From 781300ed05dd170bdec7e216c979f727dbc5f399 Mon Sep 17 00:00:00 2001 From: aws-sdk-go-automation <43143561+aws-sdk-go-automation@users.noreply.github.com> Date: Mon, 3 Jun 2024 14:25:23 -0400 Subject: [PATCH] Release v1.53.15 (2024-06-03) (#5276) Release v1.53.15 (2024-06-03) === ### Service Client Updates * `service/amplify`: Updates service documentation * `service/batch`: Updates service API and documentation * This release adds support for the AWS Batch GetJobQueueSnapshot API operation. * `service/eks`: Updates service API and documentation * `service/iottwinmaker`: Updates service API --- CHANGELOG.md | 10 + aws/endpoints/defaults.go | 45 --- aws/version.go | 2 +- models/apis/amplify/2017-07-25/docs-2.json | 22 +- models/apis/batch/2016-08-10/api-2.json | 45 +++ models/apis/batch/2016-08-10/docs-2.json | 35 ++- models/apis/eks/2017-11-01/api-2.json | 55 +++- models/apis/eks/2017-11-01/docs-2.json | 69 +++-- .../apis/iottwinmaker/2021-11-29/api-2.json | 7 +- models/endpoints/endpoints.json | 42 +-- service/amplify/api.go | 68 +++-- service/batch/api.go | 277 ++++++++++++++++- service/batch/batchiface/interface.go | 4 + service/eks/api.go | 289 +++++++++++++++--- service/iottwinmaker/api.go | 4 + 15 files changed, 788 insertions(+), 186 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 94340589bf7..82acd9b5304 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +Release v1.53.15 (2024-06-03) +=== + +### Service Client Updates +* `service/amplify`: Updates service documentation +* `service/batch`: Updates service API and documentation + * This release adds support for the AWS Batch GetJobQueueSnapshot API operation. +* `service/eks`: Updates service API and documentation +* `service/iottwinmaker`: Updates service API + Release v1.53.14 (2024-05-31) === diff --git a/aws/endpoints/defaults.go b/aws/endpoints/defaults.go index fa5625df41f..02e58be383e 100644 --- a/aws/endpoints/defaults.go +++ b/aws/endpoints/defaults.go @@ -45743,42 +45743,12 @@ var awsisoPartition = partition{ }, "ram": service{ Endpoints: serviceEndpoints{ - endpointKey{ - Region: "fips-us-iso-east-1", - }: endpoint{ - Hostname: "ram-fips.us-iso-east-1.c2s.ic.gov", - CredentialScope: credentialScope{ - Region: "us-iso-east-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-iso-west-1", - }: endpoint{ - Hostname: "ram-fips.us-iso-west-1.c2s.ic.gov", - CredentialScope: credentialScope{ - Region: "us-iso-west-1", - }, - Deprecated: boxedTrue, - }, endpointKey{ Region: "us-iso-east-1", }: endpoint{}, - endpointKey{ - Region: "us-iso-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "ram-fips.us-iso-east-1.c2s.ic.gov", - }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, - endpointKey{ - Region: "us-iso-west-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "ram-fips.us-iso-west-1.c2s.ic.gov", - }, }, }, "rbin": service{ @@ -46866,24 +46836,9 @@ var awsisobPartition = partition{ }, "ram": service{ Endpoints: serviceEndpoints{ - endpointKey{ - Region: "fips-us-isob-east-1", - }: endpoint{ - Hostname: "ram-fips.us-isob-east-1.sc2s.sgov.gov", - CredentialScope: credentialScope{ - Region: "us-isob-east-1", - }, - Deprecated: boxedTrue, - }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, - endpointKey{ - Region: "us-isob-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "ram-fips.us-isob-east-1.sc2s.sgov.gov", - }, }, }, "rbin": service{ diff --git a/aws/version.go b/aws/version.go index 60b9f8636f6..70477d98882 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.53.14" +const SDKVersion = "1.53.15" diff --git a/models/apis/amplify/2017-07-25/docs-2.json b/models/apis/amplify/2017-07-25/docs-2.json index f11f6191ad3..29753d9e85b 100644 --- a/models/apis/amplify/2017-07-25/docs-2.json +++ b/models/apis/amplify/2017-07-25/docs-2.json @@ -3,13 +3,13 @@ "service": "
Amplify enables developers to develop and deploy cloud-powered mobile and web apps. Amplify Hosting provides a continuous delivery and hosting service for web applications. For more information, see the Amplify Hosting User Guide. The Amplify Framework is a comprehensive set of SDKs, libraries, tools, and documentation for client app development. For more information, see the Amplify Framework.
", "operations": { "CreateApp": "Creates a new Amplify app.
", - "CreateBackendEnvironment": "Creates a new backend environment for an Amplify app.
This API is available only to Amplify Gen 1 applications where the backend is created using Amplify Studio or the Amplify command line interface (CLI). This API isn’t available to applications created using the Amplify Gen 2 public preview. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", + "CreateBackendEnvironment": "Creates a new backend environment for an Amplify app.
This API is available only to Amplify Gen 1 applications where the backend is created using Amplify Studio or the Amplify command line interface (CLI). This API isn’t available to Amplify Gen 2 applications. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", "CreateBranch": "Creates a new branch for an Amplify app.
", "CreateDeployment": "Creates a deployment for a manually deployed Amplify app. Manually deployed apps are not connected to a repository.
The maximum duration between the CreateDeployment
call and the StartDeployment
call cannot exceed 8 hours. If the duration exceeds 8 hours, the StartDeployment
call and the associated Job
will fail.
Creates a new domain association for an Amplify app. This action associates a custom domain with the Amplify app
", "CreateWebhook": "Creates a new webhook on an Amplify app.
", "DeleteApp": "Deletes an existing Amplify app specified by an app ID.
", - "DeleteBackendEnvironment": "Deletes a backend environment for an Amplify app.
This API is available only to Amplify Gen 1 applications where the backend was created using Amplify Studio or the Amplify command line interface (CLI). This API isn’t available to applications created using the Amplify Gen 2 public preview. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", + "DeleteBackendEnvironment": "Deletes a backend environment for an Amplify app.
This API is available only to Amplify Gen 1 applications where the backend is created using Amplify Studio or the Amplify command line interface (CLI). This API isn’t available to Amplify Gen 2 applications. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", "DeleteBranch": "Deletes a branch for an Amplify app.
", "DeleteDomainAssociation": "Deletes a domain association for an Amplify app.
", "DeleteJob": "Deletes a job for a branch of an Amplify app.
", @@ -17,14 +17,14 @@ "GenerateAccessLogs": "Returns the website access logs for a specific time range using a presigned URL.
", "GetApp": "Returns an existing Amplify app specified by an app ID.
", "GetArtifactUrl": "Returns the artifact info that corresponds to an artifact id.
", - "GetBackendEnvironment": "Returns a backend environment for an Amplify app.
This API is available only to Amplify Gen 1 applications where the backend was created using Amplify Studio or the Amplify command line interface (CLI). This API isn’t available to applications created using the Amplify Gen 2 public preview. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", + "GetBackendEnvironment": "Returns a backend environment for an Amplify app.
This API is available only to Amplify Gen 1 applications where the backend is created using Amplify Studio or the Amplify command line interface (CLI). This API isn’t available to Amplify Gen 2 applications. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", "GetBranch": "Returns a branch for an Amplify app.
", "GetDomainAssociation": "Returns the domain information for an Amplify app.
", "GetJob": "Returns a job for a branch of an Amplify app.
", "GetWebhook": "Returns the webhook information that corresponds to a specified webhook ID.
", "ListApps": "Returns a list of the existing Amplify apps.
", "ListArtifacts": "Returns a list of artifacts for a specified app, branch, and job.
", - "ListBackendEnvironments": "Lists the backend environments for an Amplify app.
This API is available only to Amplify Gen 1 applications where the backend was created using Amplify Studio or the Amplify command line interface (CLI). This API isn’t available to applications created using the Amplify Gen 2 public preview. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", + "ListBackendEnvironments": "Lists the backend environments for an Amplify app.
This API is available only to Amplify Gen 1 applications where the backend is created using Amplify Studio or the Amplify command line interface (CLI). This API isn’t available to Amplify Gen 2 applications. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", "ListBranches": "Lists the branches of an Amplify app.
", "ListDomainAssociations": "Returns the domain associations for an Amplify app.
", "ListJobs": "Lists the jobs for a branch of an Amplify app.
", @@ -205,15 +205,15 @@ } }, "Backend": { - "base": "Describes the backend properties associated with an Amplify Branch
.
Describes the backend associated with an Amplify Branch
.
This property is available to Amplify Gen 2 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", "refs": { "Branch$backend": null, - "CreateBranchRequest$backend": "The backend for a Branch
of an Amplify app. Use for a backend created from an CloudFormation stack.
The backend for a Branch
of an Amplify app. Use for a backend created from an CloudFormation stack.
The backend for a Branch
of an Amplify app. Use for a backend created from an CloudFormation stack.
This field is available to Amplify Gen 2 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", + "UpdateBranchRequest$backend": "The backend for a Branch
of an Amplify app. Use for a backend created from an CloudFormation stack.
This field is available to Amplify Gen 2 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
" } }, "BackendEnvironment": { - "base": "Describes the backend environment for an Amplify app.
", + "base": "Describes the backend environment associated with a Branch
of a Gen 1 Amplify app. Amplify Gen 1 applications are created using Amplify Studio or the Amplify command line interface (CLI).
Describes the backend environment for an Amplify app.
", @@ -225,9 +225,9 @@ "base": null, "refs": { "BackendEnvironment$backendEnvironmentArn": "The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.
", - "Branch$backendEnvironmentArn": "The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.
", - "CreateBranchRequest$backendEnvironmentArn": "The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.
", - "UpdateBranchRequest$backendEnvironmentArn": "The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.
" + "Branch$backendEnvironmentArn": "The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.
This property is available to Amplify Gen 1 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
", + "CreateBranchRequest$backendEnvironmentArn": "The Amazon Resource Name (ARN) for a backend environment that is part of a Gen 1 Amplify app.
This field is available to Amplify Gen 1 apps only where the backend is created using Amplify Studio or the Amplify command line interface (CLI).
", + "UpdateBranchRequest$backendEnvironmentArn": "The Amazon Resource Name (ARN) for a backend environment that is part of a Gen 1 Amplify app.
This field is available to Amplify Gen 1 apps only where the backend is created using Amplify Studio or the Amplify command line interface (CLI).
" } }, "BackendEnvironments": { diff --git a/models/apis/batch/2016-08-10/api-2.json b/models/apis/batch/2016-08-10/api-2.json index f2f8ab83ddc..b1e74cf89e9 100644 --- a/models/apis/batch/2016-08-10/api-2.json +++ b/models/apis/batch/2016-08-10/api-2.json @@ -5,6 +5,7 @@ "endpointPrefix":"batch", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"AWS Batch", "serviceFullName":"AWS Batch", "serviceId":"Batch", @@ -181,6 +182,19 @@ {"shape":"ServerException"} ] }, + "GetJobQueueSnapshot":{ + "name":"GetJobQueueSnapshot", + "http":{ + "method":"POST", + "requestUri":"/v1/getjobqueuesnapshot" + }, + "input":{"shape":"GetJobQueueSnapshotRequest"}, + "output":{"shape":"GetJobQueueSnapshotResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ] + }, "ListJobs":{ "name":"ListJobs", "http":{ @@ -1279,6 +1293,37 @@ } }, "Float":{"type":"float"}, + "FrontOfQueueDetail":{ + "type":"structure", + "members":{ + "jobs":{"shape":"FrontOfQueueJobSummaryList"}, + "lastUpdatedAt":{"shape":"Long"} + } + }, + "FrontOfQueueJobSummary":{ + "type":"structure", + "members":{ + "jobArn":{"shape":"String"}, + "earliestTimeAtPosition":{"shape":"Long"} + } + }, + "FrontOfQueueJobSummaryList":{ + "type":"list", + "member":{"shape":"FrontOfQueueJobSummary"} + }, + "GetJobQueueSnapshotRequest":{ + "type":"structure", + "required":["jobQueue"], + "members":{ + "jobQueue":{"shape":"String"} + } + }, + "GetJobQueueSnapshotResponse":{ + "type":"structure", + "members":{ + "frontOfQueue":{"shape":"FrontOfQueueDetail"} + } + }, "Host":{ "type":"structure", "members":{ diff --git a/models/apis/batch/2016-08-10/docs-2.json b/models/apis/batch/2016-08-10/docs-2.json index 5ebc39a37fb..52e6d86e632 100644 --- a/models/apis/batch/2016-08-10/docs-2.json +++ b/models/apis/batch/2016-08-10/docs-2.json @@ -15,6 +15,7 @@ "DescribeJobQueues": "Describes one or more of your job queues.
", "DescribeJobs": "Describes a list of Batch jobs.
", "DescribeSchedulingPolicies": "Describes one or more of your scheduling policies.
", + "GetJobQueueSnapshot": "Provides a list of the first 100 RUNNABLE
jobs associated to a single job queue.
Returns a list of Batch jobs.
You must specify only one of the following items:
A job queue ID to return a list of jobs in that job queue
A multi-node parallel job ID to return a list of nodes for that job
An array job ID to return a list of the children for that job
You can filter the results by job status with the jobStatus
parameter. If you don't specify a status, only RUNNING
jobs are returned.
Returns a list of Batch scheduling policies.
", "ListTagsForResource": "Lists the tags for an Batch resource. Batch resources that support tags are compute environments, jobs, job definitions, job queues, and scheduling policies. ARNs for child jobs of array and multi-node parallel (MNP) jobs aren't supported.
", @@ -726,6 +727,34 @@ "ShareAttributes$weightFactor": "The weight factor for the fair share identifier. The default value is 1.0. A lower value has a higher priority for compute resources. For example, jobs that use a share identifier with a weight factor of 0.125 (1/8) get 8 times the compute resources of jobs that use a share identifier with a weight factor of 1.
The smallest supported value is 0.0001, and the largest supported value is 999.9999.
" } }, + "FrontOfQueueDetail": { + "base": "Contains a list of the first 100 RUNNABLE
jobs associated to a single job queue.
The list of the first 100 RUNNABLE
jobs in each job queue. For first-in-first-out (FIFO) job queues, jobs are ordered based on their submission time. For fair share scheduling (FSS) job queues, jobs are ordered based on their job priority and share usage.
An object that represents summary details for the first 100 RUNNABLE
jobs in a job queue.
The Amazon Resource Names (ARNs) of the first 100 RUNNABLE
jobs in a named job queue. For first-in-first-out (FIFO) job queues, jobs are ordered based on their submission time. For fair share scheduling (FSS) job queues, jobs are ordered based on their job priority and share usage.
Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running.
", "refs": { @@ -806,7 +835,7 @@ "LinuxParameters$sharedMemorySize": "The value for the size (in MiB) of the /dev/shm
volume. This parameter maps to the --shm-size
option to docker run.
This parameter isn't applicable to jobs that are running on Fargate resources. Don't provide it for these jobs.
The total amount of swap memory (in MiB) a container can use. This parameter is translated to the --memory-swap
option to docker run where the value is the sum of the container memory plus the maxSwap
value. For more information, see --memory-swap
details in the Docker documentation.
If a maxSwap
value of 0
is specified, the container doesn't use swap. Accepted values are 0
or any positive integer. If the maxSwap
parameter is omitted, the container doesn't use the swap configuration for the container instance that it's running on. A maxSwap
value must be set for the swappiness
parameter to be used.
This parameter isn't applicable to jobs that are running on Fargate resources. Don't provide it for these jobs.
You can use this parameter to tune a container's memory swappiness behavior. A swappiness
value of 0
causes swapping to not occur unless absolutely necessary. A swappiness
value of 100
causes pages to be swapped aggressively. Valid values are whole numbers between 0
and 100
. If the swappiness
parameter isn't specified, a default value of 60
is used. If a value isn't specified for maxSwap
, then this parameter is ignored. If maxSwap
is set to 0, the container doesn't use swap. This parameter maps to the --memory-swappiness
option to docker run.
Consider the following when you use a per-container swap configuration.
Swap space must be enabled and allocated on the container instance for the containers to use.
By default, the Amazon ECS optimized AMIs don't have swap enabled. You must enable swap on the instance to use this feature. For more information, see Instance store swap volumes in the Amazon EC2 User Guide for Linux Instances or How do I allocate memory to work as swap space in an Amazon EC2 instance by using a swap file?
The swap space parameters are only supported for job definitions using EC2 resources.
If the maxSwap
and swappiness
parameters are omitted from a job definition, each container has a default swappiness
value of 60. Moreover, the total swap usage is limited to two times the memory reservation of the container.
This parameter isn't applicable to jobs that are running on Fargate resources. Don't provide it for these jobs.
The maximum number of results returned by ListJobs
in paginated output. When this parameter is used, ListJobs
only returns maxResults
results in a single page and a nextToken
response element. The remaining results of the initial request can be seen by sending another ListJobs
request with the returned nextToken
value. This value can be between 1 and 100. If this parameter isn't used, then ListJobs
returns up to 100 results and a nextToken
value if applicable.
The maximum number of results returned by ListJobs
in a paginated output. When this parameter is used, ListJobs
returns up to maxResults
results in a single page and a nextToken
response element, if applicable. The remaining results of the initial request can be seen by sending another ListJobs
request with the returned nextToken
value.
The following outlines key parameters and limitations:
The minimum value is 1.
When --job-status
is used, Batch returns up to 1000 values.
When --filters
is used, Batch returns up to 100 values.
If neither parameter is used, then ListJobs
returns up to 1000 results (jobs that are in the RUNNING
status) and a nextToken
value, if applicable.
The maximum number of results that's returned by ListSchedulingPolicies
in paginated output. When this parameter is used, ListSchedulingPolicies
only returns maxResults
results in a single page and a nextToken
response element. You can see the remaining results of the initial request by sending another ListSchedulingPolicies
request with the returned nextToken
value. This value can be between 1 and 100. If this parameter isn't used, ListSchedulingPolicies
returns up to 100 results and a nextToken
value if applicable.
The node index for the node. Node index numbering starts at zero. This index is also available on the node with the AWS_BATCH_JOB_NODE_INDEX
environment variable.
The number of nodes to use with a multi-node parallel job. This value overrides the number of nodes that are specified in the job definition. To use this override, you must meet the following conditions:
There must be at least one node range in your job definition that has an open upper boundary, such as :
or n:
.
The lower boundary of the node range that's specified in the job definition must be fewer than the number of nodes specified in the override.
The main node index that's specified in the job definition must be fewer than the number of nodes specified in the override.
The Unix timestamp (in milliseconds) for when the attempt was stopped. This happens when the attempt transitioned from the RUNNING
state to a terminal state, such as SUCCEEDED
or FAILED
.
When this parameter is specified, the container is run as the specified user ID (uid
). If this parameter isn't specified, the default is the user that's specified in the image metadata. This parameter maps to RunAsUser
and MustRanAs
policy in the Users and groups pod security policies in the Kubernetes documentation.
When this parameter is specified, the container is run as the specified group ID (gid
). If this parameter isn't specified, the default is the group that's specified in the image metadata. This parameter maps to RunAsGroup
and MustRunAs
policy in the Users and groups pod security policies in the Kubernetes documentation.
The Unix timestamp (in milliseconds) for when each of the first 100 RUNNABLE
jobs were last updated.
The Unix timestamp (in milliseconds) for when the job transitioned to its current position in the job queue.
", "JobDetail$createdAt": "The Unix timestamp (in milliseconds) for when the job was created. For non-array jobs and parent array jobs, this is when the job entered the SUBMITTED
state. This is specifically at the time SubmitJob was called. For array child jobs, this is when the child job was spawned by its parent and entered the PENDING
state.
The Unix timestamp (in milliseconds) for when the job was started. More specifically, it's when the job transitioned from the STARTING
state to the RUNNING
state.
The Unix timestamp (in milliseconds) for when the job was stopped. More specifically, it's when the job transitioned from the RUNNING
state to a terminal state, such as SUCCEEDED
or FAILED
.
Contains a glob pattern to match against the Reason
returned for a job. The pattern can contain up to 512 characters. It can contain letters, numbers, periods (.), colons (:), and white space (including spaces and tabs). It can optionally end with an asterisk (*) so that only the start of the string needs to be an exact match.
Contains a glob pattern to match against the decimal representation of the ExitCode
returned for a job. The pattern can be up to 512 characters long. It can contain only numbers, and can end with an asterisk (*) so that only the start of the string needs to be an exact match.
The string can contain up to 512 characters.
", "FargatePlatformConfiguration$platformVersion": "The Fargate platform version where the jobs are running. A platform version is specified only for jobs that are running on Fargate resources. If one isn't specified, the LATEST
platform version is used by default. This uses a recent, approved version of the Fargate platform for compute resources. For more information, see Fargate platform versions in the Amazon Elastic Container Service Developer Guide.
The ARN for a job in a named job queue.
", + "GetJobQueueSnapshotRequest$jobQueue": "The job queue’s name or full queue Amazon Resource Name (ARN).
", "Host$sourcePath": "The path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If this parameter contains a file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the source path location doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported.
This parameter isn't applicable to jobs that run on Fargate resources. Don't provide this for these jobs.
Provides a unique identifier for the ImagePullSecret
. This object is required when EksPodProperties$imagePullSecrets
is used.
The name of the job definition.
", diff --git a/models/apis/eks/2017-11-01/api-2.json b/models/apis/eks/2017-11-01/api-2.json index 8041b493f1b..63332c76c4f 100644 --- a/models/apis/eks/2017-11-01/api-2.json +++ b/models/apis/eks/2017-11-01/api-2.json @@ -5,6 +5,7 @@ "endpointPrefix":"eks", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"Amazon EKS", "serviceFullName":"Amazon Elastic Kubernetes Service", "serviceId":"EKS", @@ -982,7 +983,8 @@ "publisher":{"shape":"String"}, "owner":{"shape":"String"}, "marketplaceInformation":{"shape":"MarketplaceInformation"}, - "configurationValues":{"shape":"String"} + "configurationValues":{"shape":"String"}, + "podIdentityAssociations":{"shape":"StringList"} } }, "AddonHealth":{ @@ -1020,13 +1022,41 @@ "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", - "K8sResourceNotFound" + "K8sResourceNotFound", + "AddonSubscriptionNeeded", + "AddonPermissionFailure" ] }, "AddonIssueList":{ "type":"list", "member":{"shape":"AddonIssue"} }, + "AddonPodIdentityAssociations":{ + "type":"structure", + "required":[ + "serviceAccount", + "roleArn" + ], + "members":{ + "serviceAccount":{"shape":"String"}, + "roleArn":{"shape":"String"} + } + }, + "AddonPodIdentityAssociationsList":{ + "type":"list", + "member":{"shape":"AddonPodIdentityAssociations"} + }, + "AddonPodIdentityConfiguration":{ + "type":"structure", + "members":{ + "serviceAccount":{"shape":"String"}, + "recommendedManagedPolicies":{"shape":"StringList"} + } + }, + "AddonPodIdentityConfigurationList":{ + "type":"list", + "member":{"shape":"AddonPodIdentityConfiguration"} + }, "AddonStatus":{ "type":"string", "enum":[ @@ -1046,7 +1076,8 @@ "addonVersion":{"shape":"String"}, "architecture":{"shape":"StringList"}, "compatibilities":{"shape":"Compatibilities"}, - "requiresConfiguration":{"shape":"Boolean"} + "requiresConfiguration":{"shape":"Boolean"}, + "requiresIamPermissions":{"shape":"Boolean"} } }, "AddonVersionInfoList":{ @@ -1439,7 +1470,8 @@ "idempotencyToken":true }, "tags":{"shape":"TagMap"}, - "configurationValues":{"shape":"String"} + "configurationValues":{"shape":"String"}, + "podIdentityAssociations":{"shape":"AddonPodIdentityAssociationsList"} } }, "CreateAddonResponse":{ @@ -1848,7 +1880,8 @@ "members":{ "addonName":{"shape":"String"}, "addonVersion":{"shape":"String"}, - "configurationSchema":{"shape":"String"} + "configurationSchema":{"shape":"String"}, + "podIdentityConfiguration":{"shape":"AddonPodIdentityConfigurationList"} } }, "DescribeAddonRequest":{ @@ -3182,7 +3215,8 @@ "associationId":{"shape":"String"}, "tags":{"shape":"TagMap"}, "createdAt":{"shape":"Timestamp"}, - "modifiedAt":{"shape":"Timestamp"} + "modifiedAt":{"shape":"Timestamp"}, + "ownerArn":{"shape":"String"} } }, "PodIdentityAssociationSummaries":{ @@ -3196,7 +3230,8 @@ "namespace":{"shape":"String"}, "serviceAccount":{"shape":"String"}, "associationArn":{"shape":"String"}, - "associationId":{"shape":"String"} + "associationId":{"shape":"String"}, + "ownerArn":{"shape":"String"} } }, "Provider":{ @@ -3483,7 +3518,8 @@ "shape":"String", "idempotencyToken":true }, - "configurationValues":{"shape":"String"} + "configurationValues":{"shape":"String"}, + "podIdentityAssociations":{"shape":"AddonPodIdentityAssociationsList"} } }, "UpdateAddonResponse":{ @@ -3675,7 +3711,8 @@ "ConfigurationValues", "SecurityGroups", "Subnets", - "AuthenticationMode" + "AuthenticationMode", + "PodIdentityAssociations" ] }, "UpdateParams":{ diff --git a/models/apis/eks/2017-11-01/docs-2.json b/models/apis/eks/2017-11-01/docs-2.json index 329e8557542..f7931c5e401 100644 --- a/models/apis/eks/2017-11-01/docs-2.json +++ b/models/apis/eks/2017-11-01/docs-2.json @@ -7,10 +7,10 @@ "AssociateIdentityProviderConfig": "Associates an identity provider configuration to a cluster.
If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes Role
and ClusterRole
objects, assign permissions to them, and then bind them to the identities using Kubernetes RoleBinding
and ClusterRoleBinding
objects. For more information see Using RBAC Authorization in the Kubernetes documentation.
Creates an access entry.
An access entry allows an IAM principal to access your cluster. Access entries can replace the need to maintain entries in the aws-auth
ConfigMap
for authentication. You have the following options for authorizing an IAM principal to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you to create and manage Kubernetes Role
, ClusterRole
, RoleBinding
, and ClusterRoleBinding
objects, in addition to managing access entries. If you use Amazon EKS authorization exclusively, you don't need to create and manage Kubernetes Role
, ClusterRole
, RoleBinding
, and ClusterRoleBinding
objects.
For more information about access entries, see Access entries in the Amazon EKS User Guide.
", "CreateAddon": "Creates an Amazon EKS add-on.
Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. For more information, see Amazon EKS add-ons in the Amazon EKS User Guide.
", - "CreateCluster": "Creates an Amazon EKS control plane.
The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd
and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec
, logs
, and proxy
data flows).
Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
You can use the endpointPublicAccess
and endpointPrivateAccess
parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .
You can use the logging
parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.
In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Managing Cluster Authentication and Launching Amazon EKS nodes in the Amazon EKS User Guide.
", + "CreateCluster": "Creates an Amazon EKS control plane.
The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd
and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec
, logs
, and proxy
data flows).
Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
You can use the endpointPublicAccess
and endpointPrivateAccess
parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .
You can use the logging
parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.
In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Allowing users to access your cluster and Launching Amazon EKS nodes in the Amazon EKS User Guide.
", "CreateEksAnywhereSubscription": "Creates an EKS Anywhere subscription. When a subscription is created, it is a contract agreement for the length of the term specified in the request. Licenses that are used to validate support are provisioned in Amazon Web Services License Manager and the caller account is granted access to EKS Anywhere Curated Packages.
", "CreateFargateProfile": "Creates an Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.
The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.
When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes Role Based Access Control (RBAC) for authorization so that the kubelet
that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see Pod Execution Role in the Amazon EKS User Guide.
Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.
If any Fargate profiles in a cluster are in the DELETING
status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.
For more information, see Fargate profile in the Amazon EKS User Guide.
", - "CreateNodegroup": "Creates a managed node group for an Amazon EKS cluster.
You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see Launch template support.
An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by Amazon Web Services for an Amazon EKS cluster. For more information, see Managed node groups in the Amazon EKS User Guide.
Windows AMI types are only supported for commercial Amazon Web Services Regions that support Windows on Amazon EKS.
Creates a managed node group for an Amazon EKS cluster.
You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see Customizing managed nodes with launch templates.
An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by Amazon Web Services for an Amazon EKS cluster. For more information, see Managed node groups in the Amazon EKS User Guide.
Windows AMI types are only supported for commercial Amazon Web Services Regions that support Windows on Amazon EKS.
Creates an EKS Pod Identity association between a service account in an Amazon EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give temporary IAM credentials to pods and the credentials are rotated automatically.
Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.
If a pod uses a service account that has an association, Amazon EKS sets environment variables in the containers of the pod. The environment variables configure the Amazon Web Services SDKs, including the Command Line Interface, to use the EKS Pod Identity credentials.
Pod Identity is a simpler method than IAM roles for service accounts, as this method doesn't use OIDC identity providers. Additionally, you can configure a role for Pod Identity once, and reuse it across clusters.
", "DeleteAccessEntry": "Deletes an access entry.
Deleting an access entry of a type other than Standard
can cause your cluster to function improperly. If you delete an access entry in error, you can recreate it.
Deletes an Amazon EKS add-on.
When you remove an add-on, it's deleted from the cluster. You can always manually start an add-on on the cluster using the Kubernetes API.
", @@ -63,7 +63,7 @@ "AMITypes": { "base": null, "refs": { - "CreateNodegroupRequest$amiType": "The AMI type for your node group. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify amiType
, or the node group deployment will fail. If your launch template uses a Windows custom AMI, then add eks:kube-proxy-windows
to your Windows nodes rolearn
in the aws-auth
ConfigMap
. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The AMI type for your node group. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify amiType
, or the node group deployment will fail. If your launch template uses a Windows custom AMI, then add eks:kube-proxy-windows
to your Windows nodes rolearn
in the aws-auth
ConfigMap
. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
If the node group was deployed using a launch template with a custom AMI, then this is CUSTOM
. For node groups that weren't deployed using a launch template, this is the AMI type that was specified in the node group configuration.
An object representing the health issues for an add-on.
" } }, + "AddonPodIdentityAssociations": { + "base": "A type of Pod Identity Association owned by an Amazon EKS Add-on.
Each EKS Pod Identity Association maps a role to a service account in a namespace in the cluster.
For more information, see Attach an IAM Role to an Amazon EKS add-on using Pod Identity in the EKS User Guide.
", + "refs": { + "AddonPodIdentityAssociationsList$member": null + } + }, + "AddonPodIdentityAssociationsList": { + "base": null, + "refs": { + "CreateAddonRequest$podIdentityAssociations": "An array of Pod Identity Assocations to be created. Each EKS Pod Identity association maps a Kubernetes service account to an IAM Role.
For more information, see Attach an IAM Role to an Amazon EKS add-on using Pod Identity in the EKS User Guide.
", + "UpdateAddonRequest$podIdentityAssociations": "An array of Pod Identity Assocations to be updated. Each EKS Pod Identity association maps a Kubernetes service account to an IAM Role. If this value is left blank, no change. If an empty array is provided, existing Pod Identity Assocations owned by the Addon are deleted.
For more information, see Attach an IAM Role to an Amazon EKS add-on using Pod Identity in the EKS User Guide.
" + } + }, + "AddonPodIdentityConfiguration": { + "base": "Information about how to configure IAM for an Addon.
", + "refs": { + "AddonPodIdentityConfigurationList$member": null + } + }, + "AddonPodIdentityConfigurationList": { + "base": null, + "refs": { + "DescribeAddonConfigurationResponse$podIdentityConfiguration": "The Kubernetes service account name used by the addon, and any suggested IAM policies. Use this information to create an IAM Role for the Addon.
" + } + }, "AddonStatus": { "base": null, "refs": { @@ -251,6 +276,7 @@ "base": null, "refs": { "AddonVersionInfo$requiresConfiguration": "Whether the add-on requires configuration.
", + "AddonVersionInfo$requiresIamPermissions": "Indicates if the Addon requires IAM Permissions to operate, such as networking permissions.
", "Compatibility$defaultVersion": "The supported default version.
", "CreateEksAnywhereSubscriptionRequest$autoRenew": "A boolean indicating whether the subscription auto renews at the end of the term.
", "DeleteAddonRequest$preserve": "Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. If an IAM account is associated with the add-on, it isn't removed.
", @@ -274,7 +300,7 @@ "BoxedInteger": { "base": null, "refs": { - "CreateNodegroupRequest$diskSize": "The root device disk size (in GiB) for your node group instances. The default disk size is 20 GiB for Linux and Bottlerocket. The default disk size is 50 GiB for Windows. If you specify launchTemplate
, then don't specify diskSize
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The root device disk size (in GiB) for your node group instances. The default disk size is 20 GiB for Linux and Bottlerocket. The default disk size is 50 GiB for Windows. If you specify launchTemplate
, then don't specify diskSize
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
If the node group wasn't deployed with a launch template, then this is the disk size in the node group configuration. If the node group was deployed with a launch template, then this is null
.
An object representing the health of your local Amazon EKS cluster on an Amazon Web Services Outpost. You can't use this API with an Amazon EKS cluster on the Amazon Web Services cloud.
", + "base": "An object representing the health of your Amazon EKS cluster.
", "refs": { - "Cluster$health": "An object representing the health of your local Amazon EKS cluster on an Amazon Web Services Outpost. This object isn't available for clusters on the Amazon Web Services cloud.
" + "Cluster$health": "An object representing the health of your Amazon EKS cluster.
" } }, "ClusterIssue": { - "base": "An issue with your local Amazon EKS cluster on an Amazon Web Services Outpost. You can't use this API with an Amazon EKS cluster on the Amazon Web Services cloud.
", + "base": "An issue with your Amazon EKS cluster.
", "refs": { "ClusterIssueList$member": null } @@ -359,7 +385,7 @@ "ClusterIssueList": { "base": null, "refs": { - "ClusterHealth$issues": "An object representing the health issues of your local Amazon EKS cluster on an Amazon Web Services Outpost.
" + "ClusterHealth$issues": "An object representing the health issues of your Amazon EKS cluster.
" } }, "ClusterName": { @@ -1008,9 +1034,9 @@ } }, "LaunchTemplateSpecification": { - "base": "An object representing a node group launch template specification. The launch template can't include SubnetId
, IamInstanceProfile
, RequestSpotInstances
, HibernationOptions
, or TerminateInstances
, or the node group deployment or update will fail. For more information about launch templates, see CreateLaunchTemplate
in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
You must specify either the launch template ID or the launch template name in the request, but not both.
", + "base": "An object representing a node group launch template specification. The launch template can't include SubnetId
, IamInstanceProfile
, RequestSpotInstances
, HibernationOptions
, or TerminateInstances
, or the node group deployment or update will fail. For more information about launch templates, see CreateLaunchTemplate
in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
You must specify either the launch template ID or the launch template name in the request, but not both.
", "refs": { - "CreateNodegroupRequest$launchTemplate": "An object representing a node group's launch template specification. If specified, then do not specify instanceTypes
, diskSize
, or remoteAccess
and make sure that the launch template meets the requirements in launchTemplateSpecification
.
An object representing a node group's launch template specification. When using this object, don't directly specify instanceTypes
, diskSize
, or remoteAccess
. Make sure that the launch template meets the requirements in launchTemplateSpecification
. Also refer to Customizing managed nodes with launch templates in the Amazon EKS User Guide.
If a launch template was used to create the node group, then this is the launch template that was used.
", "UpdateNodegroupVersionRequest$launchTemplate": "An object representing a node group's launch template specification. You can only update a node group using a launch template if the node group was originally deployed with a launch template.
" } @@ -1385,7 +1411,7 @@ "RemoteAccessConfig": { "base": "An object representing the remote access configuration for the managed node group.
", "refs": { - "CreateNodegroupRequest$remoteAccess": "The remote access configuration to use with your node group. For Linux, the protocol is SSH. For Windows, the protocol is RDP. If you specify launchTemplate
, then don't specify remoteAccess
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The remote access configuration to use with your node group. For Linux, the protocol is SSH. For Windows, the protocol is RDP. If you specify launchTemplate
, then don't specify remoteAccess
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
If the node group wasn't deployed with a launch template, then this is the remote access configuration that is associated with the node group. If the node group was deployed with a launch template, then this is null
.
The publisher of the add-on.
", "AddonInfo$owner": "The owner of the add-on.
", "AddonIssue$message": "A message that provides details about the issue and what might cause it.
", + "AddonPodIdentityAssociations$serviceAccount": "The name of a Kubernetes Service Account.
", + "AddonPodIdentityAssociations$roleArn": "The ARN of an IAM Role.
", + "AddonPodIdentityConfiguration$serviceAccount": "The Kubernetes Service Account name used by the addon.
", "AddonVersionInfo$addonVersion": "The version of the add-on.
", "AssociateAccessPolicyRequest$clusterName": "The name of your cluster.
", "AssociateAccessPolicyRequest$principalArn": "The Amazon Resource Name (ARN) of the IAM user or role for the AccessEntry
that you're associating the access policy to.
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", "CreateNodegroupRequest$clusterName": "The name of your cluster.
", "CreateNodegroupRequest$nodegroupName": "The unique name to give your node group.
", - "CreateNodegroupRequest$nodeRole": "The Amazon Resource Name (ARN) of the IAM role to associate with your node group. The Amazon EKS worker node kubelet
daemon makes calls to Amazon Web Services APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch nodes and register them into a cluster, you must create an IAM role for those nodes to use when they are launched. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide . If you specify launchTemplate
, then don't specify IamInstanceProfile
in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The Amazon Resource Name (ARN) of the IAM role to associate with your node group. The Amazon EKS worker node kubelet
daemon makes calls to Amazon Web Services APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch nodes and register them into a cluster, you must create an IAM role for those nodes to use when they are launched. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide . If you specify launchTemplate
, then don't specify IamInstanceProfile
in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", - "CreateNodegroupRequest$version": "The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify version
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The AMI version of the Amazon EKS optimized AMI to use with your node group. By default, the latest available AMI version for the node group's current Kubernetes version is used. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. Amazon EKS managed node groups support the November 2022 and later releases of the Windows AMIs. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.
If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify releaseVersion
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify version
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The AMI version of the Amazon EKS optimized AMI to use with your node group. By default, the latest available AMI version for the node group's current Kubernetes version is used. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. Amazon EKS managed node groups support the November 2022 and later releases of the Windows AMIs. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.
If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify releaseVersion
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The name of the cluster to create the association in.
", "CreatePodIdentityAssociationRequest$namespace": "The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the pods that use the service account must be in this namespace.
", "CreatePodIdentityAssociationRequest$serviceAccount": "The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
", @@ -1691,11 +1720,13 @@ "PodIdentityAssociation$roleArn": "The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
", "PodIdentityAssociation$associationArn": "The Amazon Resource Name (ARN) of the association.
", "PodIdentityAssociation$associationId": "The ID of the association.
", + "PodIdentityAssociation$ownerArn": "If defined, the Pod Identity Association is owned by an Amazon EKS Addon.
", "PodIdentityAssociationSummary$clusterName": "The name of the cluster that the association is in.
", "PodIdentityAssociationSummary$namespace": "The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the pods that use the service account must be in this namespace.
", "PodIdentityAssociationSummary$serviceAccount": "The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
", "PodIdentityAssociationSummary$associationArn": "The Amazon Resource Name (ARN) of the association.
", "PodIdentityAssociationSummary$associationId": "The ID of the association.
", + "PodIdentityAssociationSummary$ownerArn": "If defined, the Pod Identity Association is owned by an Amazon EKS Addon.
", "Provider$keyArn": "Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric and created in the same Amazon Web Services Region as the cluster. If the KMS key was created in a different account, the IAM principal must have access to the KMS key. For more information, see Allowing users in other accounts to use a KMS key in the Key Management Service Developer Guide.
", "RegisterClusterRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", "RemoteAccessConfig$ec2SshKey": "The Amazon EC2 SSH key name that provides access for SSH communication with the nodes in the managed node group. For more information, see Amazon EC2 key pairs and Linux instances in the Amazon Elastic Compute Cloud User Guide for Linux Instances. For Windows, an Amazon EC2 SSH key is used to obtain the RDP password. For more information, see Amazon EC2 key pairs and Windows instances in the Amazon Elastic Compute Cloud User Guide for Windows Instances.
", @@ -1747,8 +1778,8 @@ "UpdateNodegroupConfigRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", "UpdateNodegroupVersionRequest$clusterName": "The name of your cluster.
", "UpdateNodegroupVersionRequest$nodegroupName": "The name of the managed node group to update.
", - "UpdateNodegroupVersionRequest$version": "The Kubernetes version to update to. If no version is specified, then the Kubernetes version of the node group does not change. You can specify the Kubernetes version of the cluster to update the node group to the latest AMI version of the cluster's Kubernetes version. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify version
, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The AMI version of the Amazon EKS optimized AMI to use for the update. By default, the latest available AMI version for the node group's Kubernetes version is used. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. Amazon EKS managed node groups support the November 2022 and later releases of the Windows AMIs. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.
If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify releaseVersion
, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The Kubernetes version to update to. If no version is specified, then the Kubernetes version of the node group does not change. You can specify the Kubernetes version of the cluster to update the node group to the latest AMI version of the cluster's Kubernetes version. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify version
, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The AMI version of the Amazon EKS optimized AMI to use for the update. By default, the latest available AMI version for the node group's Kubernetes version is used. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. Amazon EKS managed node groups support the November 2022 and later releases of the Windows AMIs. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.
If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify releaseVersion
, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", "UpdateParam$value": "The value of the keys submitted as part of an update request.
", "UpdatePodIdentityAssociationRequest$clusterName": "The name of the cluster that you want to update the association in.
", @@ -1765,14 +1796,16 @@ "refs": { "AccessEntry$kubernetesGroups": "A name
that you've specified in a Kubernetes RoleBinding
or ClusterRoleBinding
object so that Kubernetes authorizes the principalARN
access to cluster objects.
A Kubernetes namespace
that an access policy is scoped to. A value is required if you specified namespace
for Type
.
An array of Pod Identity Assocations owned by the Addon. Each EKS Pod Identity association maps a role to a service account in a namespace in the cluster.
For more information, see Attach an IAM Role to an Amazon EKS add-on using Pod Identity in the EKS User Guide.
", "AddonIssue$resourceIds": "The resource IDs of the issue.
", + "AddonPodIdentityConfiguration$recommendedManagedPolicies": "A suggested IAM Policy for the addon.
", "AddonVersionInfo$architecture": "The architectures that the version supports.
", "ClusterIssue$resourceIds": "The resource IDs that the issue relates to.
", "Compatibility$platformVersions": "The supported compute platform.
", "CreateAccessEntryRequest$kubernetesGroups": "The value for name
that you've specified for kind: Group
as a subject
in a Kubernetes RoleBinding
or ClusterRoleBinding
object. Amazon EKS doesn't confirm that the value for name
exists in any bindings on your cluster. You can specify one or more names.
Kubernetes authorizes the principalArn
of the access entry to access any cluster objects that you've specified in a Kubernetes Role
or ClusterRole
object that is also specified in a binding's roleRef
. For more information about creating Kubernetes RoleBinding
, ClusterRoleBinding
, Role
, or ClusterRole
objects, see Using RBAC Authorization in the Kubernetes documentation.
If you want Amazon EKS to authorize the principalArn
(instead of, or in addition to Kubernetes authorizing the principalArn
), you can associate one or more access policies to the access entry using AssociateAccessPolicy
. If you associate any access policies, the principalARN
has all permissions assigned in the associated access policies and all permissions in any Kubernetes Role
or ClusterRole
objects that the group names are bound to.
The IDs of subnets to launch a Pod
into. A Pod
running on Fargate isn't assigned a public IP address, so only private subnets (with no direct route to an Internet Gateway) are accepted for this parameter.
The subnets to use for the Auto Scaling group that is created for your node group. If you specify launchTemplate
, then don't specify SubnetId
in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
Specify the instance types for a node group. If you specify a GPU instance type, make sure to also specify an applicable GPU AMI type with the amiType
parameter. If you specify launchTemplate
, then you can specify zero or one instance type in your launch template or you can specify 0-20 instance types for instanceTypes
. If however, you specify an instance type in your launch template and specify any instanceTypes
, the node group deployment will fail. If you don't specify an instance type in a launch template or for instanceTypes
, then t3.medium
is used, by default. If you specify Spot
for capacityType
, then we recommend specifying multiple values for instanceTypes
. For more information, see Managed node group capacity types and Launch template support in the Amazon EKS User Guide.
The subnets to use for the Auto Scaling group that is created for your node group. If you specify launchTemplate
, then don't specify SubnetId
in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
Specify the instance types for a node group. If you specify a GPU instance type, make sure to also specify an applicable GPU AMI type with the amiType
parameter. If you specify launchTemplate
, then you can specify zero or one instance type in your launch template or you can specify 0-20 instance types for instanceTypes
. If however, you specify an instance type in your launch template and specify any instanceTypes
, the node group deployment will fail. If you don't specify an instance type in a launch template or for instanceTypes
, then t3.medium
is used, by default. If you specify Spot
for capacityType
, then we recommend specifying multiple values for instanceTypes
. For more information, see Managed node group capacity types and Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The type of the add-on. For valid types
, don't specify a value for this property.
The publisher of the add-on. For valid publishers
, don't specify a value for this property.
The owner of the add-on. For valid owners
, don't specify a value for this property.