aws-sdk-eks 1.47.0 → 1.48.0

data/lib/aws-sdk-eks/client_api.rb

@@ -24,6 +24,8 @@ module Aws::EKS
     AddonVersionInfo = Shapes::StructureShape.new(name: 'AddonVersionInfo')
     AddonVersionInfoList = Shapes::ListShape.new(name: 'AddonVersionInfoList')
     Addons = Shapes::ListShape.new(name: 'Addons')
+    AssociateIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'AssociateIdentityProviderConfigRequest')
+    AssociateIdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'AssociateIdentityProviderConfigResponse')
     AutoScalingGroup = Shapes::StructureShape.new(name: 'AutoScalingGroup')
     AutoScalingGroupList = Shapes::ListShape.new(name: 'AutoScalingGroupList')
     BadRequestException = Shapes::StructureShape.new(name: 'BadRequestException')
@@ -64,10 +66,14 @@ module Aws::EKS
     DescribeClusterResponse = Shapes::StructureShape.new(name: 'DescribeClusterResponse')
     DescribeFargateProfileRequest = Shapes::StructureShape.new(name: 'DescribeFargateProfileRequest')
     DescribeFargateProfileResponse = Shapes::StructureShape.new(name: 'DescribeFargateProfileResponse')
+    DescribeIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'DescribeIdentityProviderConfigRequest')
+    DescribeIdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'DescribeIdentityProviderConfigResponse')
     DescribeNodegroupRequest = Shapes::StructureShape.new(name: 'DescribeNodegroupRequest')
     DescribeNodegroupResponse = Shapes::StructureShape.new(name: 'DescribeNodegroupResponse')
     DescribeUpdateRequest = Shapes::StructureShape.new(name: 'DescribeUpdateRequest')
     DescribeUpdateResponse = Shapes::StructureShape.new(name: 'DescribeUpdateResponse')
+    DisassociateIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'DisassociateIdentityProviderConfigRequest')
+    DisassociateIdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'DisassociateIdentityProviderConfigResponse')
     EncryptionConfig = Shapes::StructureShape.new(name: 'EncryptionConfig')
     EncryptionConfigList = Shapes::ListShape.new(name: 'EncryptionConfigList')
     ErrorCode = Shapes::StringShape.new(name: 'ErrorCode')
@@ -80,6 +86,9 @@ module Aws::EKS
     FargateProfileStatus = Shapes::StringShape.new(name: 'FargateProfileStatus')
     FargateProfilesRequestMaxResults = Shapes::IntegerShape.new(name: 'FargateProfilesRequestMaxResults')
     Identity = Shapes::StructureShape.new(name: 'Identity')
+    IdentityProviderConfig = Shapes::StructureShape.new(name: 'IdentityProviderConfig')
+    IdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'IdentityProviderConfigResponse')
+    IdentityProviderConfigs = Shapes::ListShape.new(name: 'IdentityProviderConfigs')
     InvalidParameterException = Shapes::StructureShape.new(name: 'InvalidParameterException')
     InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
     Issue = Shapes::StructureShape.new(name: 'Issue')
@@ -95,6 +104,9 @@ module Aws::EKS
     ListClustersResponse = Shapes::StructureShape.new(name: 'ListClustersResponse')
     ListFargateProfilesRequest = Shapes::StructureShape.new(name: 'ListFargateProfilesRequest')
     ListFargateProfilesResponse = Shapes::StructureShape.new(name: 'ListFargateProfilesResponse')
+    ListIdentityProviderConfigsRequest = Shapes::StructureShape.new(name: 'ListIdentityProviderConfigsRequest')
+    ListIdentityProviderConfigsRequestMaxResults = Shapes::IntegerShape.new(name: 'ListIdentityProviderConfigsRequestMaxResults')
+    ListIdentityProviderConfigsResponse = Shapes::StructureShape.new(name: 'ListIdentityProviderConfigsResponse')
     ListNodegroupsRequest = Shapes::StructureShape.new(name: 'ListNodegroupsRequest')
     ListNodegroupsRequestMaxResults = Shapes::IntegerShape.new(name: 'ListNodegroupsRequestMaxResults')
     ListNodegroupsResponse = Shapes::StructureShape.new(name: 'ListNodegroupsResponse')
@@ -116,6 +128,8 @@ module Aws::EKS
     NodegroupStatus = Shapes::StringShape.new(name: 'NodegroupStatus')
     NotFoundException = Shapes::StructureShape.new(name: 'NotFoundException')
     OIDC = Shapes::StructureShape.new(name: 'OIDC')
+    OidcIdentityProviderConfig = Shapes::StructureShape.new(name: 'OidcIdentityProviderConfig')
+    OidcIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'OidcIdentityProviderConfigRequest')
     Provider = Shapes::StructureShape.new(name: 'Provider')
     RemoteAccessConfig = Shapes::StructureShape.new(name: 'RemoteAccessConfig')
     ResolveConflicts = Shapes::StringShape.new(name: 'ResolveConflicts')
@@ -156,10 +170,14 @@ module Aws::EKS
     UpdateType = Shapes::StringShape.new(name: 'UpdateType')
     VpcConfigRequest = Shapes::StructureShape.new(name: 'VpcConfigRequest')
     VpcConfigResponse = Shapes::StructureShape.new(name: 'VpcConfigResponse')
+    configStatus = Shapes::StringShape.new(name: 'configStatus')
     labelKey = Shapes::StringShape.new(name: 'labelKey')
     labelValue = Shapes::StringShape.new(name: 'labelValue')
     labelsKeyList = Shapes::ListShape.new(name: 'labelsKeyList')
     labelsMap = Shapes::MapShape.new(name: 'labelsMap')
+    requiredClaimsKey = Shapes::StringShape.new(name: 'requiredClaimsKey')
+    requiredClaimsMap = Shapes::MapShape.new(name: 'requiredClaimsMap')
+    requiredClaimsValue = Shapes::StringShape.new(name: 'requiredClaimsValue')
 
     Addon.add_member(:addon_name, Shapes::ShapeRef.new(shape: String, location_name: "addonName"))
     Addon.add_member(:cluster_name, Shapes::ShapeRef.new(shape: ClusterName, location_name: "clusterName"))
@@ -197,6 +215,16 @@ module Aws::EKS
 
     Addons.member = Shapes::ShapeRef.new(shape: AddonInfo)
 
+    AssociateIdentityProviderConfigRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
+    AssociateIdentityProviderConfigRequest.add_member(:oidc, Shapes::ShapeRef.new(shape: OidcIdentityProviderConfigRequest, required: true, location_name: "oidc"))
+    AssociateIdentityProviderConfigRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
+    AssociateIdentityProviderConfigRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: String, location_name: "clientRequestToken", metadata: {"idempotencyToken"=>true}))
+    AssociateIdentityProviderConfigRequest.struct_class = Types::AssociateIdentityProviderConfigRequest
+
+    AssociateIdentityProviderConfigResponse.add_member(:update, Shapes::ShapeRef.new(shape: Update, location_name: "update"))
+    AssociateIdentityProviderConfigResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
+    AssociateIdentityProviderConfigResponse.struct_class = Types::AssociateIdentityProviderConfigResponse
+
     AutoScalingGroup.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
     AutoScalingGroup.struct_class = Types::AutoScalingGroup
 
@@ -355,6 +383,13 @@ module Aws::EKS
     DescribeFargateProfileResponse.add_member(:fargate_profile, Shapes::ShapeRef.new(shape: FargateProfile, location_name: "fargateProfile"))
     DescribeFargateProfileResponse.struct_class = Types::DescribeFargateProfileResponse
 
+    DescribeIdentityProviderConfigRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
+    DescribeIdentityProviderConfigRequest.add_member(:identity_provider_config, Shapes::ShapeRef.new(shape: IdentityProviderConfig, required: true, location_name: "identityProviderConfig"))
+    DescribeIdentityProviderConfigRequest.struct_class = Types::DescribeIdentityProviderConfigRequest
+
+    DescribeIdentityProviderConfigResponse.add_member(:identity_provider_config, Shapes::ShapeRef.new(shape: IdentityProviderConfigResponse, location_name: "identityProviderConfig"))
+    DescribeIdentityProviderConfigResponse.struct_class = Types::DescribeIdentityProviderConfigResponse
+
     DescribeNodegroupRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
     DescribeNodegroupRequest.add_member(:nodegroup_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "nodegroupName"))
     DescribeNodegroupRequest.struct_class = Types::DescribeNodegroupRequest
@@ -371,6 +406,14 @@ module Aws::EKS
     DescribeUpdateResponse.add_member(:update, Shapes::ShapeRef.new(shape: Update, location_name: "update"))
     DescribeUpdateResponse.struct_class = Types::DescribeUpdateResponse
 
+    DisassociateIdentityProviderConfigRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
+    DisassociateIdentityProviderConfigRequest.add_member(:identity_provider_config, Shapes::ShapeRef.new(shape: IdentityProviderConfig, required: true, location_name: "identityProviderConfig"))
+    DisassociateIdentityProviderConfigRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: String, location_name: "clientRequestToken", metadata: {"idempotencyToken"=>true}))
+    DisassociateIdentityProviderConfigRequest.struct_class = Types::DisassociateIdentityProviderConfigRequest
+
+    DisassociateIdentityProviderConfigResponse.add_member(:update, Shapes::ShapeRef.new(shape: Update, location_name: "update"))
+    DisassociateIdentityProviderConfigResponse.struct_class = Types::DisassociateIdentityProviderConfigResponse
+
     EncryptionConfig.add_member(:resources, Shapes::ShapeRef.new(shape: StringList, location_name: "resources"))
     EncryptionConfig.add_member(:provider, Shapes::ShapeRef.new(shape: Provider, location_name: "provider"))
     EncryptionConfig.struct_class = Types::EncryptionConfig
@@ -407,6 +450,15 @@ module Aws::EKS
     Identity.add_member(:oidc, Shapes::ShapeRef.new(shape: OIDC, location_name: "oidc"))
     Identity.struct_class = Types::Identity
 
+    IdentityProviderConfig.add_member(:type, Shapes::ShapeRef.new(shape: String, required: true, location_name: "type"))
+    IdentityProviderConfig.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "name"))
+    IdentityProviderConfig.struct_class = Types::IdentityProviderConfig
+
+    IdentityProviderConfigResponse.add_member(:oidc, Shapes::ShapeRef.new(shape: OidcIdentityProviderConfig, location_name: "oidc"))
+    IdentityProviderConfigResponse.struct_class = Types::IdentityProviderConfigResponse
+
+    IdentityProviderConfigs.member = Shapes::ShapeRef.new(shape: IdentityProviderConfig)
+
     InvalidParameterException.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, location_name: "clusterName"))
     InvalidParameterException.add_member(:nodegroup_name, Shapes::ShapeRef.new(shape: String, location_name: "nodegroupName"))
     InvalidParameterException.add_member(:fargate_profile_name, Shapes::ShapeRef.new(shape: String, location_name: "fargateProfileName"))
@@ -464,6 +516,15 @@ module Aws::EKS
     ListFargateProfilesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
     ListFargateProfilesResponse.struct_class = Types::ListFargateProfilesResponse
 
+    ListIdentityProviderConfigsRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
+    ListIdentityProviderConfigsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: ListIdentityProviderConfigsRequestMaxResults, location: "querystring", location_name: "maxResults"))
+    ListIdentityProviderConfigsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "nextToken"))
+    ListIdentityProviderConfigsRequest.struct_class = Types::ListIdentityProviderConfigsRequest
+
+    ListIdentityProviderConfigsResponse.add_member(:identity_provider_configs, Shapes::ShapeRef.new(shape: IdentityProviderConfigs, location_name: "identityProviderConfigs"))
+    ListIdentityProviderConfigsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
+    ListIdentityProviderConfigsResponse.struct_class = Types::ListIdentityProviderConfigsResponse
+
     ListNodegroupsRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
     ListNodegroupsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: ListNodegroupsRequestMaxResults, location: "querystring", location_name: "maxResults"))
     ListNodegroupsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "nextToken"))
@@ -542,6 +603,30 @@ module Aws::EKS
     OIDC.add_member(:issuer, Shapes::ShapeRef.new(shape: String, location_name: "issuer"))
     OIDC.struct_class = Types::OIDC
 
+    OidcIdentityProviderConfig.add_member(:identity_provider_config_name, Shapes::ShapeRef.new(shape: String, location_name: "identityProviderConfigName"))
+    OidcIdentityProviderConfig.add_member(:identity_provider_config_arn, Shapes::ShapeRef.new(shape: String, location_name: "identityProviderConfigArn"))
+    OidcIdentityProviderConfig.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, location_name: "clusterName"))
+    OidcIdentityProviderConfig.add_member(:issuer_url, Shapes::ShapeRef.new(shape: String, location_name: "issuerUrl"))
+    OidcIdentityProviderConfig.add_member(:client_id, Shapes::ShapeRef.new(shape: String, location_name: "clientId"))
+    OidcIdentityProviderConfig.add_member(:username_claim, Shapes::ShapeRef.new(shape: String, location_name: "usernameClaim"))
+    OidcIdentityProviderConfig.add_member(:username_prefix, Shapes::ShapeRef.new(shape: String, location_name: "usernamePrefix"))
+    OidcIdentityProviderConfig.add_member(:groups_claim, Shapes::ShapeRef.new(shape: String, location_name: "groupsClaim"))
+    OidcIdentityProviderConfig.add_member(:groups_prefix, Shapes::ShapeRef.new(shape: String, location_name: "groupsPrefix"))
+    OidcIdentityProviderConfig.add_member(:required_claims, Shapes::ShapeRef.new(shape: requiredClaimsMap, location_name: "requiredClaims"))
+    OidcIdentityProviderConfig.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
+    OidcIdentityProviderConfig.add_member(:status, Shapes::ShapeRef.new(shape: configStatus, location_name: "status"))
+    OidcIdentityProviderConfig.struct_class = Types::OidcIdentityProviderConfig
+
+    OidcIdentityProviderConfigRequest.add_member(:identity_provider_config_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "identityProviderConfigName"))
+    OidcIdentityProviderConfigRequest.add_member(:issuer_url, Shapes::ShapeRef.new(shape: String, required: true, location_name: "issuerUrl"))
+    OidcIdentityProviderConfigRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "clientId"))
+    OidcIdentityProviderConfigRequest.add_member(:username_claim, Shapes::ShapeRef.new(shape: String, location_name: "usernameClaim"))
+    OidcIdentityProviderConfigRequest.add_member(:username_prefix, Shapes::ShapeRef.new(shape: String, location_name: "usernamePrefix"))
+    OidcIdentityProviderConfigRequest.add_member(:groups_claim, Shapes::ShapeRef.new(shape: String, location_name: "groupsClaim"))
+    OidcIdentityProviderConfigRequest.add_member(:groups_prefix, Shapes::ShapeRef.new(shape: String, location_name: "groupsPrefix"))
+    OidcIdentityProviderConfigRequest.add_member(:required_claims, Shapes::ShapeRef.new(shape: requiredClaimsMap, location_name: "requiredClaims"))
+    OidcIdentityProviderConfigRequest.struct_class = Types::OidcIdentityProviderConfigRequest
+
     Provider.add_member(:key_arn, Shapes::ShapeRef.new(shape: String, location_name: "keyArn"))
     Provider.struct_class = Types::Provider
 
@@ -690,6 +775,9 @@ module Aws::EKS
     labelsMap.key = Shapes::ShapeRef.new(shape: labelKey)
     labelsMap.value = Shapes::ShapeRef.new(shape: labelValue)
 
+    requiredClaimsMap.key = Shapes::ShapeRef.new(shape: requiredClaimsKey)
+    requiredClaimsMap.value = Shapes::ShapeRef.new(shape: requiredClaimsValue)
+
 
     # @api private
     API = Seahorse::Model::Api.new.tap do |api|
@@ -709,6 +797,20 @@ module Aws::EKS
         "uid" => "eks-2017-11-01",
       }
 
+      api.add_operation(:associate_identity_provider_config, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "AssociateIdentityProviderConfig"
+        o.http_method = "POST"
+        o.http_request_uri = "/clusters/{name}/identity-provider-configs/associate"
+        o.input = Shapes::ShapeRef.new(shape: AssociateIdentityProviderConfigRequest)
+        o.output = Shapes::ShapeRef.new(shape: AssociateIdentityProviderConfigResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ClientException)
+        o.errors << Shapes::ShapeRef.new(shape: ServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+      end)
+
       api.add_operation(:create_addon, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateAddon"
         o.http_method = "POST"
@@ -873,6 +975,19 @@ module Aws::EKS
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:describe_identity_provider_config, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeIdentityProviderConfig"
+        o.http_method = "POST"
+        o.http_request_uri = "/clusters/{name}/identity-provider-configs/describe"
+        o.input = Shapes::ShapeRef.new(shape: DescribeIdentityProviderConfigRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeIdentityProviderConfigResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ClientException)
+        o.errors << Shapes::ShapeRef.new(shape: ServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+      end)
+
       api.add_operation(:describe_nodegroup, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DescribeNodegroup"
         o.http_method = "GET"
@@ -898,6 +1013,20 @@ module Aws::EKS
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:disassociate_identity_provider_config, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DisassociateIdentityProviderConfig"
+        o.http_method = "POST"
+        o.http_request_uri = "/clusters/{name}/identity-provider-configs/disassociate"
+        o.input = Shapes::ShapeRef.new(shape: DisassociateIdentityProviderConfigRequest)
+        o.output = Shapes::ShapeRef.new(shape: DisassociateIdentityProviderConfigResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ClientException)
+        o.errors << Shapes::ShapeRef.new(shape: ServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+      end)
+
       api.add_operation(:list_addons, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListAddons"
         o.http_method = "GET"
@@ -953,6 +1082,25 @@ module Aws::EKS
         )
       end)
 
+      api.add_operation(:list_identity_provider_configs, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListIdentityProviderConfigs"
+        o.http_method = "GET"
+        o.http_request_uri = "/clusters/{name}/identity-provider-configs"
+        o.input = Shapes::ShapeRef.new(shape: ListIdentityProviderConfigsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListIdentityProviderConfigsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ClientException)
+        o.errors << Shapes::ShapeRef.new(shape: ServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:list_nodegroups, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListNodegroups"
         o.http_method = "GET"

data/lib/aws-sdk-eks/types.rb

@@ -161,6 +161,80 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass AssociateIdentityProviderConfigRequest
+    #   data as a hash:
+    #
+    #       {
+    #         cluster_name: "String", # required
+    #         oidc: { # required
+    #           identity_provider_config_name: "String", # required
+    #           issuer_url: "String", # required
+    #           client_id: "String", # required
+    #           username_claim: "String",
+    #           username_prefix: "String",
+    #           groups_claim: "String",
+    #           groups_prefix: "String",
+    #           required_claims: {
+    #             "requiredClaimsKey" => "requiredClaimsValue",
+    #           },
+    #         },
+    #         tags: {
+    #           "TagKey" => "TagValue",
+    #         },
+    #         client_request_token: "String",
+    #       }
+    #
+    # @!attribute [rw] cluster_name
+    #   The name of the cluster to associate the configuration to.
+    #   @return [String]
+    #
+    # @!attribute [rw] oidc
+    #   An object that represents an OpenID Connect (OIDC) identity provider
+    #   configuration.
+    #   @return [Types::OidcIdentityProviderConfigRequest]
+    #
+    # @!attribute [rw] tags
+    #   The metadata to apply to the configuration to assist with
+    #   categorization and organization. Each tag consists of a key and an
+    #   optional value, both of which you define.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] client_request_token
+    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   idempotency of the request.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateIdentityProviderConfigRequest AWS API Documentation
+    #
+    class AssociateIdentityProviderConfigRequest < Struct.new(
+      :cluster_name,
+      :oidc,
+      :tags,
+      :client_request_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] update
+    #   An object representing an asynchronous update.
+    #   @return [Types::Update]
+    #
+    # @!attribute [rw] tags
+    #   The tags for the resource.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateIdentityProviderConfigResponse AWS API Documentation
+    #
+    class AssociateIdentityProviderConfigResponse < Struct.new(
+      :update,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An Auto Scaling group that is associated with an Amazon EKS managed
     # node group.
     #
@@ -815,7 +889,7 @@ module Aws::EKS
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/managed-node-groups.html#managed-node-group-capacity-types
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types
     #   [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
     #   @return [Array<String>]
     #
@@ -850,17 +924,16 @@ module Aws::EKS
     # @!attribute [rw] node_role
     #   The Amazon Resource Name (ARN) of the IAM role to associate with
     #   your node group. The Amazon EKS worker node `kubelet` daemon makes
-    #   calls to AWS APIs on your behalf. Worker nodes receive permissions
-    #   for these API calls through an IAM instance profile and associated
-    #   policies. Before you can launch worker nodes and register them into
-    #   a cluster, you must create an IAM role for those worker nodes to use
-    #   when they are launched. For more information, see [Amazon EKS Worker
-    #   Node IAM Role][1] in the <i> <i>Amazon EKS User Guide</i> </i>. If
-    #   you specify `launchTemplate`, then don't specify [
-    #   `IamInstanceProfile` ][2] in your launch template, or the node group
-    #   deployment will fail. For more information about using launch
-    #   templates with Amazon EKS, see [Launch template support][3] in the
-    #   Amazon EKS User Guide.
+    #   calls to AWS APIs on your behalf. Nodes receive permissions for
+    #   these API calls through an IAM instance profile and associated
+    #   policies. Before you can launch nodes and register them into a
+    #   cluster, you must create an IAM role for those nodes to use when
+    #   they are launched. For more information, see [Amazon EKS node IAM
+    #   role][1] in the <i> <i>Amazon EKS User Guide</i> </i>. If you
+    #   specify `launchTemplate`, then don't specify [ `IamInstanceProfile`
+    #   ][2] in your launch template, or the node group deployment will
+    #   fail. For more information about using launch templates with Amazon
+    #   EKS, see [Launch template support][3] in the Amazon EKS User Guide.
     #
     #
     #
@@ -1307,6 +1380,48 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DescribeIdentityProviderConfigRequest
+    #   data as a hash:
+    #
+    #       {
+    #         cluster_name: "String", # required
+    #         identity_provider_config: { # required
+    #           type: "String", # required
+    #           name: "String", # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] cluster_name
+    #   The cluster name that the identity provider configuration is
+    #   associated to.
+    #   @return [String]
+    #
+    # @!attribute [rw] identity_provider_config
+    #   An object that represents an identity provider configuration.
+    #   @return [Types::IdentityProviderConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeIdentityProviderConfigRequest AWS API Documentation
+    #
+    class DescribeIdentityProviderConfigRequest < Struct.new(
+      :cluster_name,
+      :identity_provider_config)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] identity_provider_config
+    #   The object that represents an OpenID Connect (OIDC) identity
+    #   provider configuration.
+    #   @return [Types::IdentityProviderConfigResponse]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeIdentityProviderConfigResponse AWS API Documentation
+    #
+    class DescribeIdentityProviderConfigResponse < Struct.new(
+      :identity_provider_config)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DescribeNodegroupRequest
     #   data as a hash:
     #
@@ -1398,6 +1513,56 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DisassociateIdentityProviderConfigRequest
+    #   data as a hash:
+    #
+    #       {
+    #         cluster_name: "String", # required
+    #         identity_provider_config: { # required
+    #           type: "String", # required
+    #           name: "String", # required
+    #         },
+    #         client_request_token: "String",
+    #       }
+    #
+    # @!attribute [rw] cluster_name
+    #   The name of the cluster to disassociate an identity provider from.
+    #   @return [String]
+    #
+    # @!attribute [rw] identity_provider_config
+    #   An object that represents an identity provider configuration.
+    #   @return [Types::IdentityProviderConfig]
+    #
+    # @!attribute [rw] client_request_token
+    #   A unique, case-sensitive identifier that you provide to ensure the
+    #   idempotency of the request.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateIdentityProviderConfigRequest AWS API Documentation
+    #
+    class DisassociateIdentityProviderConfigRequest < Struct.new(
+      :cluster_name,
+      :identity_provider_config,
+      :client_request_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] update
+    #   An object representing an asynchronous update.
+    #   @return [Types::Update]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateIdentityProviderConfigResponse AWS API Documentation
+    #
+    class DisassociateIdentityProviderConfigResponse < Struct.new(
+      :update)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The encryption configuration for the cluster.
     #
     # @note When making an API call, you may pass EncryptionConfig
@@ -1574,12 +1739,11 @@ module Aws::EKS
       include Aws::Structure
     end
 
-    # An object representing an identity provider for authentication
-    # credentials.
+    # An object representing an identity provider.
     #
     # @!attribute [rw] oidc
-    #   The [OpenID Connect][1] identity provider information for the
-    #   cluster.
+    #   An object representing the [OpenID Connect][1] identity provider
+    #   information.
     #
     #
     #
@@ -1594,6 +1758,48 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # An object representing an identity provider configuration.
+    #
+    # @note When making an API call, you may pass IdentityProviderConfig
+    #   data as a hash:
+    #
+    #       {
+    #         type: "String", # required
+    #         name: "String", # required
+    #       }
+    #
+    # @!attribute [rw] type
+    #   The type of the identity provider configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the identity provider configuration.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/IdentityProviderConfig AWS API Documentation
+    #
+    class IdentityProviderConfig < Struct.new(
+      :type,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An object that represents an identity configuration.
+    #
+    # @!attribute [rw] oidc
+    #   An object that represents an OpenID Connect (OIDC) identity provider
+    #   configuration.
+    #   @return [Types::OidcIdentityProviderConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/IdentityProviderConfigResponse AWS API Documentation
+    #
+    class IdentityProviderConfigResponse < Struct.new(
+      :oidc)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The specified parameter is invalid. Review the available parameters
     # for the API request.
     #
@@ -1721,8 +1927,8 @@ module Aws::EKS
     #
     #   * **NodeCreationFailure**\: Your launched instances are unable to
     #     register with your Amazon EKS cluster. Common causes of this
-    #     failure are insufficient [worker node IAM role][2] permissions or
-    #     lack of outbound internet access for the nodes.
+    #     failure are insufficient [node IAM role][2] permissions or lack of
+    #     outbound internet access for the nodes.
     #
     #
     #
@@ -2060,6 +2266,71 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListIdentityProviderConfigsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         cluster_name: "String", # required
+    #         max_results: 1,
+    #         next_token: "String",
+    #       }
+    #
+    # @!attribute [rw] cluster_name
+    #   The cluster name that you want to list identity provider
+    #   configurations for.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of identity provider configurations returned by
+    #   `ListIdentityProviderConfigs` in paginated output. When you use this
+    #   parameter, `ListIdentityProviderConfigs` returns only `maxResults`
+    #   results in a single page along with a `nextToken` response element.
+    #   You can see the remaining results of the initial request by sending
+    #   another `ListIdentityProviderConfigs` request with the returned
+    #   `nextToken` value. This value can be between 1 and 100. If you
+    #   don't use this parameter, `ListIdentityProviderConfigs` returns up
+    #   to 100 results and a `nextToken` value, if applicable.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The `nextToken` value returned from a previous paginated
+    #   `IdentityProviderConfigsRequest` where `maxResults` was used and the
+    #   results exceeded the value of that parameter. Pagination continues
+    #   from the end of the previous results that returned the `nextToken`
+    #   value.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigsRequest AWS API Documentation
+    #
+    class ListIdentityProviderConfigsRequest < Struct.new(
+      :cluster_name,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] identity_provider_configs
+    #   The identity provider configurations for the cluster.
+    #   @return [Array<Types::IdentityProviderConfig>]
+    #
+    # @!attribute [rw] next_token
+    #   The `nextToken` value returned from a previous paginated
+    #   `ListIdentityProviderConfigsResponse` where `maxResults` was used
+    #   and the results exceeded the value of that parameter. Pagination
+    #   continues from the end of the previous results that returned the
+    #   `nextToken` value.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigsResponse AWS API Documentation
+    #
+    class ListIdentityProviderConfigsResponse < Struct.new(
+      :identity_provider_configs,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListNodegroupsRequest
     #   data as a hash:
     #
@@ -2365,10 +2636,10 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] node_role
-    #   The IAM role associated with your node group. The Amazon EKS worker
-    #   node `kubelet` daemon makes calls to AWS APIs on your behalf. Worker
-    #   nodes receive permissions for these API calls through an IAM
-    #   instance profile and associated policies.
+    #   The IAM role associated with your node group. The Amazon EKS node
+    #   `kubelet` daemon makes calls to AWS APIs on your behalf. Nodes
+    #   receive permissions for these API calls through an IAM instance
+    #   profile and associated policies.
     #   @return [String]
     #
     # @!attribute [rw] labels
@@ -2461,7 +2732,7 @@ module Aws::EKS
     #
     # @!attribute [rw] remote_access_security_group
     #   The remote access security group associated with the node group.
-    #   This security group controls SSH access to the worker nodes.
+    #   This security group controls SSH access to the nodes.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/NodegroupResources AWS API Documentation
@@ -2488,19 +2759,24 @@ module Aws::EKS
     #       }
     #
     # @!attribute [rw] min_size
-    #   The minimum number of worker nodes that the managed node group can
-    #   scale in to. This number must be greater than zero.
+    #   The minimum number of nodes that the managed node group can scale in
+    #   to. This number must be greater than zero.
     #   @return [Integer]
     #
     # @!attribute [rw] max_size
-    #   The maximum number of worker nodes that the managed node group can
-    #   scale out to. Managed node groups can support up to 100 nodes by
-    #   default.
+    #   The maximum number of nodes that the managed node group can scale
+    #   out to. For information about the maximum number that you can
+    #   specify, see [Amazon EKS service quotas][1] in the *Amazon EKS User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html
     #   @return [Integer]
     #
     # @!attribute [rw] desired_size
-    #   The current number of worker nodes that the managed node group
-    #   should maintain.
+    #   The current number of nodes that the managed node group should
+    #   maintain.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/NodegroupScalingConfig AWS API Documentation
@@ -2527,15 +2803,15 @@ module Aws::EKS
       include Aws::Structure
     end
 
-    # An object representing the [OpenID Connect][1] identity provider
-    # information for the cluster.
+    # An object representing the [OpenID Connect][1] (OIDC) identity
+    # provider information for the cluster.
     #
     #
     #
     # [1]: https://openid.net/connect/
     #
     # @!attribute [rw] issuer
-    #   The issuer URL for the OpenID Connect identity provider.
+    #   The issuer URL for the OIDC identity provider.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/OIDC AWS API Documentation
@@ -2546,6 +2822,187 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # An object that represents the configuration for an OpenID Connect
+    # (OIDC) identity provider.
+    #
+    # @!attribute [rw] identity_provider_config_name
+    #   The name of the configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] identity_provider_config_arn
+    #   The ARN of the configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] cluster_name
+    #   The cluster that the configuration is associated to.
+    #   @return [String]
+    #
+    # @!attribute [rw] issuer_url
+    #   The URL of the OIDC identity provider that allows the API server to
+    #   discover public signing keys for verifying tokens.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_id
+    #   This is also known as *audience*. The ID of the client application
+    #   that makes authentication requests to the OIDC identity provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] username_claim
+    #   The JSON Web token (JWT) claim that is used as the username.
+    #   @return [String]
+    #
+    # @!attribute [rw] username_prefix
+    #   The prefix that is prepended to username claims to prevent clashes
+    #   with existing names. The prefix can't contain `system:`
+    #   @return [String]
+    #
+    # @!attribute [rw] groups_claim
+    #   The JSON web token (JWT) claim that the provider uses to return your
+    #   groups.
+    #   @return [String]
+    #
+    # @!attribute [rw] groups_prefix
+    #   The prefix that is prepended to group claims to prevent clashes with
+    #   existing names (such as `system:` groups). For example, the value`
+    #   oidc:` creates group names like `oidc:engineering` and `oidc:infra`.
+    #   The prefix can't contain `system:`
+    #   @return [String]
+    #
+    # @!attribute [rw] required_claims
+    #   The key-value pairs that describe required claims in the identity
+    #   token. If set, each claim is verified to be present in the token
+    #   with a matching value.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] tags
+    #   The metadata to apply to the provider configuration to assist with
+    #   categorization and organization. Each tag consists of a key and an
+    #   optional value, both of which you defined.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] status
+    #   The status of the OIDC identity provider.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/OidcIdentityProviderConfig AWS API Documentation
+    #
+    class OidcIdentityProviderConfig < Struct.new(
+      :identity_provider_config_name,
+      :identity_provider_config_arn,
+      :cluster_name,
+      :issuer_url,
+      :client_id,
+      :username_claim,
+      :username_prefix,
+      :groups_claim,
+      :groups_prefix,
+      :required_claims,
+      :tags,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An object representing an OpenID Connect (OIDC) configuration. Before
+    # associating an OIDC identity provider to your cluster, review the
+    # considerations in [Authenticating users for your cluster from an
+    # OpenID Connect identity provider][1] in the *Amazon EKS User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html
+    #
+    # @note When making an API call, you may pass OidcIdentityProviderConfigRequest
+    #   data as a hash:
+    #
+    #       {
+    #         identity_provider_config_name: "String", # required
+    #         issuer_url: "String", # required
+    #         client_id: "String", # required
+    #         username_claim: "String",
+    #         username_prefix: "String",
+    #         groups_claim: "String",
+    #         groups_prefix: "String",
+    #         required_claims: {
+    #           "requiredClaimsKey" => "requiredClaimsValue",
+    #         },
+    #       }
+    #
+    # @!attribute [rw] identity_provider_config_name
+    #   The name of the OIDC provider configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] issuer_url
+    #   The URL of the OpenID identity provider that allows the API server
+    #   to discover public signing keys for verifying tokens. The URL must
+    #   begin with `https://` and should correspond to the `iss` claim in
+    #   the provider's OIDC ID tokens. Per the OIDC standard, path
+    #   components are allowed but query parameters are not. Typically the
+    #   URL consists of only a hostname, like `https://server.example.org`
+    #   or `https://example.com`. This URL should point to the level below
+    #   `.well-known/openid-configuration` and must be publicly accessible
+    #   over the internet.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_id
+    #   This is also known as *audience*. The ID for the client application
+    #   that makes authentication requests to the OpenID identity provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] username_claim
+    #   The JSON Web Token (JWT) claim to use as the username. The default
+    #   is `sub`, which is expected to be a unique identifier of the end
+    #   user. You can choose other claims, such as `email` or `name`,
+    #   depending on the OpenID identity provider. Claims other than `email`
+    #   are prefixed with the issuer URL to prevent naming clashes with
+    #   other plug-ins.
+    #   @return [String]
+    #
+    # @!attribute [rw] username_prefix
+    #   The prefix that is prepended to username claims to prevent clashes
+    #   with existing names. If you do not provide this field, and
+    #   `username` is a value other than `email`, the prefix defaults to
+    #   `issuerurl#`. You can use the value `-` to disable all prefixing.
+    #   @return [String]
+    #
+    # @!attribute [rw] groups_claim
+    #   The JWT claim that the provider uses to return your groups.
+    #   @return [String]
+    #
+    # @!attribute [rw] groups_prefix
+    #   The prefix that is prepended to group claims to prevent clashes with
+    #   existing names (such as `system:` groups). For example, the value`
+    #   oidc:` will create group names like `oidc:engineering` and
+    #   `oidc:infra`.
+    #   @return [String]
+    #
+    # @!attribute [rw] required_claims
+    #   The key value pairs that describe required claims in the identity
+    #   token. If set, each claim is verified to be present in the token
+    #   with a matching value. For the maximum number of claims that you can
+    #   require, see [Amazon EKS service quotas][1] in the *Amazon EKS User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/OidcIdentityProviderConfigRequest AWS API Documentation
+    #
+    class OidcIdentityProviderConfigRequest < Struct.new(
+      :identity_provider_config_name,
+      :issuer_url,
+      :client_id,
+      :username_claim,
+      :username_prefix,
+      :groups_claim,
+      :groups_prefix,
+      :required_claims)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Identifies the AWS Key Management Service (AWS KMS) customer master
     # key (CMK) used to encrypt the secrets.
     #
@@ -2590,9 +3047,9 @@ module Aws::EKS
     #
     # @!attribute [rw] ec2_ssh_key
     #   The Amazon EC2 SSH key that provides access for SSH communication
-    #   with the worker nodes in the managed node group. For more
-    #   information, see [Amazon EC2 Key Pairs][1] in the *Amazon Elastic
-    #   Compute Cloud User Guide for Linux Instances*.
+    #   with the nodes in the managed node group. For more information, see
+    #   [Amazon EC2 Key Pairs][1] in the *Amazon Elastic Compute Cloud User
+    #   Guide for Linux Instances*.
     #
     #
     #
@@ -2601,11 +3058,11 @@ module Aws::EKS
     #
     # @!attribute [rw] source_security_groups
     #   The security groups that are allowed SSH access (port 22) to the
-    #   worker nodes. If you specify an Amazon EC2 SSH key but do not
-    #   specify a source security group when you create a managed node
-    #   group, then port 22 on the worker nodes is opened to the internet
-    #   (0.0.0.0/0). For more information, see [Security Groups for Your
-    #   VPC][1] in the *Amazon Virtual Private Cloud User Guide*.
+    #   nodes. If you specify an Amazon EC2 SSH key but do not specify a
+    #   source security group when you create a managed node group, then
+    #   port 22 on the nodes is opened to the internet (0.0.0.0/0). For more
+    #   information, see [Security Groups for Your VPC][1] in the *Amazon
+    #   Virtual Private Cloud User Guide*.
     #
     #
     #
@@ -3348,19 +3805,18 @@ module Aws::EKS
     #       }
     #
     # @!attribute [rw] subnet_ids
-    #   Specify subnets for your Amazon EKS worker nodes. Amazon EKS creates
+    #   Specify subnets for your Amazon EKS nodes. Amazon EKS creates
     #   cross-account elastic network interfaces in these subnets to allow
-    #   communication between your worker nodes and the Kubernetes control
-    #   plane.
+    #   communication between your nodes and the Kubernetes control plane.
     #   @return [Array<String>]
     #
     # @!attribute [rw] security_group_ids
     #   Specify one or more security groups for the cross-account elastic
     #   network interfaces that Amazon EKS creates to use to allow
-    #   communication between your worker nodes and the Kubernetes control
-    #   plane. If you don't specify any security groups, then familiarize
-    #   yourself with the difference between Amazon EKS defaults for
-    #   clusters deployed with Kubernetes:
+    #   communication between your nodes and the Kubernetes control plane.
+    #   If you don't specify any security groups, then familiarize yourself
+    #   with the difference between Amazon EKS defaults for clusters
+    #   deployed with Kubernetes:
     #
     #   * 1\.14 Amazon EKS platform version `eks.2` and earlier
     #
@@ -3394,12 +3850,12 @@ module Aws::EKS
     #   access, Kubernetes API requests from within your cluster's VPC use
     #   the private VPC endpoint. The default value for this parameter is
     #   `false`, which disables private access for your Kubernetes API
-    #   server. If you disable private access and you have worker nodes or
-    #   AWS Fargate pods in the cluster, then ensure that
-    #   `publicAccessCidrs` includes the necessary CIDR blocks for
-    #   communication with the worker nodes or Fargate pods. For more
-    #   information, see [Amazon EKS Cluster Endpoint Access Control][1] in
-    #   the <i> <i>Amazon EKS User Guide</i> </i>.
+    #   server. If you disable private access and you have nodes or AWS
+    #   Fargate pods in the cluster, then ensure that `publicAccessCidrs`
+    #   includes the necessary CIDR blocks for communication with the nodes
+    #   or Fargate pods. For more information, see [Amazon EKS Cluster
+    #   Endpoint Access Control][1] in the <i> <i>Amazon EKS User Guide</i>
+    #   </i>.
     #
     #
     #
@@ -3411,8 +3867,8 @@ module Aws::EKS
     #   Kubernetes API server endpoint. Communication to the endpoint from
     #   addresses outside of the CIDR blocks that you specify is denied. The
     #   default value is `0.0.0.0/0`. If you've disabled private endpoint
-    #   access and you have worker nodes or AWS Fargate pods in the cluster,
-    #   then ensure that you specify the necessary CIDR blocks. For more
+    #   access and you have nodes or AWS Fargate pods in the cluster, then
+    #   ensure that you specify the necessary CIDR blocks. For more
     #   information, see [Amazon EKS Cluster Endpoint Access Control][1] in
     #   the <i> <i>Amazon EKS User Guide</i> </i>.
     #
@@ -3443,7 +3899,7 @@ module Aws::EKS
     # @!attribute [rw] security_group_ids
     #   The security groups associated with the cross-account elastic
     #   network interfaces that are used to allow communication between your
-    #   worker nodes and the Kubernetes control plane.
+    #   nodes and the Kubernetes control plane.
     #   @return [Array<String>]
     #
     # @!attribute [rw] cluster_security_group_id
@@ -3468,12 +3924,12 @@ module Aws::EKS
     #   endpoint is enabled. If the Amazon EKS private API server endpoint
     #   is enabled, Kubernetes API requests that originate from within your
     #   cluster's VPC use the private VPC endpoint instead of traversing
-    #   the internet. If this value is disabled and you have worker nodes or
-    #   AWS Fargate pods in the cluster, then ensure that
-    #   `publicAccessCidrs` includes the necessary CIDR blocks for
-    #   communication with the worker nodes or Fargate pods. For more
-    #   information, see [Amazon EKS Cluster Endpoint Access Control][1] in
-    #   the <i> <i>Amazon EKS User Guide</i> </i>.
+    #   the internet. If this value is disabled and you have nodes or AWS
+    #   Fargate pods in the cluster, then ensure that `publicAccessCidrs`
+    #   includes the necessary CIDR blocks for communication with the nodes
+    #   or Fargate pods. For more information, see [Amazon EKS Cluster
+    #   Endpoint Access Control][1] in the <i> <i>Amazon EKS User Guide</i>
+    #   </i>.
     #
     #
     #
@@ -3485,10 +3941,10 @@ module Aws::EKS
     #   Kubernetes API server endpoint. Communication to the endpoint from
     #   addresses outside of the listed CIDR blocks is denied. The default
     #   value is `0.0.0.0/0`. If you've disabled private endpoint access
-    #   and you have worker nodes or AWS Fargate pods in the cluster, then
-    #   ensure that the necessary CIDR blocks are listed. For more
-    #   information, see [Amazon EKS Cluster Endpoint Access Control][1] in
-    #   the <i> <i>Amazon EKS User Guide</i> </i>.
+    #   and you have nodes or AWS Fargate pods in the cluster, then ensure
+    #   that the necessary CIDR blocks are listed. For more information, see
+    #   [Amazon EKS Cluster Endpoint Access Control][1] in the <i> <i>Amazon
+    #   EKS User Guide</i> </i>.
     #
     #
     #