Syntax Properties Return values Examples See also

AWS::EKS::Nodegroup

Creates a managed node group for an Amazon EKS cluster.

You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template.

For later updates, you will only be able to update a node group using a launch template only if it was originally deployed with a launch template. Additionally, the launch template ID or name must match what was used when the node group was created. You can update the launch template version with necessary changes. For more information about using launch templates, see Customizing managed nodes with launch templates.

An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see Managed node groups in the Amazon EKS User Guide.

Note

Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::EKS::Nodegroup",
  "Properties" : {
      "AmiType" : String,
      "CapacityType" : String,
      "ClusterName" : String,
      "DiskSize" : Integer,
      "ForceUpdateEnabled" : Boolean,
      "InstanceTypes" : [ String, ... ],
      "Labels" : {Key: Value, ...},
      "LaunchTemplate" : LaunchTemplateSpecification,
      "NodegroupName" : String,
      "NodeRepairConfig" : NodeRepairConfig,
      "NodeRole" : String,
      "ReleaseVersion" : String,
      "RemoteAccess" : RemoteAccess,
      "ScalingConfig" : ScalingConfig,
      "Subnets" : [ String, ... ],
      "Tags" : {Key: Value, ...},
      "Taints" : [ Taint, ... ],
      "UpdateConfig" : UpdateConfig,
      "Version" : String
    }
}

YAML


Type: AWS::EKS::Nodegroup
Properties:
  AmiType: String
  CapacityType: String
  ClusterName: String
  DiskSize: Integer
  ForceUpdateEnabled: Boolean
  InstanceTypes: 
    - String
  Labels: 
    Key: Value
  LaunchTemplate: 
    LaunchTemplateSpecification
  NodegroupName: String
  NodeRepairConfig: 
    NodeRepairConfig
  NodeRole: String
  ReleaseVersion: String
  RemoteAccess: 
    RemoteAccess
  ScalingConfig: 
    ScalingConfig
  Subnets: 
    - String
  Tags: 
    Key: Value
  Taints: 
    - Taint
  UpdateConfig: 
    UpdateConfig
  Version: String

Properties

AmiType

The AMI type for your node group. If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify amiType, or the node group deployment will fail. If your launch template uses a Windows custom AMI, then add eks:kube-proxy-windows to your Windows nodes rolearn in the aws-authConfigMap. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.

Required: No

Type: String

Update requires: Replacement

CapacityType

The capacity type of your managed node group.

Required: No

Type: String

Allowed values: ON_DEMAND | SPOT | CAPACITY_BLOCK

Update requires: Replacement

ClusterName

The name of your cluster.

Required: Yes

Type: String

Minimum: 1

Update requires: Replacement

DiskSize

The root device disk size (in GiB) for your node group instances. The default disk size is 20 GiB for Linux and Bottlerocket. The default disk size is 50 GiB for Windows. If you specify launchTemplate, then don't specify diskSize, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.

Required: No

Type: Integer

Update requires: Replacement

ForceUpdateEnabled

Force the update if any Pod on the existing node group can't be drained due to a Pod disruption budget issue. If an update fails because all Pods can't be drained, you can force the update after it fails to terminate the old node whether or not any Pod is running on the node.

Required: No

Type: Boolean

Update requires: No interruption

InstanceTypes

Specify the instance types for a node group. If you specify a GPU instance type, make sure to also specify an applicable GPU AMI type with the amiType parameter. If you specify launchTemplate, then you can specify zero or one instance type in your launch template or you can specify 0-20 instance types for instanceTypes. If however, you specify an instance type in your launch template and specify any instanceTypes, the node group deployment will fail. If you don't specify an instance type in a launch template or for instanceTypes, then t3.medium is used, by default. If you specify Spot for capacityType, then we recommend specifying multiple values for instanceTypes. For more information, see Managed node group capacity types and Customizing managed nodes with launch templates in the Amazon EKS User Guide.

Required: No

Type: Array of String

Update requires: Replacement

Labels

The Kubernetes labels applied to the nodes in the node group.

Note

Only labels that are applied with the Amazon EKS API are shown here. There may be other Kubernetes labels applied to the nodes in this group.

Required: No

Type: Object of String

Pattern: ^.+$

Update requires: No interruption

LaunchTemplate

An object representing a node group's launch template specification. When using this object, don't directly specify instanceTypes, diskSize, or remoteAccess. You cannot later specify a different launch template ID or name than what was used to create the node group.

Make sure that the launch template meets the requirements in launchTemplateSpecification. Also refer to Customizing managed nodes with launch templates in the Amazon EKS User Guide.

Required: No

Type: LaunchTemplateSpecification

Update requires: No interruption

NodegroupName

The unique name to give your node group.

Required: No

Type: String

Minimum: 1

Update requires: Replacement

NodeRepairConfig

The node auto repair configuration for the node group.

Required: No

Type: NodeRepairConfig

Update requires: No interruption

NodeRole

The Amazon Resource Name (ARN) of the IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch nodes and register them into a cluster, you must create an IAM role for those nodes to use when they are launched. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide . If you specify launchTemplate, then don't specify IamInstanceProfile in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.

Required: Yes

Type: String

Update requires: Replacement

ReleaseVersion

The AMI version of the Amazon EKS optimized AMI to use with your node group (for example, 1.14.7-YYYYMMDD). By default, the latest available AMI version for the node group's current Kubernetes version is used. For more information, see Amazon EKS optimized Linux AMI Versions in the Amazon EKS User Guide.

Note

Changing this value triggers an update of the node group if one is available. You can't update other properties at the same time as updating Release Version.

Required: No

Type: String

Update requires: No interruption

RemoteAccess

The remote access configuration to use with your node group. For Linux, the protocol is SSH. For Windows, the protocol is RDP. If you specify launchTemplate, then don't specify remoteAccess, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.

Required: No

Type: RemoteAccess

Update requires: Replacement

ScalingConfig

The scaling configuration details for the Auto Scaling group that is created for your node group.

Required: No

Type: ScalingConfig

Update requires: No interruption

Subnets

The subnets to use for the Auto Scaling group that is created for your node group. If you specify launchTemplate, then don't specify SubnetId in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.

Required: Yes

Type: Array of String

Update requires: Replacement

Tags

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources.

Required: No

Type: Object of String

Pattern: ^.+$

Update requires: No interruption

Taints

The Kubernetes taints to be applied to the nodes in the node group when they are created. Effect is one of No_Schedule, Prefer_No_Schedule, or No_Execute. Kubernetes taints can be used together with tolerations to control how workloads are scheduled to your nodes. For more information, see Node taints on managed node groups.

Required: No

Type: Array of Taint

Update requires: No interruption

UpdateConfig

The node group update configuration.

Required: No

Type: UpdateConfig

Update requires: No interruption

Version

The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value. If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify version, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.

Note

You can't update other properties at the same time as updating Version.

Required: No

Type: String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name. For example:

{ "Ref": "myNodegroup" }

For the Amazon EKS node group myNodegroup, Ref returns the physical resource ID of the node group. For example, cluster-name/nodegroup_name.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn: The Amazon Resource Name (ARN) associated with the managed node group.
ClusterName: The name of your cluster.
NodegroupName: The name associated with an Amazon EKS managed node group.

Examples

Create a managed node group

The following example creates an Amazon EKS managed node group named standard in the prod cluster.

JSON


{
    "Resources": {
        "EKSNodegroup": {
            "Type": "AWS::EKS::Nodegroup",
            "Properties": {
                "ClusterName": "prod",
                "NodeRole": "arn:aws:iam::012345678910:role/eksInstanceRole",
                "ScalingConfig": {
                    "MinSize": 3,
                    "DesiredSize": 5,
                    "MaxSize": 7
                },
                "Labels": {
                    "Key1": "Value1",
                    "Key2": "Value2"
                },
                "Subnets": [
                    "subnet-6782e71e",
                    "subnet-e7e761ac"
                ]
            }
        }
    }
}

YAML


Resources:
  EKSNodegroup:
    Type: 'AWS::EKS::Nodegroup'
    Properties:
      ClusterName: prod
      NodeRole: 'arn:aws:iam::012345678910:role/eksInstanceRole'
      ScalingConfig:
        MinSize: 3
        DesiredSize: 5
        MaxSize: 7
      Labels:
        Key1: Value1
        Key2: Value2
      Subnets:
        - subnet-6782e71e
        - subnet-e7e761ac