

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
ClusterAttributes.Jsii$Proxy
@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)", date="2025-11-20T23:37:21.129Z") @Stability(Stable) public interface ClusterAttributes extends software.amazon.jsii.JsiiSerializable
Attributes for EKS clusters.

Example: 

 Cluster cluster;
 AutoScalingGroup asg;
 ICluster importedCluster = Cluster.fromClusterAttributes(this, "ImportedCluster", ClusterAttributes.builder()
         .clusterName(cluster.getClusterName())
         .clusterSecurityGroupId(cluster.getClusterSecurityGroupId())
         .build());
 importedCluster.connectAutoScalingGroupCapacity(asg, AutoScalingGroupOptions.builder().build());

  • Method Details

    • getClusterName

      @Stability(Stable) @NotNull String getClusterName()
      The physical name of the Cluster.

    • getAwscliLayer

      @Stability(Stable) @Nullable default ILayerVersion getAwscliLayer()
      An AWS Lambda layer that contains the aws CLI.

      The handler expects the layer to include the following executables: 

       /opt/awscli/aws

      Default: - a default layer with the AWS CLI 1.x

    • getClusterCertificateAuthorityData

      @Stability(Stable) @Nullable default String getClusterCertificateAuthorityData()
      The certificate-authority-data for your cluster.

      Default: - if not specified `cluster.clusterCertificateAuthorityData` will throw an error

    • getClusterEncryptionConfigKeyArn

      @Stability(Stable) @Nullable default String getClusterEncryptionConfigKeyArn()
      Amazon Resource Name (ARN) or alias of the customer master key (CMK).

      Default: - if not specified `cluster.clusterEncryptionConfigKeyArn` will throw an error

    • getClusterEndpoint

      @Stability(Stable) @Nullable default String getClusterEndpoint()
      The API Server endpoint URL.

      Default: - if not specified `cluster.clusterEndpoint` will throw an error.

    • getClusterHandlerSecurityGroupId

      @Stability(Stable) @Nullable default String getClusterHandlerSecurityGroupId()
      A security group id to associate with the Cluster Handler's Lambdas.

      The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.

      Default: - No security group.

    • getClusterSecurityGroupId

      @Stability(Stable) @Nullable default String getClusterSecurityGroupId()
      The cluster security group that was created by Amazon EKS for the cluster.

      Default: - if not specified `cluster.clusterSecurityGroupId` will throw an error

    • getIpFamily

      @Stability(Stable) @Nullable default IpFamily getIpFamily()
      Specify which IP family is used to assign Kubernetes pod and service IP addresses.

      Default: - IpFamily.IP_V4

      See Also:

    • getKubectlEnvironment

      @Stability(Stable) @Nullable default Map<String,String> getKubectlEnvironment()
      Environment variables to use when running kubectl against this cluster.

      Default: - no additional variables

    • getKubectlLambdaRole

      @Stability(Stable) @Nullable default IRole getKubectlLambdaRole()
      An IAM role that can perform kubectl operations against this cluster.

      The role should be mapped to the system:masters Kubernetes RBAC role.

      This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.

      Default: - if not specified, the default role created by a lambda function will be used.

    • getKubectlLayer

      @Stability(Stable) @Nullable default ILayerVersion getKubectlLayer()
      An AWS Lambda Layer which includes kubectl and Helm.

      This layer is used by the kubectl handler to apply manifests and install helm charts. You must pick an appropriate releases of one of the @aws-cdk/layer-kubectl-vXX packages, that works with the version of Kubernetes you have chosen.

      The handler expects the layer to include the following executables: 

       /opt/helm/helm
 /opt/kubectl/kubectl

      Default: - No default layer will be provided

    • getKubectlMemory

      @Stability(Stable) @Nullable default Size getKubectlMemory()
      Amount of memory to allocate to the provider's lambda function.

      Default: Size.gibibytes(1)

    • getKubectlPrivateSubnetIds

      @Stability(Stable) @Nullable default List<String> getKubectlPrivateSubnetIds()
      Subnets to host the kubectl compute resources.

      If not specified, the k8s endpoint is expected to be accessible publicly.

      Default: - k8s endpoint is expected to be accessible publicly

    • getKubectlProvider

      @Stability(Stable) @Nullable default IKubectlProvider getKubectlProvider()
      KubectlProvider for issuing kubectl commands.

      Default: - Default CDK provider

    • getKubectlRoleArn

      @Stability(Stable) @Nullable default String getKubectlRoleArn()
      An IAM role with cluster administrator and "system:masters" permissions.

      Default: - if not specified, it not be possible to issue `kubectl` commands against an imported cluster.

    • getKubectlSecurityGroupId

      @Stability(Stable) @Nullable default String getKubectlSecurityGroupId()
      A security group to use for kubectl execution.

      If not specified, the k8s endpoint is expected to be accessible publicly.

      Default: - k8s endpoint is expected to be accessible publicly

    • getOnEventLayer

      @Stability(Stable) @Nullable default ILayerVersion getOnEventLayer()
      An AWS Lambda Layer which includes the NPM dependency proxy-agent.

      This layer is used by the onEvent handler to route AWS SDK requests through a proxy.

      The handler expects the layer to include the following node_modules:

      proxy-agent

      Default: - a layer bundled with this module.

    • getOpenIdConnectProvider

      @Stability(Stable) @Nullable default IOpenIdConnectProvider getOpenIdConnectProvider()
      An Open ID Connect provider for this cluster that can be used to configure service accounts.

      You can either import an existing provider using iam.OpenIdConnectProvider.fromProviderArn, or create a new provider using new eks.OpenIdConnectProvider

      Default: - if not specified `cluster.openIdConnectProvider` and `cluster.addServiceAccount` will throw an error.

    • getPrune

      @Stability(Stable) @Nullable default Boolean getPrune()
      Indicates whether Kubernetes resources added through addManifest() can be automatically pruned.

      When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.

      Default: true

    • getSecurityGroupIds

      @Stability(Stable) @Nullable default List<String> getSecurityGroupIds()
      Additional security groups associated with this cluster.

      Default: - if not specified, no additional security groups will be considered in `cluster.connections`.

    • getVpc

      @Stability(Stable) @Nullable default IVpc getVpc()
      The VPC in which this Cluster was created.

      Default: - if not specified `cluster.vpc` will throw an error

    • builder

      @Stability(Stable) static ClusterAttributes.Builder builder()
      Returns:
      a ClusterAttributes.Builder of ClusterAttributes