RubyGems - aws-sdk-eks - Versions diffs - 1.137.0 → 1.139.0 - Mend

aws-sdk-eks 1.137.0 → 1.139.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +10 -0
data/VERSION +1 -1
data/lib/aws-sdk-eks/client.rb +191 -35
data/lib/aws-sdk-eks/client_api.rb +7 -0
data/lib/aws-sdk-eks/types.rb +236 -65
data/lib/aws-sdk-eks.rb +1 -1
data/sig/client.rbs +7 -3
data/sig/types.rbs +10 -3
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e68c21938171b4d51693cffcc5b49738e49d142c3045d808fcec54de7669c77f
-  data.tar.gz: dd5bbf6f71c6561cc10e78fe64a8a5d0a074a1f94c41b5cba61b499e0caffab2
+  metadata.gz: bfafb3c4a993afbab984bdb91bc15f1bcb95d2aa5c6014653fcdf609c9b29ece
+  data.tar.gz: 4079bd72a94979ca6da8299cb0f84ee50658ceeded917e1ebe29d5f943117102
 SHA512:
-  metadata.gz: 759362c63fcd82b61fb043b1c7186c29ecdb1c4226ca99f54c3bd785c7f8b0d6675f81114e997dea17d700e7209e231ba54b5bc6d18b358ee7dd819263801dcc
-  data.tar.gz: a363c5b42ef03e04ab4ea176d588c206173796fd2d92c44be6aebc6365a3bd5a96ddd2bce2a70da30fcff6983fd67f9462fb52037b07c6b8429f77c50ecba2d4
+  metadata.gz: 46bfcabcb9b0fb7087ac0b931ec1e5eeb22169a11bf3ba39ab4e4da8daf23b2339a895763149253b69cf7ab363257e38527cb3058822f64f631790d8ff0ec2b4
+  data.tar.gz: d8042d0978684917d8b55381d1f5c7da5f1ffd672ab35f4f5e6128c30669c3075b05dbeab8fa7938f038c804a6a403985d9d4e1da1b68ddcef01e03a31c4f2a7

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
+1.139.0 (2025-06-11)
+------------------
+* Feature - Release for EKS Pod Identity Cross Account feature and disableSessionTags flag.
+1.138.0 (2025-06-02)
+------------------
+* Feature - Add support for filtering ListInsights API calls on MISCONFIGURATION insight category
 1.137.0 (2025-05-12)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.~~137~~.0
1	+ 1.139.0

data/lib/aws-sdk-eks/client.rb CHANGED Viewed

@@ -927,11 +927,11 @@ module Aws::EKS
     #   `DescribeAddonConfiguration`.
     #
     # @option params [Array<Types::AddonPodIdentityAssociations>] :pod_identity_associations
-    #   An array of Pod Identity Assocations to be created. Each EKS Pod
-    #   Identity association maps a Kubernetes service account to an IAM Role.
+    #   An array of EKS Pod Identity associations to be created. Each
+    #   association maps a Kubernetes service account to an IAM role.
     #
     #   For more information, see [Attach an IAM Role to an Amazon EKS add-on
-    #   using Pod Identity][1] in the *Amazon EKS User Guide*.
+    #   using EKS Pod Identity][1] in the *Amazon EKS User Guide*.
     #
     #
     #
@@ -1019,9 +1019,10 @@ module Aws::EKS
     # You can use the `endpointPublicAccess` and `endpointPrivateAccess`
     # parameters to enable or disable public and private access to your
     # cluster's Kubernetes API server endpoint. By default, public access
-    # is enabled, and private access is disabled. For more information, see
-    # [Amazon EKS Cluster Endpoint Access Control][1] in the <i> <i>Amazon
-    # EKS User Guide</i> </i>.
+    # is enabled, and private access is disabled. The endpoint domain name
+    # and IP address family depends on the value of the `ipFamily` for the
+    # cluster. For more information, see [Amazon EKS Cluster Endpoint Access
+    # Control][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
     #
     # You can use the `logging` parameter to enable or disable exporting the
     # Kubernetes control plane logs for your cluster to CloudWatch Logs. By
@@ -1146,8 +1147,8 @@ module Aws::EKS
     #   If you set this value to `False` when creating a cluster, the default
     #   networking add-ons will not be installed.
     #
-    #   The default networking addons include vpc-cni, coredns, and
-    #   kube-proxy.
+    #   The default networking add-ons include `vpc-cni`, `coredns`, and
+    #   `kube-proxy`.
     #
     #   Use this option when you plan to install third-party alternative
     #   add-ons or self-manage the default networking add-ons.
@@ -1951,31 +1952,49 @@ module Aws::EKS
     # Creates an EKS Pod Identity association between a service account in
     # an Amazon EKS cluster and an IAM role with *EKS Pod Identity*. Use EKS
-    # Pod Identity to give temporary IAM credentials to pods and the
+    # Pod Identity to give temporary IAM credentials to Pods and the
     # credentials are rotated automatically.
     #
     # Amazon EKS Pod Identity associations provide the ability to manage
     # credentials for your applications, similar to the way that Amazon EC2
     # instance profiles provide credentials to Amazon EC2 instances.
     #
-    # If a pod uses a service account that has an association, Amazon EKS
-    # sets environment variables in the containers of the pod. The
+    # If a Pod uses a service account that has an association, Amazon EKS
+    # sets environment variables in the containers of the Pod. The
     # environment variables configure the Amazon Web Services SDKs,
     # including the Command Line Interface, to use the EKS Pod Identity
     # credentials.
     #
-    # Pod Identity is a simpler method than *IAM roles for service
+    # EKS Pod Identity is a simpler method than *IAM roles for service
     # accounts*, as this method doesn't use OIDC identity providers.
-    # Additionally, you can configure a role for Pod Identity once, and
+    # Additionally, you can configure a role for EKS Pod Identity once, and
     # reuse it across clusters.
     #
+    # Similar to Amazon Web Services IAM behavior, EKS Pod Identity
+    # associations are eventually consistent, and may take several seconds
+    # to be effective after the initial API call returns successfully. You
+    # must design your applications to account for these potential delays.
+    # We recommend that you don’t include association create/updates in the
+    # critical, high-availability code paths of your application. Instead,
+    # make changes in a separate initialization or setup routine that you
+    # run less frequently.
+    #
+    # You can set a *target IAM role* in the same or a different account for
+    # advanced scenarios. With a target role, EKS Pod Identity automatically
+    # performs two role assumptions in sequence: first assuming the role in
+    # the association that is in this account, then using those credentials
+    # to assume the target IAM role. This process provides your Pod with
+    # temporary credentials that have the permissions defined in the target
+    # role, allowing secure access to resources in another Amazon Web
+    # Services account.
+    #
     # @option params [required, String] :cluster_name
-    #   The name of the cluster to create the association in.
+    #   The name of the cluster to create the EKS Pod Identity association in.
     #
     # @option params [required, String] :namespace
     #   The name of the Kubernetes namespace inside the cluster to create the
-    #   association in. The service account and the pods that use the service
-    #   account must be in this namespace.
+    #   EKS Pod Identity association in. The service account and the Pods that
+    #   use the service account must be in this namespace.
     #
     # @option params [required, String] :service_account
     #   The name of the Kubernetes service account inside the cluster to
@@ -1984,7 +2003,7 @@ module Aws::EKS
     # @option params [required, String] :role_arn
     #   The Amazon Resource Name (ARN) of the IAM role to associate with the
     #   service account. The EKS Pod Identity agent manages credentials to
-    #   assume this role for applications in the containers in the pods that
+    #   assume this role for applications in the containers in the Pods that
     #   use this service account.
     #
     # @option params [String] :client_request_token
@@ -2024,6 +2043,51 @@ module Aws::EKS
     #     values with this prefix. Tags with this prefix do not count against
     #     your tags per resource limit.
     #
+    # @option params [Boolean] :disable_session_tags
+    #   Disable the automatic sessions tags that are appended by EKS Pod
+    #   Identity.
+    #
+    #   EKS Pod Identity adds a pre-defined set of session tags when it
+    #   assumes the role. You can use these tags to author a single role that
+    #   can work across resources by allowing access to Amazon Web Services
+    #   resources based on matching tags. By default, EKS Pod Identity
+    #   attaches six tags, including tags for cluster name, namespace, and
+    #   service account name. For the list of tags added by EKS Pod Identity,
+    #   see [List of session tags added by EKS Pod Identity][1] in the *Amazon
+    #   EKS User Guide*.
+    #
+    #   Amazon Web Services compresses inline session policies, managed policy
+    #   ARNs, and session tags into a packed binary format that has a separate
+    #   limit. If you receive a `PackedPolicyTooLarge` error indicating the
+    #   packed binary format has exceeded the size limit, you can attempt to
+    #   reduce the size by disabling the session tags added by EKS Pod
+    #   Identity.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags
+    #
+    # @option params [String] :target_role_arn
+    #   The Amazon Resource Name (ARN) of the target IAM role to associate
+    #   with the service account. This role is assumed by using the EKS Pod
+    #   Identity association role, then the credentials for this role are
+    #   injected into the Pod.
+    #
+    #   When you run applications on Amazon EKS, your application might need
+    #   to access Amazon Web Services resources from a different role that
+    #   exists in the same or different Amazon Web Services account. For
+    #   example, your application running in “Account A” might need to access
+    #   resources, such as Amazon S3 buckets in “Account B” or within “Account
+    #   A” itself. You can create a association to access Amazon Web Services
+    #   resources in “Account B” by creating two IAM roles: a role in “Account
+    #   A” and a role in “Account B” (which can be the same or different
+    #   account), each with the necessary trust and permission policies. After
+    #   you provide these roles in the *IAM role* and *Target IAM role*
+    #   fields, EKS will perform role chaining to ensure your application gets
+    #   the required permissions. This means Role A will assume Role B,
+    #   allowing your Pods to securely access resources like S3 buckets in the
+    #   target account.
+    #
     # @return [Types::CreatePodIdentityAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreatePodIdentityAssociationResponse#association #association} => Types::PodIdentityAssociation
@@ -2039,6 +2103,8 @@ module Aws::EKS
     #     tags: {
     #       "TagKey" => "TagValue",
     #     },
+    #     disable_session_tags: false,
+    #     target_role_arn: "String",
     #   })
     #
     # @example Response structure
@@ -2054,6 +2120,9 @@ module Aws::EKS
     #   resp.association.created_at #=> Time
     #   resp.association.modified_at #=> Time
     #   resp.association.owner_arn #=> String
+    #   resp.association.disable_session_tags #=> Boolean
+    #   resp.association.target_role_arn #=> String
+    #   resp.association.external_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreatePodIdentityAssociation AWS API Documentation
     #
@@ -2504,6 +2573,9 @@ module Aws::EKS
     #   resp.association.created_at #=> Time
     #   resp.association.modified_at #=> Time
     #   resp.association.owner_arn #=> String
+    #   resp.association.disable_session_tags #=> Boolean
+    #   resp.association.target_role_arn #=> String
+    #   resp.association.external_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeletePodIdentityAssociation AWS API Documentation
     #
@@ -3262,7 +3334,7 @@ module Aws::EKS
     #
     #   resp.insight.id #=> String
     #   resp.insight.name #=> String
-    #   resp.insight.category #=> String, one of "UPGRADE_READINESS"
+    #   resp.insight.category #=> String, one of "UPGRADE_READINESS", "MISCONFIGURATION"
     #   resp.insight.kubernetes_version #=> String
     #   resp.insight.last_refresh_time #=> Time
     #   resp.insight.last_transition_time #=> Time
@@ -3420,6 +3492,9 @@ module Aws::EKS
     #   resp.association.created_at #=> Time
     #   resp.association.modified_at #=> Time
     #   resp.association.owner_arn #=> String
+    #   resp.association.disable_session_tags #=> Boolean
+    #   resp.association.target_role_arn #=> String
+    #   resp.association.external_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribePodIdentityAssociation AWS API Documentation
     #
@@ -4096,7 +4171,18 @@ module Aws::EKS
     # Returns a list of all insights checked for against the specified
     # cluster. You can filter which insights are returned by category,
-    # associated Kubernetes version, and status.
+    # associated Kubernetes version, and status. The default filter lists
+    # all categories and every status.
+    #
+    # The following lists the available categories:
+    #
+    # * `UPGRADE_READINESS`: Amazon EKS identifies issues that could impact
+    #   your ability to upgrade to new versions of Kubernetes. These are
+    #   called upgrade insights.
+    #
+    # * `MISCONFIGURATION`: Amazon EKS identifies misconfiguration in your
+    #   EKS Hybrid Nodes setup that could impair functionality of your
+    #   cluster or workloads. These are called configuration insights.
     #
     # @option params [required, String] :cluster_name
     #   The name of the Amazon EKS cluster associated with the insights.
@@ -4135,7 +4221,7 @@ module Aws::EKS
     #   resp = client.list_insights({
     #     cluster_name: "String", # required
     #     filter: {
-    #       categories: ["UPGRADE_READINESS"], # accepts UPGRADE_READINESS
+    #       categories: ["UPGRADE_READINESS"], # accepts UPGRADE_READINESS, MISCONFIGURATION
     #       kubernetes_versions: ["String"],
     #       statuses: ["PASSING"], # accepts PASSING, WARNING, ERROR, UNKNOWN
     #     },
@@ -4148,7 +4234,7 @@ module Aws::EKS
     #   resp.insights #=> Array
     #   resp.insights[0].id #=> String
     #   resp.insights[0].name #=> String
-    #   resp.insights[0].category #=> String, one of "UPGRADE_READINESS"
+    #   resp.insights[0].category #=> String, one of "UPGRADE_READINESS", "MISCONFIGURATION"
     #   resp.insights[0].kubernetes_version #=> String
     #   resp.insights[0].last_refresh_time #=> Time
     #   resp.insights[0].last_transition_time #=> Time
@@ -4771,13 +4857,13 @@ module Aws::EKS
     #   `DescribeAddonConfiguration`.
     #
     # @option params [Array<Types::AddonPodIdentityAssociations>] :pod_identity_associations
-    #   An array of Pod Identity Assocations to be updated. Each EKS Pod
-    #   Identity association maps a Kubernetes service account to an IAM Role.
-    #   If this value is left blank, no change. If an empty array is provided,
-    #   existing Pod Identity Assocations owned by the Addon are deleted.
+    #   An array of EKS Pod Identity associations to be updated. Each
+    #   association maps a Kubernetes service account to an IAM role. If this
+    #   value is left blank, no change. If an empty array is provided,
+    #   existing associations owned by the add-on are deleted.
     #
     #   For more information, see [Attach an IAM Role to an Amazon EKS add-on
-    #   using Pod Identity][1] in the *Amazon EKS User Guide*.
+    #   using EKS Pod Identity][1] in the *Amazon EKS User Guide*.
     #
     #
     #
@@ -4851,8 +4937,8 @@ module Aws::EKS
     # * You can also use this API operation to enable or disable public and
     #   private access to your cluster's Kubernetes API server endpoint. By
     #   default, public access is enabled, and private access is disabled.
-    #   For more information, see [Amazon EKS cluster endpoint access
-    #   control][3] in the <i> <i>Amazon EKS User Guide</i> </i>.
+    #   For more information, see [ Cluster API server endpoint][3] in the
+    #   <i> <i>Amazon EKS User Guide</i> </i>.
     #
     # * You can also use this API operation to choose different subnets and
     #   security groups for the cluster. You must specify at least two
@@ -5453,11 +5539,31 @@ module Aws::EKS
       req.send_request(options)
     end
-    # Updates a EKS Pod Identity association. Only the IAM role can be
-    # changed; an association can't be moved between clusters, namespaces,
-    # or service accounts. If you need to edit the namespace or service
-    # account, you need to delete the association and then create a new
-    # association with your desired settings.
+    # Updates a EKS Pod Identity association. In an update, you can change
+    # the IAM role, the target IAM role, or `disableSessionTags`. You must
+    # change at least one of these in an update. An association can't be
+    # moved between clusters, namespaces, or service accounts. If you need
+    # to edit the namespace or service account, you need to delete the
+    # association and then create a new association with your desired
+    # settings.
+    #
+    # Similar to Amazon Web Services IAM behavior, EKS Pod Identity
+    # associations are eventually consistent, and may take several seconds
+    # to be effective after the initial API call returns successfully. You
+    # must design your applications to account for these potential delays.
+    # We recommend that you don’t include association create/updates in the
+    # critical, high-availability code paths of your application. Instead,
+    # make changes in a separate initialization or setup routine that you
+    # run less frequently.
+    #
+    # You can set a *target IAM role* in the same or a different account for
+    # advanced scenarios. With a target role, EKS Pod Identity automatically
+    # performs two role assumptions in sequence: first assuming the role in
+    # the association that is in this account, then using those credentials
+    # to assume the target IAM role. This process provides your Pod with
+    # temporary credentials that have the permissions defined in the target
+    # role, allowing secure access to resources in another Amazon Web
+    # Services account.
     #
     # @option params [required, String] :cluster_name
     #   The name of the cluster that you want to update the association in.
@@ -5466,7 +5572,7 @@ module Aws::EKS
     #   The ID of the association to be updated.
     #
     # @option params [String] :role_arn
-    #   The new IAM role to change the
+    #   The new IAM role to change in the association.
     #
     # @option params [String] :client_request_token
     #   A unique, case-sensitive identifier that you provide to ensure the
@@ -5475,6 +5581,51 @@ module Aws::EKS
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
     #
+    # @option params [Boolean] :disable_session_tags
+    #   Disable the automatic sessions tags that are appended by EKS Pod
+    #   Identity.
+    #
+    #   EKS Pod Identity adds a pre-defined set of session tags when it
+    #   assumes the role. You can use these tags to author a single role that
+    #   can work across resources by allowing access to Amazon Web Services
+    #   resources based on matching tags. By default, EKS Pod Identity
+    #   attaches six tags, including tags for cluster name, namespace, and
+    #   service account name. For the list of tags added by EKS Pod Identity,
+    #   see [List of session tags added by EKS Pod Identity][1] in the *Amazon
+    #   EKS User Guide*.
+    #
+    #   Amazon Web Services compresses inline session policies, managed policy
+    #   ARNs, and session tags into a packed binary format that has a separate
+    #   limit. If you receive a `PackedPolicyTooLarge` error indicating the
+    #   packed binary format has exceeded the size limit, you can attempt to
+    #   reduce the size by disabling the session tags added by EKS Pod
+    #   Identity.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags
+    #
+    # @option params [String] :target_role_arn
+    #   The Amazon Resource Name (ARN) of the target IAM role to associate
+    #   with the service account. This role is assumed by using the EKS Pod
+    #   Identity association role, then the credentials for this role are
+    #   injected into the Pod.
+    #
+    #   When you run applications on Amazon EKS, your application might need
+    #   to access Amazon Web Services resources from a different role that
+    #   exists in the same or different Amazon Web Services account. For
+    #   example, your application running in “Account A” might need to access
+    #   resources, such as buckets in “Account B” or within “Account A”
+    #   itself. You can create a association to access Amazon Web Services
+    #   resources in “Account B” by creating two IAM roles: a role in “Account
+    #   A” and a role in “Account B” (which can be the same or different
+    #   account), each with the necessary trust and permission policies. After
+    #   you provide these roles in the *IAM role* and *Target IAM role*
+    #   fields, EKS will perform role chaining to ensure your application gets
+    #   the required permissions. This means Role A will assume Role B,
+    #   allowing your Pods to securely access resources like S3 buckets in the
+    #   target account.
+    #
     # @return [Types::UpdatePodIdentityAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdatePodIdentityAssociationResponse#association #association} => Types::PodIdentityAssociation
@@ -5486,6 +5637,8 @@ module Aws::EKS
     #     association_id: "String", # required
     #     role_arn: "String",
     #     client_request_token: "String",
+    #     disable_session_tags: false,
+    #     target_role_arn: "String",
     #   })
     #
     # @example Response structure
@@ -5501,6 +5654,9 @@ module Aws::EKS
     #   resp.association.created_at #=> Time
     #   resp.association.modified_at #=> Time
     #   resp.association.owner_arn #=> String
+    #   resp.association.disable_session_tags #=> Boolean
+    #   resp.association.target_role_arn #=> String
+    #   resp.association.external_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdatePodIdentityAssociation AWS API Documentation
     #
@@ -5529,7 +5685,7 @@ module Aws::EKS
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-eks'
-      context[:gem_version] = '1.137.0'
+      context[:gem_version] = '1.139.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-eks/client_api.rb CHANGED Viewed

@@ -697,6 +697,8 @@ module Aws::EKS
     CreatePodIdentityAssociationRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: String, required: true, location_name: "roleArn"))
     CreatePodIdentityAssociationRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: String, location_name: "clientRequestToken", metadata: {"idempotencyToken" => true}))
     CreatePodIdentityAssociationRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
+    CreatePodIdentityAssociationRequest.add_member(:disable_session_tags, Shapes::ShapeRef.new(shape: BoxedBoolean, location_name: "disableSessionTags"))
+    CreatePodIdentityAssociationRequest.add_member(:target_role_arn, Shapes::ShapeRef.new(shape: String, location_name: "targetRoleArn"))
     CreatePodIdentityAssociationRequest.struct_class = Types::CreatePodIdentityAssociationRequest
     CreatePodIdentityAssociationResponse.add_member(:association, Shapes::ShapeRef.new(shape: PodIdentityAssociation, location_name: "association"))
@@ -1299,6 +1301,9 @@ module Aws::EKS
     PodIdentityAssociation.add_member(:created_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "createdAt"))
     PodIdentityAssociation.add_member(:modified_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "modifiedAt"))
     PodIdentityAssociation.add_member(:owner_arn, Shapes::ShapeRef.new(shape: String, location_name: "ownerArn"))
+    PodIdentityAssociation.add_member(:disable_session_tags, Shapes::ShapeRef.new(shape: BoxedBoolean, location_name: "disableSessionTags"))
+    PodIdentityAssociation.add_member(:target_role_arn, Shapes::ShapeRef.new(shape: String, location_name: "targetRoleArn"))
+    PodIdentityAssociation.add_member(:external_id, Shapes::ShapeRef.new(shape: String, location_name: "externalId"))
     PodIdentityAssociation.struct_class = Types::PodIdentityAssociation
     PodIdentityAssociationSummaries.member = Shapes::ShapeRef.new(shape: PodIdentityAssociationSummary)
@@ -1524,6 +1529,8 @@ module Aws::EKS
     UpdatePodIdentityAssociationRequest.add_member(:association_id, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "associationId"))
     UpdatePodIdentityAssociationRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: String, location_name: "roleArn"))
     UpdatePodIdentityAssociationRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: String, location_name: "clientRequestToken", metadata: {"idempotencyToken" => true}))
+    UpdatePodIdentityAssociationRequest.add_member(:disable_session_tags, Shapes::ShapeRef.new(shape: BoxedBoolean, location_name: "disableSessionTags"))
+    UpdatePodIdentityAssociationRequest.add_member(:target_role_arn, Shapes::ShapeRef.new(shape: String, location_name: "targetRoleArn"))
     UpdatePodIdentityAssociationRequest.struct_class = Types::UpdatePodIdentityAssociationRequest
     UpdatePodIdentityAssociationResponse.add_member(:association, Shapes::ShapeRef.new(shape: PodIdentityAssociation, location_name: "association"))

data/lib/aws-sdk-eks/types.rb CHANGED Viewed

@@ -252,12 +252,12 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] pod_identity_associations
-    #   An array of Pod Identity Assocations owned by the Addon. Each EKS
-    #   Pod Identity association maps a role to a service account in a
-    #   namespace in the cluster.
+    #   An array of EKS Pod Identity associations owned by the add-on. Each
+    #   association maps a role to a service account in a namespace in the
+    #   cluster.
     #
     #   For more information, see [Attach an IAM Role to an Amazon EKS
-    #   add-on using Pod Identity][1] in the *Amazon EKS User Guide*.
+    #   add-on using EKS Pod Identity][1] in the *Amazon EKS User Guide*.
     #
     #
     #
@@ -388,13 +388,13 @@ module Aws::EKS
       include Aws::Structure
     end
-    # A type of Pod Identity Association owned by an Amazon EKS Add-on.
+    # A type of EKS Pod Identity association owned by an Amazon EKS add-on.
     #
-    # Each EKS Pod Identity Association maps a role to a service account in
-    # a namespace in the cluster.
+    # Each association maps a role to a service account in a namespace in
+    # the cluster.
     #
     # For more information, see [Attach an IAM Role to an Amazon EKS add-on
-    # using Pod Identity][1] in the *Amazon EKS User Guide*.
+    # using EKS Pod Identity][1] in the *Amazon EKS User Guide*.
     #
     #
     #
@@ -417,14 +417,14 @@ module Aws::EKS
       include Aws::Structure
     end
-    # Information about how to configure IAM for an Addon.
+    # Information about how to configure IAM for an add-on.
     #
     # @!attribute [rw] service_account
-    #   The Kubernetes Service Account name used by the addon.
+    #   The Kubernetes Service Account name used by the add-on.
     #   @return [String]
     #
     # @!attribute [rw] recommended_managed_policies
-    #   A suggested IAM Policy for the addon.
+    #   A suggested IAM Policy for the add-on.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AddonPodIdentityConfiguration AWS API Documentation
@@ -447,7 +447,7 @@ module Aws::EKS
     #   @return [Array<String>]
     #
     # @!attribute [rw] compute_types
-    #   Indicates the compute type of the addon version.
+    #   Indicates the compute type of the add-on version.
     #   @return [Array<String>]
     #
     # @!attribute [rw] compatibilities
@@ -459,7 +459,7 @@ module Aws::EKS
     #   @return [Boolean]
     #
     # @!attribute [rw] requires_iam_permissions
-    #   Indicates if the Addon requires IAM Permissions to operate, such as
+    #   Indicates if the add-on requires IAM Permissions to operate, such as
     #   networking permissions.
     #   @return [Boolean]
     #
@@ -1525,12 +1525,11 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] pod_identity_associations
-    #   An array of Pod Identity Assocations to be created. Each EKS Pod
-    #   Identity association maps a Kubernetes service account to an IAM
-    #   Role.
+    #   An array of EKS Pod Identity associations to be created. Each
+    #   association maps a Kubernetes service account to an IAM role.
     #
     #   For more information, see [Attach an IAM Role to an Amazon EKS
-    #   add-on using Pod Identity][1] in the *Amazon EKS User Guide*.
+    #   add-on using EKS Pod Identity][1] in the *Amazon EKS User Guide*.
     #
     #
     #
@@ -1680,8 +1679,8 @@ module Aws::EKS
     #   If you set this value to `False` when creating a cluster, the
     #   default networking add-ons will not be installed.
     #
-    #   The default networking addons include vpc-cni, coredns, and
-    #   kube-proxy.
+    #   The default networking add-ons include `vpc-cni`, `coredns`, and
+    #   `kube-proxy`.
     #
     #   Use this option when you plan to install third-party alternative
     #   add-ons or self-manage the default networking add-ons.
@@ -2169,13 +2168,14 @@ module Aws::EKS
     end
     # @!attribute [rw] cluster_name
-    #   The name of the cluster to create the association in.
+    #   The name of the cluster to create the EKS Pod Identity association
+    #   in.
     #   @return [String]
     #
     # @!attribute [rw] namespace
     #   The name of the Kubernetes namespace inside the cluster to create
-    #   the association in. The service account and the pods that use the
-    #   service account must be in this namespace.
+    #   the EKS Pod Identity association in. The service account and the
+    #   Pods that use the service account must be in this namespace.
     #   @return [String]
     #
     # @!attribute [rw] service_account
@@ -2186,7 +2186,7 @@ module Aws::EKS
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) of the IAM role to associate with the
     #   service account. The EKS Pod Identity agent manages credentials to
-    #   assume this role for applications in the containers in the pods that
+    #   assume this role for applications in the containers in the Pods that
     #   use this service account.
     #   @return [String]
     #
@@ -2230,6 +2230,53 @@ module Aws::EKS
     #     against your tags per resource limit.
     #   @return [Hash<String,String>]
     #
+    # @!attribute [rw] disable_session_tags
+    #   Disable the automatic sessions tags that are appended by EKS Pod
+    #   Identity.
+    #
+    #   EKS Pod Identity adds a pre-defined set of session tags when it
+    #   assumes the role. You can use these tags to author a single role
+    #   that can work across resources by allowing access to Amazon Web
+    #   Services resources based on matching tags. By default, EKS Pod
+    #   Identity attaches six tags, including tags for cluster name,
+    #   namespace, and service account name. For the list of tags added by
+    #   EKS Pod Identity, see [List of session tags added by EKS Pod
+    #   Identity][1] in the *Amazon EKS User Guide*.
+    #
+    #   Amazon Web Services compresses inline session policies, managed
+    #   policy ARNs, and session tags into a packed binary format that has a
+    #   separate limit. If you receive a `PackedPolicyTooLarge` error
+    #   indicating the packed binary format has exceeded the size limit, you
+    #   can attempt to reduce the size by disabling the session tags added
+    #   by EKS Pod Identity.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] target_role_arn
+    #   The Amazon Resource Name (ARN) of the target IAM role to associate
+    #   with the service account. This role is assumed by using the EKS Pod
+    #   Identity association role, then the credentials for this role are
+    #   injected into the Pod.
+    #
+    #   When you run applications on Amazon EKS, your application might need
+    #   to access Amazon Web Services resources from a different role that
+    #   exists in the same or different Amazon Web Services account. For
+    #   example, your application running in “Account A” might need to
+    #   access resources, such as Amazon S3 buckets in “Account B” or within
+    #   “Account A” itself. You can create a association to access Amazon
+    #   Web Services resources in “Account B” by creating two IAM roles: a
+    #   role in “Account A” and a role in “Account B” (which can be the same
+    #   or different account), each with the necessary trust and permission
+    #   policies. After you provide these roles in the *IAM role* and
+    #   *Target IAM role* fields, EKS will perform role chaining to ensure
+    #   your application gets the required permissions. This means Role A
+    #   will assume Role B, allowing your Pods to securely access resources
+    #   like S3 buckets in the target account.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreatePodIdentityAssociationRequest AWS API Documentation
     #
     class CreatePodIdentityAssociationRequest < Struct.new(
@@ -2238,7 +2285,9 @@ module Aws::EKS
       :service_account,
       :role_arn,
       :client_request_token,
-      :tags)
+      :tags,
+      :disable_session_tags,
+      :target_role_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2593,9 +2642,9 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] pod_identity_configuration
-    #   The Kubernetes service account name used by the addon, and any
+    #   The Kubernetes service account name used by the add-on, and any
     #   suggested IAM policies. Use this information to create an IAM Role
-    #   for the Addon.
+    #   for the add-on.
     #   @return [Array<Types::AddonPodIdentityConfiguration>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAddonConfigurationResponse AWS API Documentation
@@ -3699,7 +3748,16 @@ module Aws::EKS
     # The criteria to use for the insights.
     #
     # @!attribute [rw] categories
-    #   The categories to use to filter insights.
+    #   The categories to use to filter insights. The following lists the
+    #   available categories:
+    #
+    #   * `UPGRADE_READINESS`: Amazon EKS identifies issues that could
+    #     impact your ability to upgrade to new versions of Kubernetes.
+    #     These are called upgrade insights.
+    #
+    #   * `MISCONFIGURATION`: Amazon EKS identifies misconfiguration in your
+    #     EKS Hybrid Nodes setup that could impair functionality of your
+    #     cluster or workloads. These are called configuration insights.
     #   @return [Array<String>]
     #
     # @!attribute [rw] kubernetes_versions
@@ -5663,7 +5721,7 @@ module Aws::EKS
     #
     # @!attribute [rw] namespace
     #   The name of the Kubernetes namespace inside the cluster to create
-    #   the association in. The service account and the pods that use the
+    #   the association in. The service account and the Pods that use the
     #   service account must be in this namespace.
     #   @return [String]
     #
@@ -5675,7 +5733,7 @@ module Aws::EKS
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) of the IAM role to associate with the
     #   service account. The EKS Pod Identity agent manages credentials to
-    #   assume this role for applications in the containers in the pods that
+    #   assume this role for applications in the containers in the Pods that
     #   use this service account.
     #   @return [String]
     #
@@ -5724,12 +5782,55 @@ module Aws::EKS
     #   @return [Time]
     #
     # @!attribute [rw] modified_at
-    #   The most recent timestamp that the association was modified at
+    #   The most recent timestamp that the association was modified at.
     #   @return [Time]
     #
     # @!attribute [rw] owner_arn
-    #   If defined, the Pod Identity Association is owned by an Amazon EKS
-    #   Addon.
+    #   If defined, the EKS Pod Identity association is owned by an Amazon
+    #   EKS add-on.
+    #   @return [String]
+    #
+    # @!attribute [rw] disable_session_tags
+    #   The state of the automatic sessions tags. The value of *true*
+    #   disables these tags.
+    #
+    #   EKS Pod Identity adds a pre-defined set of session tags when it
+    #   assumes the role. You can use these tags to author a single role
+    #   that can work across resources by allowing access to Amazon Web
+    #   Services resources based on matching tags. By default, EKS Pod
+    #   Identity attaches six tags, including tags for cluster name,
+    #   namespace, and service account name. For the list of tags added by
+    #   EKS Pod Identity, see [List of session tags added by EKS Pod
+    #   Identity][1] in the *Amazon EKS User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] target_role_arn
+    #   The Amazon Resource Name (ARN) of the target IAM role to associate
+    #   with the service account. This role is assumed by using the EKS Pod
+    #   Identity association role, then the credentials for this role are
+    #   injected into the Pod.
+    #   @return [String]
+    #
+    # @!attribute [rw] external_id
+    #   The unique identifier for this EKS Pod Identity association for a
+    #   target IAM role. You put this value in the trust policy of the
+    #   target role, in a `Condition` to match the `sts.ExternalId`. This
+    #   ensures that the target role can only be assumed by this
+    #   association. This prevents the *confused deputy problem*. For more
+    #   information about the confused deputy problem, see [The confused
+    #   deputy problem][1] in the *IAM User Guide*.
+    #
+    #   If you want to use the same target role with multiple associations
+    #   or other roles, use independent statements in the trust policy to
+    #   allow `sts:AssumeRole` access from each role.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/PodIdentityAssociation AWS API Documentation
@@ -5744,7 +5845,10 @@ module Aws::EKS
       :tags,
       :created_at,
       :modified_at,
-      :owner_arn)
+      :owner_arn,
+      :disable_session_tags,
+      :target_role_arn,
+      :external_id)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5773,7 +5877,7 @@ module Aws::EKS
     #
     # @!attribute [rw] namespace
     #   The name of the Kubernetes namespace inside the cluster to create
-    #   the association in. The service account and the pods that use the
+    #   the association in. The service account and the Pods that use the
     #   service account must be in this namespace.
     #   @return [String]
     #
@@ -5791,8 +5895,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] owner_arn
-    #   If defined, the Pod Identity Association is owned by an Amazon EKS
-    #   Addon.
+    #   If defined, the association is owned by an Amazon EKS add-on.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/PodIdentityAssociationSummary AWS API Documentation
@@ -5937,7 +6040,7 @@ module Aws::EKS
     #   It must satisfy the following requirements:
     #
     #   * Each block must be within an `IPv4` RFC-1918 network range.
-    #     Minimum allowed size is /24, maximum allowed size is /8.
+    #     Minimum allowed size is /32, maximum allowed size is /8.
     #     Publicly-routable addresses aren't supported.
     #
     #   * Each block cannot overlap with the range of the VPC CIDR blocks
@@ -5975,7 +6078,7 @@ module Aws::EKS
     #   It must satisfy the following requirements:
     #
     #   * Each block must be within an `IPv4` RFC-1918 network range.
-    #     Minimum allowed size is /24, maximum allowed size is /8.
+    #     Minimum allowed size is /32, maximum allowed size is /8.
     #     Publicly-routable addresses aren't supported.
     #
     #   * Each block cannot overlap with the range of the VPC CIDR blocks
@@ -6025,7 +6128,7 @@ module Aws::EKS
     # It must satisfy the following requirements:
     #
     # * Each block must be within an `IPv4` RFC-1918 network range. Minimum
-    #   allowed size is /24, maximum allowed size is /8. Publicly-routable
+    #   allowed size is /32, maximum allowed size is /8. Publicly-routable
     #   addresses aren't supported.
     #
     # * Each block cannot overlap with the range of the VPC CIDR blocks for
@@ -6058,7 +6161,7 @@ module Aws::EKS
     #   It must satisfy the following requirements:
     #
     #   * Each block must be within an `IPv4` RFC-1918 network range.
-    #     Minimum allowed size is /24, maximum allowed size is /8.
+    #     Minimum allowed size is /32, maximum allowed size is /8.
     #     Publicly-routable addresses aren't supported.
     #
     #   * Each block cannot overlap with the range of the VPC CIDR blocks
@@ -6103,7 +6206,7 @@ module Aws::EKS
     # It must satisfy the following requirements:
     #
     # * Each block must be within an `IPv4` RFC-1918 network range. Minimum
-    #   allowed size is /24, maximum allowed size is /8. Publicly-routable
+    #   allowed size is /32, maximum allowed size is /8. Publicly-routable
     #   addresses aren't supported.
     #
     # * Each block cannot overlap with the range of the VPC CIDR blocks for
@@ -6124,7 +6227,7 @@ module Aws::EKS
     #   It must satisfy the following requirements:
     #
     #   * Each block must be within an `IPv4` RFC-1918 network range.
-    #     Minimum allowed size is /24, maximum allowed size is /8.
+    #     Minimum allowed size is /32, maximum allowed size is /8.
     #     Publicly-routable addresses aren't supported.
     #
     #   * Each block cannot overlap with the range of the VPC CIDR blocks
@@ -6677,14 +6780,13 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] pod_identity_associations
-    #   An array of Pod Identity Assocations to be updated. Each EKS Pod
-    #   Identity association maps a Kubernetes service account to an IAM
-    #   Role. If this value is left blank, no change. If an empty array is
-    #   provided, existing Pod Identity Assocations owned by the Addon are
-    #   deleted.
+    #   An array of EKS Pod Identity associations to be updated. Each
+    #   association maps a Kubernetes service account to an IAM role. If
+    #   this value is left blank, no change. If an empty array is provided,
+    #   existing associations owned by the add-on are deleted.
     #
     #   For more information, see [Attach an IAM Role to an Amazon EKS
-    #   add-on using Pod Identity][1] in the *Amazon EKS User Guide*.
+    #   add-on using EKS Pod Identity][1] in the *Amazon EKS User Guide*.
     #
     #
     #
@@ -7140,7 +7242,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] role_arn
-    #   The new IAM role to change the
+    #   The new IAM role to change in the association.
     #   @return [String]
     #
     # @!attribute [rw] client_request_token
@@ -7151,20 +7253,68 @@ module Aws::EKS
     #   not need to pass this option.
     #   @return [String]
     #
+    # @!attribute [rw] disable_session_tags
+    #   Disable the automatic sessions tags that are appended by EKS Pod
+    #   Identity.
+    #
+    #   EKS Pod Identity adds a pre-defined set of session tags when it
+    #   assumes the role. You can use these tags to author a single role
+    #   that can work across resources by allowing access to Amazon Web
+    #   Services resources based on matching tags. By default, EKS Pod
+    #   Identity attaches six tags, including tags for cluster name,
+    #   namespace, and service account name. For the list of tags added by
+    #   EKS Pod Identity, see [List of session tags added by EKS Pod
+    #   Identity][1] in the *Amazon EKS User Guide*.
+    #
+    #   Amazon Web Services compresses inline session policies, managed
+    #   policy ARNs, and session tags into a packed binary format that has a
+    #   separate limit. If you receive a `PackedPolicyTooLarge` error
+    #   indicating the packed binary format has exceeded the size limit, you
+    #   can attempt to reduce the size by disabling the session tags added
+    #   by EKS Pod Identity.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] target_role_arn
+    #   The Amazon Resource Name (ARN) of the target IAM role to associate
+    #   with the service account. This role is assumed by using the EKS Pod
+    #   Identity association role, then the credentials for this role are
+    #   injected into the Pod.
+    #
+    #   When you run applications on Amazon EKS, your application might need
+    #   to access Amazon Web Services resources from a different role that
+    #   exists in the same or different Amazon Web Services account. For
+    #   example, your application running in “Account A” might need to
+    #   access resources, such as buckets in “Account B” or within “Account
+    #   A” itself. You can create a association to access Amazon Web
+    #   Services resources in “Account B” by creating two IAM roles: a role
+    #   in “Account A” and a role in “Account B” (which can be the same or
+    #   different account), each with the necessary trust and permission
+    #   policies. After you provide these roles in the *IAM role* and
+    #   *Target IAM role* fields, EKS will perform role chaining to ensure
+    #   your application gets the required permissions. This means Role A
+    #   will assume Role B, allowing your Pods to securely access resources
+    #   like S3 buckets in the target account.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdatePodIdentityAssociationRequest AWS API Documentation
     #
     class UpdatePodIdentityAssociationRequest < Struct.new(
       :cluster_name,
       :association_id,
       :role_arn,
-      :client_request_token)
+      :client_request_token,
+      :disable_session_tags,
+      :target_role_arn)
       SENSITIVE = []
       include Aws::Structure
     end
     # @!attribute [rw] association
-    #   The full description of the EKS Pod Identity association that was
-    #   updated.
+    #   The full description of the association that was updated.
     #   @return [Types::PodIdentityAssociation]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdatePodIdentityAssociationResponse AWS API Documentation
@@ -7294,8 +7444,10 @@ module Aws::EKS
     #   access, your cluster's Kubernetes API server can only receive
     #   requests from within the cluster VPC. The default value for this
     #   parameter is `true`, which enables public access for your Kubernetes
-    #   API server. For more information, see [Amazon EKS cluster endpoint
-    #   access control][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
+    #   API server. The endpoint domain name and IP address family depends
+    #   on the value of the `ipFamily` for the cluster. For more
+    #   information, see [Cluster API server endpoint][1] in the <i>
+    #   <i>Amazon EKS User Guide</i> </i>.
     #
     #
     #
@@ -7311,8 +7463,8 @@ module Aws::EKS
     #   server. If you disable private access and you have nodes or Fargate
     #   pods in the cluster, then ensure that `publicAccessCidrs` includes
     #   the necessary CIDR blocks for communication with the nodes or
-    #   Fargate pods. For more information, see [Amazon EKS cluster endpoint
-    #   access control][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
+    #   Fargate pods. For more information, see [Cluster API server
+    #   endpoint][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
     #
     #
     #
@@ -7323,11 +7475,16 @@ module Aws::EKS
     #   The CIDR blocks that are allowed access to your cluster's public
     #   Kubernetes API server endpoint. Communication to the endpoint from
     #   addresses outside of the CIDR blocks that you specify is denied. The
-    #   default value is `0.0.0.0/0`. If you've disabled private endpoint
-    #   access, make sure that you specify the necessary CIDR blocks for
-    #   every node and Fargate `Pod` in the cluster. For more information,
-    #   see [Amazon EKS cluster endpoint access control][1] in the <i>
-    #   <i>Amazon EKS User Guide</i> </i>.
+    #   default value is `0.0.0.0/0` and additionally `::/0` for dual-stack
+    #   `IPv6` clusters. If you've disabled private endpoint access, make
+    #   sure that you specify the necessary CIDR blocks for every node and
+    #   Fargate `Pod` in the cluster. For more information, see [Cluster API
+    #   server endpoint][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
+    #
+    #   Note that the public endpoints are dual-stack for only `IPv6`
+    #   clusters that are made after October 2024. You can't add `IPv6`
+    #   CIDR blocks to `IPv4` clusters or `IPv6` clusters that were made
+    #   before October 2024.
     #
     #
     #
@@ -7381,9 +7538,8 @@ module Aws::EKS
     #   the internet. If this value is disabled and you have nodes or
     #   Fargate pods in the cluster, then ensure that `publicAccessCidrs`
     #   includes the necessary CIDR blocks for communication with the nodes
-    #   or Fargate pods. For more information, see [Amazon EKS cluster
-    #   endpoint access control][1] in the <i> <i>Amazon EKS User Guide</i>
-    #   </i>.
+    #   or Fargate pods. For more information, see [Cluster API server
+    #   endpoint][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
     #
     #
     #
@@ -7392,7 +7548,22 @@ module Aws::EKS
     #
     # @!attribute [rw] public_access_cidrs
     #   The CIDR blocks that are allowed access to your cluster's public
-    #   Kubernetes API server endpoint.
+    #   Kubernetes API server endpoint. Communication to the endpoint from
+    #   addresses outside of the CIDR blocks that you specify is denied. The
+    #   default value is `0.0.0.0/0` and additionally `::/0` for dual-stack
+    #   `IPv6` clusters. If you've disabled private endpoint access, make
+    #   sure that you specify the necessary CIDR blocks for every node and
+    #   Fargate `Pod` in the cluster. For more information, see [Cluster API
+    #   server endpoint][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
+    #
+    #   Note that the public endpoints are dual-stack for only `IPv6`
+    #   clusters that are made after October 2024. You can't add `IPv6`
+    #   CIDR blocks to `IPv4` clusters or `IPv6` clusters that were made
+    #   before October 2024.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/VpcConfigResponse AWS API Documentation

data/lib/aws-sdk-eks.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module Aws::EKS
   autoload :EndpointProvider, 'aws-sdk-eks/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-eks/endpoints'
-  GEM_VERSION = '1.137.0'
+  GEM_VERSION = '1.139.0'
 end

data/sig/client.rbs CHANGED Viewed

@@ -362,7 +362,9 @@ module Aws
                                              service_account: ::String,
                                              role_arn: ::String,
                                              ?client_request_token: ::String,
-                                             ?tags: Hash[::String, ::String]
+                                             ?tags: Hash[::String, ::String],
+                                             ?disable_session_tags: bool,
+                                             ?target_role_arn: ::String
                                            ) -> _CreatePodIdentityAssociationResponseSuccess
                                          | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreatePodIdentityAssociationResponseSuccess
@@ -755,7 +757,7 @@ module Aws
       def list_insights: (
                            cluster_name: ::String,
                            ?filter: {
-                             categories: Array[("UPGRADE_READINESS")]?,
+                             categories: Array[("UPGRADE_READINESS" | "MISCONFIGURATION")]?,
                              kubernetes_versions: Array[::String]?,
                              statuses: Array[("PASSING" | "WARNING" | "ERROR" | "UNKNOWN")]?
                            },
@@ -1052,7 +1054,9 @@ module Aws
                                              cluster_name: ::String,
                                              association_id: ::String,
                                              ?role_arn: ::String,
-                                             ?client_request_token: ::String
+                                             ?client_request_token: ::String,
+                                             ?disable_session_tags: bool,
+                                             ?target_role_arn: ::String
                                            ) -> _UpdatePodIdentityAssociationResponseSuccess
                                          | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdatePodIdentityAssociationResponseSuccess

data/sig/types.rbs CHANGED Viewed

@@ -433,6 +433,8 @@ module Aws::EKS
       attr_accessor role_arn: ::String
       attr_accessor client_request_token: ::String
       attr_accessor tags: ::Hash[::String, ::String]
+      attr_accessor disable_session_tags: bool
+      attr_accessor target_role_arn: ::String
       SENSITIVE: []
     end
@@ -807,7 +809,7 @@ module Aws::EKS
     class Insight
       attr_accessor id: ::String
       attr_accessor name: ::String
-      attr_accessor category: ("UPGRADE_READINESS")
+      attr_accessor category: ("UPGRADE_READINESS" | "MISCONFIGURATION")
       attr_accessor kubernetes_version: ::String
       attr_accessor last_refresh_time: ::Time
       attr_accessor last_transition_time: ::Time
@@ -842,7 +844,7 @@ module Aws::EKS
     class InsightSummary
       attr_accessor id: ::String
       attr_accessor name: ::String
-      attr_accessor category: ("UPGRADE_READINESS")
+      attr_accessor category: ("UPGRADE_READINESS" | "MISCONFIGURATION")
       attr_accessor kubernetes_version: ::String
       attr_accessor last_refresh_time: ::Time
       attr_accessor last_transition_time: ::Time
@@ -852,7 +854,7 @@ module Aws::EKS
     end
     class InsightsFilter
-      attr_accessor categories: ::Array[("UPGRADE_READINESS")]
+      attr_accessor categories: ::Array[("UPGRADE_READINESS" | "MISCONFIGURATION")]
       attr_accessor kubernetes_versions: ::Array[::String]
       attr_accessor statuses: ::Array[("PASSING" | "WARNING" | "ERROR" | "UNKNOWN")]
       SENSITIVE: []
@@ -1230,6 +1232,9 @@ module Aws::EKS
       attr_accessor created_at: ::Time
       attr_accessor modified_at: ::Time
       attr_accessor owner_arn: ::String
+      attr_accessor disable_session_tags: bool
+      attr_accessor target_role_arn: ::String
+      attr_accessor external_id: ::String
       SENSITIVE: []
     end
@@ -1524,6 +1529,8 @@ module Aws::EKS
       attr_accessor association_id: ::String
       attr_accessor role_arn: ::String
       attr_accessor client_request_token: ::String
+      attr_accessor disable_session_tags: bool
+      attr_accessor target_role_arn: ::String
       SENSITIVE: []
     end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-eks
 version: !ruby/object:Gem::Version
-  version: 1.137.0
+  version: 1.139.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -18,7 +18,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.216.0
+        version: 3.225.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,7 +28,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.216.0
+        version: 3.225.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement
@@ -84,7 +84,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="