Skip to content

/AWS1/CL_EKSVPCCONFIGRESPONSE

An object representing an Amazon EKS cluster VPC configuration response.

CONSTRUCTOR

IMPORTING

Optional arguments:

it_subnetids TYPE /AWS1/CL_EKSSTRINGLIST_W=>TT_STRINGLIST TT_STRINGLIST

The subnets associated with your cluster.

it_securitygroupids TYPE /AWS1/CL_EKSSTRINGLIST_W=>TT_STRINGLIST TT_STRINGLIST

The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your nodes and the Kubernetes control plane.

iv_clustersecuritygroupid TYPE /AWS1/EKSSTRING /AWS1/EKSSTRING

The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.

iv_vpcid TYPE /AWS1/EKSSTRING /AWS1/EKSSTRING

The VPC associated with your cluster.

iv_endpointpublicaccess TYPE /AWS1/EKSBOOLEAN /AWS1/EKSBOOLEAN

Whether the public API server endpoint is enabled.

iv_endpointprivateaccess TYPE /AWS1/EKSBOOLEAN /AWS1/EKSBOOLEAN

This parameter indicates whether the Amazon EKS private API server endpoint is enabled. If the Amazon EKS private API server endpoint is enabled, Kubernetes API requests that originate from within your cluster's VPC use the private VPC endpoint instead of traversing the internet. If this value is disabled and you have nodes or Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

it_publicaccesscidrs TYPE /AWS1/CL_EKSSTRINGLIST_W=>TT_STRINGLIST TT_STRINGLIST

The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0 and additionally ::/0 for dual-stack IPv6 clusters. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and Fargate Pod in the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

Note that the public endpoints are dual-stack for only IPv6 clusters that are made after October 2024. You can't add IPv6 CIDR blocks to IPv4 clusters or IPv6 clusters that were made before October 2024.

Queryable Attributes

subnetIds

The subnets associated with your cluster.

Accessible with the following methods

Method Description
GET_SUBNETIDS() Getter for SUBNETIDS, with configurable default
ASK_SUBNETIDS() Getter for SUBNETIDS w/ exceptions if field has no value
HAS_SUBNETIDS() Determine if SUBNETIDS has a value

securityGroupIds

The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your nodes and the Kubernetes control plane.

Accessible with the following methods

Method Description
GET_SECURITYGROUPIDS() Getter for SECURITYGROUPIDS, with configurable default
ASK_SECURITYGROUPIDS() Getter for SECURITYGROUPIDS w/ exceptions if field has no va
HAS_SECURITYGROUPIDS() Determine if SECURITYGROUPIDS has a value

clusterSecurityGroupId

The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.

Accessible with the following methods

Method Description
GET_CLUSTERSECURITYGROUPID() Getter for CLUSTERSECURITYGROUPID, with configurable default
ASK_CLUSTERSECURITYGROUPID() Getter for CLUSTERSECURITYGROUPID w/ exceptions if field has
HAS_CLUSTERSECURITYGROUPID() Determine if CLUSTERSECURITYGROUPID has a value

vpcId

The VPC associated with your cluster.

Accessible with the following methods

Method Description
GET_VPCID() Getter for VPCID, with configurable default
ASK_VPCID() Getter for VPCID w/ exceptions if field has no value
HAS_VPCID() Determine if VPCID has a value

endpointPublicAccess

Whether the public API server endpoint is enabled.

Accessible with the following methods

Method Description
GET_ENDPOINTPUBLICACCESS() Getter for ENDPOINTPUBLICACCESS

endpointPrivateAccess

This parameter indicates whether the Amazon EKS private API server endpoint is enabled. If the Amazon EKS private API server endpoint is enabled, Kubernetes API requests that originate from within your cluster's VPC use the private VPC endpoint instead of traversing the internet. If this value is disabled and you have nodes or Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

Accessible with the following methods

Method Description
GET_ENDPOINTPRIVATEACCESS() Getter for ENDPOINTPRIVATEACCESS

publicAccessCidrs

The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0 and additionally ::/0 for dual-stack IPv6 clusters. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and Fargate Pod in the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

Note that the public endpoints are dual-stack for only IPv6 clusters that are made after October 2024. You can't add IPv6 CIDR blocks to IPv4 clusters or IPv6 clusters that were made before October 2024.

Accessible with the following methods

Method Description
GET_PUBLICACCESSCIDRS() Getter for PUBLICACCESSCIDRS, with configurable default
ASK_PUBLICACCESSCIDRS() Getter for PUBLICACCESSCIDRS w/ exceptions if field has no v
HAS_PUBLICACCESSCIDRS() Determine if PUBLICACCESSCIDRS has a value