Class CfnAccessEntry
- All Implemented Interfaces:
IInspectable
,ITaggableV2
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
,software.constructs.IDependable
An access entry allows an IAM principal to access your cluster. Access entries can replace the need to maintain entries in the aws-auth
ConfigMap
for authentication. You have the following options for authorizing an IAM principal to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you to create and manage Kubernetes Role
, ClusterRole
, RoleBinding
, and ClusterRoleBinding
objects, in addition to managing access entries. If you use Amazon EKS authorization exclusively, you don't need to create and manage Kubernetes Role
, ClusterRole
, RoleBinding
, and ClusterRoleBinding
objects.
For more information about access entries, see Access entries in the Amazon EKS User Guide .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.eks.*; CfnAccessEntry cfnAccessEntry = CfnAccessEntry.Builder.create(this, "MyCfnAccessEntry") .clusterName("clusterName") .principalArn("principalArn") // the properties below are optional .accessPolicies(List.of(AccessPolicyProperty.builder() .accessScope(AccessScopeProperty.builder() .type("type") // the properties below are optional .namespaces(List.of("namespaces")) .build()) .policyArn("policyArn") .build())) .kubernetesGroups(List.of("kubernetesGroups")) .tags(List.of(CfnTag.builder() .key("key") .value("value") .build())) .type("type") .username("username") .build();
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic interface
An access policy includes permissions that allow Amazon EKS to authorize an IAM principal to work with Kubernetes objects on your cluster.static interface
The scope of anAccessPolicy
that's associated to anAccessEntry
.static final class
A fluent builder forCfnAccessEntry
.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
Nested classes/interfaces inherited from interface software.amazon.awscdk.ITaggableV2
ITaggableV2.Jsii$Default, ITaggableV2.Jsii$Proxy
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
ModifierConstructorDescriptionprotected
CfnAccessEntry
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
CfnAccessEntry
(software.amazon.jsii.JsiiObjectRef objRef) CfnAccessEntry
(software.constructs.Construct scope, String id, CfnAccessEntryProps props) -
Method Summary
Modifier and TypeMethodDescriptionThe access policies to associate to the access entry.The ARN of the access entry.Tag Manager which manages the tags for this resource.The name of your cluster.The value forname
that you've specified forkind: Group
as asubject
in a KubernetesRoleBinding
orClusterRoleBinding
object.The ARN of the IAM principal for theAccessEntry
.getTags()
Metadata that assists with categorization and organization.getType()
The type of the new access entry.The username to authenticate to Kubernetes with.void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
setAccessPolicies
(List<Object> value) The access policies to associate to the access entry.void
setAccessPolicies
(IResolvable value) The access policies to associate to the access entry.void
setClusterName
(String value) The name of your cluster.void
setKubernetesGroups
(List<String> value) The value forname
that you've specified forkind: Group
as asubject
in a KubernetesRoleBinding
orClusterRoleBinding
object.void
setPrincipalArn
(String value) The ARN of the IAM principal for theAccessEntry
.void
Metadata that assists with categorization and organization.void
The type of the new access entry.void
setUsername
(String value) The username to authenticate to Kubernetes with.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.constructs.Construct
getNode, isConstruct
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnAccessEntry
protected CfnAccessEntry(software.amazon.jsii.JsiiObjectRef objRef) -
CfnAccessEntry
protected CfnAccessEntry(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnAccessEntry
@Stability(Stable) public CfnAccessEntry(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnAccessEntryProps props) - Parameters:
scope
- Scope in which this resource is defined. This parameter is required.id
- Construct identifier for this resource (unique in its scope). This parameter is required.props
- Resource properties. This parameter is required.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrAccessEntryArn
The ARN of the access entry. -
getCdkTagManager
Tag Manager which manages the tags for this resource.- Specified by:
getCdkTagManager
in interfaceITaggableV2
-
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getClusterName
The name of your cluster. -
setClusterName
The name of your cluster. -
getPrincipalArn
The ARN of the IAM principal for theAccessEntry
. -
setPrincipalArn
The ARN of the IAM principal for theAccessEntry
. -
getAccessPolicies
The access policies to associate to the access entry. -
setAccessPolicies
The access policies to associate to the access entry. -
setAccessPolicies
The access policies to associate to the access entry. -
getKubernetesGroups
The value forname
that you've specified forkind: Group
as asubject
in a KubernetesRoleBinding
orClusterRoleBinding
object. -
setKubernetesGroups
The value forname
that you've specified forkind: Group
as asubject
in a KubernetesRoleBinding
orClusterRoleBinding
object. -
getTags
Metadata that assists with categorization and organization. -
setTags
Metadata that assists with categorization and organization. -
getType
The type of the new access entry.Valid values are
Standard
,FARGATE_LINUX
,EC2_LINUX
, andEC2_WINDOWS
. -
setType
The type of the new access entry.Valid values are
Standard
,FARGATE_LINUX
,EC2_LINUX
, andEC2_WINDOWS
. -
getUsername
The username to authenticate to Kubernetes with. -
setUsername
The username to authenticate to Kubernetes with.
-