Amazon Elastic Kubernetes Service
API Reference (API Version 2017-11-01)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

UpdateClusterConfig

Updates an Amazon EKS cluster configuration. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with the DescribeUpdate API operation.

You can use this API operation to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .

Note

CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see Amazon CloudWatch Pricing.

You can also use this API operation to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .

Important

At this time, you can not update the subnets or security group IDs for an existing cluster.

Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.

Request Syntax

POST /clusters/name/update-config HTTP/1.1 Content-type: application/json { "clientRequestToken": "string", "logging": { "clusterLogging": [ { "enabled": boolean, "types": [ "string" ] } ] }, "resourcesVpcConfig": { "endpointPrivateAccess": boolean, "endpointPublicAccess": boolean, "securityGroupIds": [ "string" ], "subnetIds": [ "string" ] } }

URI Request Parameters

The request requires the following URI parameters.

name

The name of the Amazon EKS cluster to update.

Request Body

The request accepts the following data in JSON format.

clientRequestToken

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

Type: String

Required: No

logging

Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .

Note

CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see Amazon CloudWatch Pricing.

Type: Logging object

Required: No

resourcesVpcConfig

An object representing the VPC configuration to use for an Amazon EKS cluster.

Type: VpcConfigRequest object

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "update": { "createdAt": number, "errors": [ { "errorCode": "string", "errorMessage": "string", "resourceIds": [ "string" ] } ], "id": "string", "params": [ { "type": "string", "value": "string" } ], "status": "string", "type": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

update

An object representing an asynchronous update.

Type: Update object

Errors

For information about the errors that are common to all actions, see Common Errors.

ClientException

These errors are usually caused by a client action. Actions can include using an action or resource on behalf of a user that doesn't have permissions to use the action or resource or specifying an identifier that is not valid.

HTTP Status Code: 400

InvalidParameterException

The specified parameter is invalid. Review the available parameters for the API request.

HTTP Status Code: 400

InvalidRequestException

The request is invalid given the state of the cluster. Check the state of the cluster and the associated operations.

HTTP Status Code: 400

ResourceInUseException

The specified resource is in use.

HTTP Status Code: 409

ResourceNotFoundException

The specified resource could not be found. You can view your available clusters with ListClusters. Amazon EKS clusters are Region-specific.

HTTP Status Code: 404

ServerException

These errors are usually caused by a server-side issue.

HTTP Status Code: 500

Examples

In the following example or examples, the Authorization header contents (AUTHPARAMS) must be replaced with an AWS Signature Version 4 signature. For more information about creating these signatures, see Signature Version 4 Signing Process in the AWS General Reference.

You need to learn how to sign HTTP requests only if you intend to manually create them. When you use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs to make requests to AWS, these tools automatically sign the requests for you with the access key that you specify when you configure the tools. When you use these tools, you don't need to learn how to sign requests yourself.

Example

The following example disables the Amazon EKS public API server endpoint for the eks-beta cluster.

Sample Request

POST /clusters/eks-beta/update-config HTTP/1.1 Host: eks.us-west-2.amazonaws.com Accept-Encoding: identity User-Agent: aws-cli/1.16.56 Python/3.7.0 Darwin/17.7.0 botocore/1.12.46 X-Amz-Date: 20190228T215632Z Authorization: AUTHPARAMS { "resourcesVpcConfig": { "endpointPublicAccess": false }, "clientRequestToken": "a6de6687-1ca1-43f1-b48b-94216f825c79" }

Sample Response

HTTP/1.1 200 OK Date: Thu, 28 Feb 2019 21:56:33 GMT Content-Type: application/json Content-Length: 254 x-amzn-RequestId: b5cc3dc8-3ba3-11e9-a848-01d90c7ee6d7 x-amz-apigw-id: V1LanEMJPHcFvTg= X-Amzn-Trace-Id: Root=1-5c785910-79fbf3674d4a5ddee4cf970f;Sampled=1 Connection: keep-alive { "update": { "id": "71abb011-b524-4983-b17f-c30baa1b5530", "status": "InProgress", "type": "EndpointAccessUpdate", "params": [ { "type": "EndpointPublicAccess", "value": "false" }, { "type": "EndpointPrivateAccess", "value": "true" } ], "createdAt": 1551390993.374, "errors": [] } }

Example

The following example enables exporting all cluster control plane logs to CloudWatch Logs.

Sample Request

POST /clusters/prod/update-config HTTP/1.1 Host: eks.us-west-2.amazonaws.com Accept-Encoding: identity User-Agent: aws-cli/1.16.120 Python/3.7.0 Darwin/18.2.0 botocore/1.12.110 X-Amz-Date: 20190322T162335Z Authorization: AUTHPARAMS { "logging": { "clusterLogging": [ { "types": [ "api", "audit", "authenticator", "controllerManager", "scheduler" ], "enabled": true } ] }, "clientRequestToken": "ceec3afd-1731-4a94-9a1f-26e0e7eb46b1" }

Sample Response

HTTP/1.1 200 OK Date: Fri, 22 Mar 2019 16:23:34 GMT Content-Type: application/json Content-Length: 313 x-amzn-RequestId: d6791f22-4cbe-11e9-82e1-ed8db84fbba9 x-amz-apigw-id: W87Q5HlCvHcFxDA= X-Amzn-Trace-Id: Root=1-5c950c05-15477600e07ec800d410cc00 Connection: keep-alive { "update": { "id": "883405c8-65c6-4758-8cee-2a7c1340a6d9", "status": "InProgress", "type": "LoggingUpdate", "params": [ { "type": "ClusterLogging", "value": "{\"clusterLogging\":[{\"types\":[\"api\",\"audit\",\"authenticator\",\"controllerManager\",\"scheduler\"],\"enabled\":true}]}" } ], "createdAt": 1553271814.684, "errors": [] } }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: