Interface CfnCluster.ResourcesVpcConfigProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnCluster.ResourcesVpcConfigProperty.Jsii$Proxy
- Enclosing class:
CfnCluster
When updating a resource, you must include these properties if the previous CloudFormation template of the resource had them:
EndpointPublicAccess
EndpointPrivateAccess
PublicAccessCidrs
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.eks.*; ResourcesVpcConfigProperty resourcesVpcConfigProperty = ResourcesVpcConfigProperty.builder() .subnetIds(List.of("subnetIds")) // the properties below are optional .endpointPrivateAccess(false) .endpointPublicAccess(false) .publicAccessCidrs(List.of("publicAccessCidrs")) .securityGroupIds(List.of("securityGroupIds")) .build();
- See Also:
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forCfnCluster.ResourcesVpcConfigProperty
static final class
An implementation forCfnCluster.ResourcesVpcConfigProperty
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
default Object
Set this value totrue
to enable private access for your cluster's Kubernetes API server endpoint.default Object
Set this value tofalse
to disable public access to your cluster's Kubernetes API server endpoint.The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane.Specify subnets for your Amazon EKS nodes.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getSubnetIds
Specify subnets for your Amazon EKS nodes.Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
- See Also:
-
getEndpointPrivateAccess
Set this value totrue
to enable private access for your cluster's Kubernetes API server endpoint.If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is
false
, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure thatpublicAccessCidrs
includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .- See Also:
-
getEndpointPublicAccess
Set this value tofalse
to disable public access to your cluster's Kubernetes API server endpoint.If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is
true
, which enables public access for your Kubernetes API server. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .- See Also:
-
getPublicAccessCidrs
The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is
0.0.0.0/0
. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and AWS FargatePod
in the cluster. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .- See Also:
-
getSecurityGroupIds
Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane.If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see Amazon EKS security group considerations in the Amazon EKS User Guide .
- See Also:
-
builder
-