aws-sdk-eks 1.94.0 → 1.96.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -10,6 +10,26 @@
10
10
  module Aws::EKS
11
11
  module Types
12
12
 
13
+ # The access configuration for the cluster.
14
+ #
15
+ # @!attribute [rw] bootstrap_cluster_creator_admin_permissions
16
+ # Specifies whether or not the cluster creator IAM principal was set
17
+ # as a cluster admin access entry during cluster creation time.
18
+ # @return [Boolean]
19
+ #
20
+ # @!attribute [rw] authentication_mode
21
+ # The current authentication mode of the cluster.
22
+ # @return [String]
23
+ #
24
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AccessConfigResponse AWS API Documentation
25
+ #
26
+ class AccessConfigResponse < Struct.new(
27
+ :bootstrap_cluster_creator_admin_permissions,
28
+ :authentication_mode)
29
+ SENSITIVE = []
30
+ include Aws::Structure
31
+ end
32
+
13
33
  # You don't have permissions to perform the requested operation. The
14
34
  # [IAM principal][1] making the request must have at least one IAM
15
35
  # permissions policy attached that grants the required permissions. For
@@ -32,6 +52,137 @@ module Aws::EKS
32
52
  include Aws::Structure
33
53
  end
34
54
 
55
+ # An access entry allows an IAM principal (user or role) to access your
56
+ # cluster. Access entries can replace the need to maintain the
57
+ # `aws-auth` `ConfigMap` for authentication. For more information about
58
+ # access entries, see [Access entries][1] in the *Amazon EKS User
59
+ # Guide*.
60
+ #
61
+ #
62
+ #
63
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
64
+ #
65
+ # @!attribute [rw] cluster_name
66
+ # The name of your cluster.
67
+ # @return [String]
68
+ #
69
+ # @!attribute [rw] principal_arn
70
+ # The ARN of the IAM principal for the access entry. If you ever
71
+ # delete the IAM principal with this ARN, the access entry isn't
72
+ # automatically deleted. We recommend that you delete the access entry
73
+ # with an ARN for an IAM principal that you delete. If you don't
74
+ # delete the access entry and ever recreate the IAM principal, even if
75
+ # it has the same ARN, the access entry won't work. This is because
76
+ # even though the ARN is the same for the recreated IAM principal, the
77
+ # `roleID` or `userID` (you can see this with the Security Token
78
+ # Service `GetCallerIdentity` API) is different for the recreated IAM
79
+ # principal than it was for the original IAM principal. Even though
80
+ # you don't see the IAM principal's `roleID` or `userID` for an
81
+ # access entry, Amazon EKS stores it with the access entry.
82
+ # @return [String]
83
+ #
84
+ # @!attribute [rw] kubernetes_groups
85
+ # A `name` that you've specified in a Kubernetes `RoleBinding` or
86
+ # `ClusterRoleBinding` object so that Kubernetes authorizes the
87
+ # `principalARN` access to cluster objects.
88
+ # @return [Array<String>]
89
+ #
90
+ # @!attribute [rw] access_entry_arn
91
+ # The ARN of the access entry.
92
+ # @return [String]
93
+ #
94
+ # @!attribute [rw] created_at
95
+ # The Unix epoch timestamp at object creation.
96
+ # @return [Time]
97
+ #
98
+ # @!attribute [rw] modified_at
99
+ # The Unix epoch timestamp for the last modification to the object.
100
+ # @return [Time]
101
+ #
102
+ # @!attribute [rw] tags
103
+ # Metadata that assists with categorization and organization. Each tag
104
+ # consists of a key and an optional value. You define both. Tags
105
+ # don't propagate to any other cluster or Amazon Web Services
106
+ # resources.
107
+ # @return [Hash<String,String>]
108
+ #
109
+ # @!attribute [rw] username
110
+ # The `name` of a user that can authenticate to your cluster.
111
+ # @return [String]
112
+ #
113
+ # @!attribute [rw] type
114
+ # The type of the access entry.
115
+ # @return [String]
116
+ #
117
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AccessEntry AWS API Documentation
118
+ #
119
+ class AccessEntry < Struct.new(
120
+ :cluster_name,
121
+ :principal_arn,
122
+ :kubernetes_groups,
123
+ :access_entry_arn,
124
+ :created_at,
125
+ :modified_at,
126
+ :tags,
127
+ :username,
128
+ :type)
129
+ SENSITIVE = []
130
+ include Aws::Structure
131
+ end
132
+
133
+ # An access policy includes permissions that allow Amazon EKS to
134
+ # authorize an IAM principal to work with Kubernetes objects on your
135
+ # cluster. The policies are managed by Amazon EKS, but they're not IAM
136
+ # policies. You can't view the permissions in the policies using the
137
+ # API. The permissions for many of the policies are similar to the
138
+ # Kubernetes `cluster-admin`, `admin`, `edit`, and `view` cluster roles.
139
+ # For more information about these cluster roles, see [User-facing
140
+ # roles][1] in the Kubernetes documentation. To view the contents of the
141
+ # policies, see [Access policy permissions][2] in the *Amazon EKS User
142
+ # Guide*.
143
+ #
144
+ #
145
+ #
146
+ # [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
147
+ # [2]: https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions
148
+ #
149
+ # @!attribute [rw] name
150
+ # The name of the access policy.
151
+ # @return [String]
152
+ #
153
+ # @!attribute [rw] arn
154
+ # The ARN of the access policy.
155
+ # @return [String]
156
+ #
157
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AccessPolicy AWS API Documentation
158
+ #
159
+ class AccessPolicy < Struct.new(
160
+ :name,
161
+ :arn)
162
+ SENSITIVE = []
163
+ include Aws::Structure
164
+ end
165
+
166
+ # The scope of an `AccessPolicy` that's associated to an `AccessEntry`.
167
+ #
168
+ # @!attribute [rw] type
169
+ # The scope type of an access policy.
170
+ # @return [String]
171
+ #
172
+ # @!attribute [rw] namespaces
173
+ # A Kubernetes `namespace` that an access policy is scoped to. A value
174
+ # is required if you specified `namespace` for `Type`.
175
+ # @return [Array<String>]
176
+ #
177
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AccessScope AWS API Documentation
178
+ #
179
+ class AccessScope < Struct.new(
180
+ :type,
181
+ :namespaces)
182
+ SENSITIVE = []
183
+ include Aws::Structure
184
+ end
185
+
35
186
  # An Amazon EKS add-on. For more information, see [Amazon EKS
36
187
  # add-ons][1] in the *Amazon EKS User Guide*.
37
188
  #
@@ -44,7 +195,7 @@ module Aws::EKS
44
195
  # @return [String]
45
196
  #
46
197
  # @!attribute [rw] cluster_name
47
- # The name of the cluster.
198
+ # The name of your cluster.
48
199
  # @return [String]
49
200
  #
50
201
  # @!attribute [rw] status
@@ -64,23 +215,23 @@ module Aws::EKS
64
215
  # @return [String]
65
216
  #
66
217
  # @!attribute [rw] created_at
67
- # The date and time that the add-on was created.
218
+ # The Unix epoch timestamp at object creation.
68
219
  # @return [Time]
69
220
  #
70
221
  # @!attribute [rw] modified_at
71
- # The date and time that the add-on was last modified.
222
+ # The Unix epoch timestamp for the last modification to the object.
72
223
  # @return [Time]
73
224
  #
74
225
  # @!attribute [rw] service_account_role_arn
75
226
  # The Amazon Resource Name (ARN) of the IAM role that's bound to the
76
- # Kubernetes service account that the add-on uses.
227
+ # Kubernetes `ServiceAccount` object that the add-on uses.
77
228
  # @return [String]
78
229
  #
79
230
  # @!attribute [rw] tags
80
- # The metadata that you apply to the add-on to assist with
81
- # categorization and organization. Each tag consists of a key and an
82
- # optional value. You define both. Add-on tags do not propagate to any
83
- # other resources associated with the cluster.
231
+ # Metadata that assists with categorization and organization. Each tag
232
+ # consists of a key and an optional value. You define both. Tags
233
+ # don't propagate to any other cluster or Amazon Web Services
234
+ # resources.
84
235
  # @return [Hash<String,String>]
85
236
  #
86
237
  # @!attribute [rw] publisher
@@ -231,8 +382,59 @@ module Aws::EKS
231
382
  end
232
383
 
233
384
  # @!attribute [rw] cluster_name
234
- # The name of the cluster that you are associating with encryption
235
- # configuration.
385
+ # The name of your cluster.
386
+ # @return [String]
387
+ #
388
+ # @!attribute [rw] principal_arn
389
+ # The Amazon Resource Name (ARN) of the IAM user or role for the
390
+ # `AccessEntry` that you're associating the access policy to.
391
+ # @return [String]
392
+ #
393
+ # @!attribute [rw] policy_arn
394
+ # The ARN of the `AccessPolicy` that you're associating. For a list
395
+ # of ARNs, use `ListAccessPolicies`.
396
+ # @return [String]
397
+ #
398
+ # @!attribute [rw] access_scope
399
+ # The scope for the `AccessPolicy`. You can scope access policies to
400
+ # an entire cluster or to specific Kubernetes namespaces.
401
+ # @return [Types::AccessScope]
402
+ #
403
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateAccessPolicyRequest AWS API Documentation
404
+ #
405
+ class AssociateAccessPolicyRequest < Struct.new(
406
+ :cluster_name,
407
+ :principal_arn,
408
+ :policy_arn,
409
+ :access_scope)
410
+ SENSITIVE = []
411
+ include Aws::Structure
412
+ end
413
+
414
+ # @!attribute [rw] cluster_name
415
+ # The name of your cluster.
416
+ # @return [String]
417
+ #
418
+ # @!attribute [rw] principal_arn
419
+ # The ARN of the IAM principal for the `AccessEntry`.
420
+ # @return [String]
421
+ #
422
+ # @!attribute [rw] associated_access_policy
423
+ # The `AccessPolicy` and scope associated to the `AccessEntry`.
424
+ # @return [Types::AssociatedAccessPolicy]
425
+ #
426
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateAccessPolicyResponse AWS API Documentation
427
+ #
428
+ class AssociateAccessPolicyResponse < Struct.new(
429
+ :cluster_name,
430
+ :principal_arn,
431
+ :associated_access_policy)
432
+ SENSITIVE = []
433
+ include Aws::Structure
434
+ end
435
+
436
+ # @!attribute [rw] cluster_name
437
+ # The name of your cluster.
236
438
  # @return [String]
237
439
  #
238
440
  # @!attribute [rw] encryption_config
@@ -240,8 +442,8 @@ module Aws::EKS
240
442
  # @return [Array<Types::EncryptionConfig>]
241
443
  #
242
444
  # @!attribute [rw] client_request_token
243
- # The client request token you are using with the encryption
244
- # configuration.
445
+ # A unique, case-sensitive identifier that you provide to ensure the
446
+ # idempotency of the request.
245
447
  #
246
448
  # **A suitable default value is auto-generated.** You should normally
247
449
  # not need to pass this option.
@@ -270,7 +472,7 @@ module Aws::EKS
270
472
  end
271
473
 
272
474
  # @!attribute [rw] cluster_name
273
- # The name of the cluster to associate the configuration to.
475
+ # The name of your cluster.
274
476
  # @return [String]
275
477
  #
276
478
  # @!attribute [rw] oidc
@@ -279,13 +481,14 @@ module Aws::EKS
279
481
  # @return [Types::OidcIdentityProviderConfigRequest]
280
482
  #
281
483
  # @!attribute [rw] tags
282
- # The metadata to apply to the configuration to assist with
283
- # categorization and organization. Each tag consists of a key and an
284
- # optional value. You define both.
484
+ # Metadata that assists with categorization and organization. Each tag
485
+ # consists of a key and an optional value. You define both. Tags
486
+ # don't propagate to any other cluster or Amazon Web Services
487
+ # resources.
285
488
  # @return [Hash<String,String>]
286
489
  #
287
490
  # @!attribute [rw] client_request_token
288
- # Unique, case-sensitive identifier that you provide to ensure the
491
+ # A unique, case-sensitive identifier that you provide to ensure the
289
492
  # idempotency of the request.
290
493
  #
291
494
  # **A suitable default value is auto-generated.** You should normally
@@ -320,6 +523,36 @@ module Aws::EKS
320
523
  include Aws::Structure
321
524
  end
322
525
 
526
+ # An access policy association.
527
+ #
528
+ # @!attribute [rw] policy_arn
529
+ # The ARN of the `AccessPolicy`.
530
+ # @return [String]
531
+ #
532
+ # @!attribute [rw] access_scope
533
+ # The scope of the access policy.
534
+ # @return [Types::AccessScope]
535
+ #
536
+ # @!attribute [rw] associated_at
537
+ # The date and time the `AccessPolicy` was associated with an
538
+ # `AccessEntry`.
539
+ # @return [Time]
540
+ #
541
+ # @!attribute [rw] modified_at
542
+ # The Unix epoch timestamp for the last modification to the object.
543
+ # @return [Time]
544
+ #
545
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociatedAccessPolicy AWS API Documentation
546
+ #
547
+ class AssociatedAccessPolicy < Struct.new(
548
+ :policy_arn,
549
+ :access_scope,
550
+ :associated_at,
551
+ :modified_at)
552
+ SENSITIVE = []
553
+ include Aws::Structure
554
+ end
555
+
323
556
  # An Auto Scaling group that is associated with an Amazon EKS managed
324
557
  # node group.
325
558
  #
@@ -422,7 +655,7 @@ module Aws::EKS
422
655
  # An object representing an Amazon EKS cluster.
423
656
  #
424
657
  # @!attribute [rw] name
425
- # The name of the cluster.
658
+ # The name of your cluster.
426
659
  # @return [String]
427
660
  #
428
661
  # @!attribute [rw] arn
@@ -430,8 +663,7 @@ module Aws::EKS
430
663
  # @return [String]
431
664
  #
432
665
  # @!attribute [rw] created_at
433
- # The Unix epoch timestamp in seconds for when the cluster was
434
- # created.
666
+ # The Unix epoch timestamp at object creation.
435
667
  # @return [Time]
436
668
  #
437
669
  # @!attribute [rw] version
@@ -452,7 +684,7 @@ module Aws::EKS
452
684
  # The VPC configuration used by the cluster control plane. Amazon EKS
453
685
  # VPC resources have specific requirements to work properly with
454
686
  # Kubernetes. For more information, see [Cluster VPC
455
- # Considerations][1] and [Cluster Security Group Considerations][2] in
687
+ # considerations][1] and [Cluster security group considerations][2] in
456
688
  # the *Amazon EKS User Guide*.
457
689
  #
458
690
  #
@@ -482,25 +714,29 @@ module Aws::EKS
482
714
  # @return [Types::Certificate]
483
715
  #
484
716
  # @!attribute [rw] client_request_token
485
- # Unique, case-sensitive identifier that you provide to ensure the
717
+ # A unique, case-sensitive identifier that you provide to ensure the
486
718
  # idempotency of the request.
487
719
  # @return [String]
488
720
  #
489
721
  # @!attribute [rw] platform_version
490
722
  # The platform version of your Amazon EKS cluster. For more
491
- # information, see [Platform Versions][1] in the <i> <i>Amazon EKS
492
- # User Guide</i> </i>.
723
+ # information about clusters deployed on the Amazon Web Services
724
+ # Cloud, see [Platform versions][1] in the <i> <i>Amazon EKS User
725
+ # Guide</i> </i>. For more information about local clusters deployed
726
+ # on an Outpost, see [Amazon EKS local cluster platform versions][2]
727
+ # in the <i> <i>Amazon EKS User Guide</i> </i>.
493
728
  #
494
729
  #
495
730
  #
496
731
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html
732
+ # [2]: https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-platform-versions.html
497
733
  # @return [String]
498
734
  #
499
735
  # @!attribute [rw] tags
500
- # The metadata that you apply to the cluster to assist with
501
- # categorization and organization. Each tag consists of a key and an
502
- # optional value. You define both. Cluster tags do not propagate to
503
- # any other resources associated with the cluster.
736
+ # Metadata that assists with categorization and organization. Each tag
737
+ # consists of a key and an optional value. You define both. Tags
738
+ # don't propagate to any other cluster or Amazon Web Services
739
+ # resources.
504
740
  # @return [Hash<String,String>]
505
741
  #
506
742
  # @!attribute [rw] encryption_config
@@ -529,6 +765,10 @@ module Aws::EKS
529
765
  # available for clusters on the Amazon Web Services cloud.
530
766
  # @return [Types::OutpostConfigResponse]
531
767
  #
768
+ # @!attribute [rw] access_config
769
+ # The access configuration for the cluster.
770
+ # @return [Types::AccessConfigResponse]
771
+ #
532
772
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/Cluster AWS API Documentation
533
773
  #
534
774
  class Cluster < Struct.new(
@@ -551,7 +791,8 @@ module Aws::EKS
551
791
  :connector_config,
552
792
  :id,
553
793
  :health,
554
- :outpost_config)
794
+ :outpost_config,
795
+ :access_config)
555
796
  SENSITIVE = []
556
797
  include Aws::Structure
557
798
  end
@@ -723,17 +964,160 @@ module Aws::EKS
723
964
  include Aws::Structure
724
965
  end
725
966
 
967
+ # The access configuration information for the cluster.
968
+ #
969
+ # @!attribute [rw] bootstrap_cluster_creator_admin_permissions
970
+ # Specifies whether or not the cluster creator IAM principal was set
971
+ # as a cluster admin access entry during cluster creation time. The
972
+ # default value is `true`.
973
+ # @return [Boolean]
974
+ #
975
+ # @!attribute [rw] authentication_mode
976
+ # The desired authentication mode for the cluster. If you create a
977
+ # cluster by using the EKS API, Amazon Web Services SDKs, or
978
+ # CloudFormation, the default is `CONFIG_MAP`. If you create the
979
+ # cluster by using the Amazon Web Services Management Console, the
980
+ # default value is `API_AND_CONFIG_MAP`.
981
+ # @return [String]
982
+ #
983
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAccessConfigRequest AWS API Documentation
984
+ #
985
+ class CreateAccessConfigRequest < Struct.new(
986
+ :bootstrap_cluster_creator_admin_permissions,
987
+ :authentication_mode)
988
+ SENSITIVE = []
989
+ include Aws::Structure
990
+ end
991
+
726
992
  # @!attribute [rw] cluster_name
727
- # The name of the cluster to create the add-on for.
993
+ # The name of your cluster.
728
994
  # @return [String]
729
995
  #
730
- # @!attribute [rw] addon_name
731
- # The name of the add-on. The name must match one of the names that [
732
- # `DescribeAddonVersions` ][1] returns.
996
+ # @!attribute [rw] principal_arn
997
+ # The ARN of the IAM principal for the `AccessEntry`. You can specify
998
+ # one ARN for each access entry. You can't specify the same ARN in
999
+ # more than one access entry. This value can't be changed after
1000
+ # access entry creation.
733
1001
  #
1002
+ # [IAM best practices][1] recommend using IAM roles with temporary
1003
+ # credentials, rather than IAM users with long-term credentials.
734
1004
  #
735
1005
  #
736
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html
1006
+ #
1007
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp
1008
+ # @return [String]
1009
+ #
1010
+ # @!attribute [rw] kubernetes_groups
1011
+ # The value for `name` that you've specified for `kind: Group` as a
1012
+ # `subject` in a Kubernetes `RoleBinding` or `ClusterRoleBinding`
1013
+ # object. Amazon EKS doesn't confirm that the value for `name` exists
1014
+ # in any bindings on your cluster. You can specify one or more names.
1015
+ #
1016
+ # Kubernetes authorizes the `principalArn` of the access entry to
1017
+ # access any cluster objects that you've specified in a Kubernetes
1018
+ # `Role` or `ClusterRole` object that is also specified in a
1019
+ # binding's `roleRef`. For more information about creating Kubernetes
1020
+ # `RoleBinding`, `ClusterRoleBinding`, `Role`, or `ClusterRole`
1021
+ # objects, see [Using RBAC Authorization in the Kubernetes
1022
+ # documentation][1].
1023
+ #
1024
+ # If you want Amazon EKS to authorize the `principalArn` (instead of,
1025
+ # or in addition to Kubernetes authorizing the `principalArn`), you
1026
+ # can associate one or more access policies to the access entry using
1027
+ # `AssociateAccessPolicy`. If you associate any access policies, the
1028
+ # `principalARN` has all permissions assigned in the associated access
1029
+ # policies and all permissions in any Kubernetes `Role` or
1030
+ # `ClusterRole` objects that the group names are bound to.
1031
+ #
1032
+ #
1033
+ #
1034
+ # [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
1035
+ # @return [Array<String>]
1036
+ #
1037
+ # @!attribute [rw] tags
1038
+ # Metadata that assists with categorization and organization. Each tag
1039
+ # consists of a key and an optional value. You define both. Tags
1040
+ # don't propagate to any other cluster or Amazon Web Services
1041
+ # resources.
1042
+ # @return [Hash<String,String>]
1043
+ #
1044
+ # @!attribute [rw] client_request_token
1045
+ # A unique, case-sensitive identifier that you provide to ensure the
1046
+ # idempotency of the request.
1047
+ #
1048
+ # **A suitable default value is auto-generated.** You should normally
1049
+ # not need to pass this option.
1050
+ # @return [String]
1051
+ #
1052
+ # @!attribute [rw] username
1053
+ # The username to authenticate to Kubernetes with. We recommend not
1054
+ # specifying a username and letting Amazon EKS specify it for you. For
1055
+ # more information about the value Amazon EKS specifies for you, or
1056
+ # constraints before specifying your own username, see [Creating
1057
+ # access entries][1] in the *Amazon EKS User Guide*.
1058
+ #
1059
+ #
1060
+ #
1061
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries
1062
+ # @return [String]
1063
+ #
1064
+ # @!attribute [rw] type
1065
+ # If the `principalArn` is for an IAM role that's used for
1066
+ # self-managed Amazon EC2 nodes, specify `EC2_LINUX` or `EC2_WINDOWS`.
1067
+ # Amazon EKS grants the necessary permissions to the node for you. If
1068
+ # the `principalArn` is for any other purpose, specify `STANDARD`. If
1069
+ # you don't specify a value, Amazon EKS sets the value to `STANDARD`.
1070
+ # It's unnecessary to create access entries for IAM roles used with
1071
+ # Fargate profiles or managed Amazon EC2 nodes, because Amazon EKS
1072
+ # creates entries in the `aws-auth` `ConfigMap` for the roles. You
1073
+ # can't change this value once you've created the access entry.
1074
+ #
1075
+ # If you set the value to `EC2_LINUX` or `EC2_WINDOWS`, you can't
1076
+ # specify values for `kubernetesGroups`, or associate an
1077
+ # `AccessPolicy` to the access entry.
1078
+ # @return [String]
1079
+ #
1080
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAccessEntryRequest AWS API Documentation
1081
+ #
1082
+ class CreateAccessEntryRequest < Struct.new(
1083
+ :cluster_name,
1084
+ :principal_arn,
1085
+ :kubernetes_groups,
1086
+ :tags,
1087
+ :client_request_token,
1088
+ :username,
1089
+ :type)
1090
+ SENSITIVE = []
1091
+ include Aws::Structure
1092
+ end
1093
+
1094
+ # @!attribute [rw] access_entry
1095
+ # An access entry allows an IAM principal (user or role) to access
1096
+ # your cluster. Access entries can replace the need to maintain the
1097
+ # `aws-auth` `ConfigMap` for authentication. For more information
1098
+ # about access entries, see [Access entries][1] in the *Amazon EKS
1099
+ # User Guide*.
1100
+ #
1101
+ #
1102
+ #
1103
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
1104
+ # @return [Types::AccessEntry]
1105
+ #
1106
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAccessEntryResponse AWS API Documentation
1107
+ #
1108
+ class CreateAccessEntryResponse < Struct.new(
1109
+ :access_entry)
1110
+ SENSITIVE = []
1111
+ include Aws::Structure
1112
+ end
1113
+
1114
+ # @!attribute [rw] cluster_name
1115
+ # The name of your cluster.
1116
+ # @return [String]
1117
+ #
1118
+ # @!attribute [rw] addon_name
1119
+ # The name of the add-on. The name must match one of the names
1120
+ # returned by `DescribeAddonVersions`.
737
1121
  # @return [String]
738
1122
  #
739
1123
  # @!attribute [rw] addon_version
@@ -805,19 +1189,16 @@ module Aws::EKS
805
1189
  # @return [String]
806
1190
  #
807
1191
  # @!attribute [rw] tags
808
- # The metadata to apply to the cluster to assist with categorization
809
- # and organization. Each tag consists of a key and an optional value.
810
- # You define both.
1192
+ # Metadata that assists with categorization and organization. Each tag
1193
+ # consists of a key and an optional value. You define both. Tags
1194
+ # don't propagate to any other cluster or Amazon Web Services
1195
+ # resources.
811
1196
  # @return [Hash<String,String>]
812
1197
  #
813
1198
  # @!attribute [rw] configuration_values
814
1199
  # The set of configuration values for the add-on that's created. The
815
- # values that you provide are validated against the schema in [
816
- # `DescribeAddonConfiguration` ][1].
817
- #
818
- #
819
- #
820
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html
1200
+ # values that you provide are validated against the schema returned by
1201
+ # `DescribeAddonConfiguration`.
821
1202
  # @return [String]
822
1203
  #
823
1204
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAddonRequest AWS API Documentation
@@ -918,7 +1299,7 @@ module Aws::EKS
918
1299
  # @return [Types::Logging]
919
1300
  #
920
1301
  # @!attribute [rw] client_request_token
921
- # Unique, case-sensitive identifier that you provide to ensure the
1302
+ # A unique, case-sensitive identifier that you provide to ensure the
922
1303
  # idempotency of the request.
923
1304
  #
924
1305
  # **A suitable default value is auto-generated.** You should normally
@@ -926,9 +1307,10 @@ module Aws::EKS
926
1307
  # @return [String]
927
1308
  #
928
1309
  # @!attribute [rw] tags
929
- # The metadata to apply to the cluster to assist with categorization
930
- # and organization. Each tag consists of a key and an optional value.
931
- # You define both.
1310
+ # Metadata that assists with categorization and organization. Each tag
1311
+ # consists of a key and an optional value. You define both. Tags
1312
+ # don't propagate to any other cluster or Amazon Web Services
1313
+ # resources.
932
1314
  # @return [Hash<String,String>]
933
1315
  #
934
1316
  # @!attribute [rw] encryption_config
@@ -948,6 +1330,10 @@ module Aws::EKS
948
1330
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-local-cluster-overview.html
949
1331
  # @return [Types::OutpostConfigRequest]
950
1332
  #
1333
+ # @!attribute [rw] access_config
1334
+ # The access configuration for the cluster.
1335
+ # @return [Types::CreateAccessConfigRequest]
1336
+ #
951
1337
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateClusterRequest AWS API Documentation
952
1338
  #
953
1339
  class CreateClusterRequest < Struct.new(
@@ -960,7 +1346,8 @@ module Aws::EKS
960
1346
  :client_request_token,
961
1347
  :tags,
962
1348
  :encryption_config,
963
- :outpost_config)
1349
+ :outpost_config,
1350
+ :access_config)
964
1351
  SENSITIVE = []
965
1352
  include Aws::Structure
966
1353
  end
@@ -1012,7 +1399,7 @@ module Aws::EKS
1012
1399
  # @return [Boolean]
1013
1400
  #
1014
1401
  # @!attribute [rw] client_request_token
1015
- # Unique, case-sensitive identifier that you provide to ensure the
1402
+ # A unique, case-sensitive identifier that you provide to ensure the
1016
1403
  # idempotency of the request.
1017
1404
  #
1018
1405
  # **A suitable default value is auto-generated.** You should normally
@@ -1057,16 +1444,16 @@ module Aws::EKS
1057
1444
  # @return [String]
1058
1445
  #
1059
1446
  # @!attribute [rw] cluster_name
1060
- # The name of the Amazon EKS cluster to apply the Fargate profile to.
1447
+ # The name of your cluster.
1061
1448
  # @return [String]
1062
1449
  #
1063
1450
  # @!attribute [rw] pod_execution_role_arn
1064
- # The Amazon Resource Name (ARN) of the pod execution role to use for
1065
- # pods that match the selectors in the Fargate profile. The pod
1066
- # execution role allows Fargate infrastructure to register with your
1067
- # cluster as a node, and it provides read access to Amazon ECR image
1068
- # repositories. For more information, see [Pod Execution Role][1] in
1069
- # the *Amazon EKS User Guide*.
1451
+ # The Amazon Resource Name (ARN) of the `Pod` execution role to use
1452
+ # for a `Pod` that matches the selectors in the Fargate profile. The
1453
+ # `Pod` execution role allows Fargate infrastructure to register with
1454
+ # your cluster as a node, and it provides read access to Amazon ECR
1455
+ # image repositories. For more information, see [ `Pod` execution
1456
+ # role][1] in the *Amazon EKS User Guide*.
1070
1457
  #
1071
1458
  #
1072
1459
  #
@@ -1074,21 +1461,21 @@ module Aws::EKS
1074
1461
  # @return [String]
1075
1462
  #
1076
1463
  # @!attribute [rw] subnets
1077
- # The IDs of subnets to launch your pods into. At this time, pods
1078
- # running on Fargate are not assigned public IP addresses, so only
1079
- # private subnets (with no direct route to an Internet Gateway) are
1080
- # accepted for this parameter.
1464
+ # The IDs of subnets to launch a `Pod` into. A `Pod` running on
1465
+ # Fargate isn't assigned a public IP address, so only private subnets
1466
+ # (with no direct route to an Internet Gateway) are accepted for this
1467
+ # parameter.
1081
1468
  # @return [Array<String>]
1082
1469
  #
1083
1470
  # @!attribute [rw] selectors
1084
- # The selectors to match for pods to use this Fargate profile. Each
1085
- # selector must have an associated namespace. Optionally, you can also
1086
- # specify labels for a namespace. You may specify up to five selectors
1087
- # in a Fargate profile.
1471
+ # The selectors to match for a `Pod` to use this Fargate profile. Each
1472
+ # selector must have an associated Kubernetes `namespace`. Optionally,
1473
+ # you can also specify `labels` for a `namespace`. You may specify up
1474
+ # to five selectors in a Fargate profile.
1088
1475
  # @return [Array<Types::FargateProfileSelector>]
1089
1476
  #
1090
1477
  # @!attribute [rw] client_request_token
1091
- # Unique, case-sensitive identifier that you provide to ensure the
1478
+ # A unique, case-sensitive identifier that you provide to ensure the
1092
1479
  # idempotency of the request.
1093
1480
  #
1094
1481
  # **A suitable default value is auto-generated.** You should normally
@@ -1096,11 +1483,10 @@ module Aws::EKS
1096
1483
  # @return [String]
1097
1484
  #
1098
1485
  # @!attribute [rw] tags
1099
- # The metadata to apply to the Fargate profile to assist with
1100
- # categorization and organization. Each tag consists of a key and an
1101
- # optional value. You define both. Fargate profile tags do not
1102
- # propagate to any other resources associated with the Fargate
1103
- # profile, such as the pods that are scheduled with it.
1486
+ # Metadata that assists with categorization and organization. Each tag
1487
+ # consists of a key and an optional value. You define both. Tags
1488
+ # don't propagate to any other cluster or Amazon Web Services
1489
+ # resources.
1104
1490
  # @return [Hash<String,String>]
1105
1491
  #
1106
1492
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateFargateProfileRequest AWS API Documentation
@@ -1130,7 +1516,7 @@ module Aws::EKS
1130
1516
  end
1131
1517
 
1132
1518
  # @!attribute [rw] cluster_name
1133
- # The name of the cluster to create the node group in.
1519
+ # The name of your cluster.
1134
1520
  # @return [String]
1135
1521
  #
1136
1522
  # @!attribute [rw] nodegroup_name
@@ -1159,15 +1545,14 @@ module Aws::EKS
1159
1545
  # @!attribute [rw] subnets
1160
1546
  # The subnets to use for the Auto Scaling group that is created for
1161
1547
  # your node group. If you specify `launchTemplate`, then don't
1162
- # specify [ `SubnetId` ][1] in your launch template, or the node group
1548
+ # specify ` SubnetId ` in your launch template, or the node group
1163
1549
  # deployment will fail. For more information about using launch
1164
- # templates with Amazon EKS, see [Launch template support][2] in the
1550
+ # templates with Amazon EKS, see [Launch template support][1] in the
1165
1551
  # *Amazon EKS User Guide*.
1166
1552
  #
1167
1553
  #
1168
1554
  #
1169
- # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html
1170
- # [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1555
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1171
1556
  # @return [Array<String>]
1172
1557
  #
1173
1558
  # @!attribute [rw] instance_types
@@ -1228,22 +1613,20 @@ module Aws::EKS
1228
1613
  # into a cluster, you must create an IAM role for those nodes to use
1229
1614
  # when they are launched. For more information, see [Amazon EKS node
1230
1615
  # IAM role][1] in the <i> <i>Amazon EKS User Guide</i> </i>. If you
1231
- # specify `launchTemplate`, then don't specify [ `IamInstanceProfile`
1232
- # ][2] in your launch template, or the node group deployment will
1233
- # fail. For more information about using launch templates with Amazon
1234
- # EKS, see [Launch template support][3] in the *Amazon EKS User
1235
- # Guide*.
1616
+ # specify `launchTemplate`, then don't specify ` IamInstanceProfile `
1617
+ # in your launch template, or the node group deployment will fail. For
1618
+ # more information about using launch templates with Amazon EKS, see
1619
+ # [Launch template support][2] in the *Amazon EKS User Guide*.
1236
1620
  #
1237
1621
  #
1238
1622
  #
1239
1623
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html
1240
- # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html
1241
- # [3]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1624
+ # [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1242
1625
  # @return [String]
1243
1626
  #
1244
1627
  # @!attribute [rw] labels
1245
- # The Kubernetes labels to be applied to the nodes in the node group
1246
- # when they are created.
1628
+ # The Kubernetes `labels` to apply to the nodes in the node group when
1629
+ # they are created.
1247
1630
  # @return [Hash<String,String>]
1248
1631
  #
1249
1632
  # @!attribute [rw] taints
@@ -1256,15 +1639,14 @@ module Aws::EKS
1256
1639
  # @return [Array<Types::Taint>]
1257
1640
  #
1258
1641
  # @!attribute [rw] tags
1259
- # The metadata to apply to the node group to assist with
1260
- # categorization and organization. Each tag consists of a key and an
1261
- # optional value. You define both. Node group tags do not propagate to
1262
- # any other resources associated with the node group, such as the
1263
- # Amazon EC2 instances or subnets.
1642
+ # Metadata that assists with categorization and organization. Each tag
1643
+ # consists of a key and an optional value. You define both. Tags
1644
+ # don't propagate to any other cluster or Amazon Web Services
1645
+ # resources.
1264
1646
  # @return [Hash<String,String>]
1265
1647
  #
1266
1648
  # @!attribute [rw] client_request_token
1267
- # Unique, case-sensitive identifier that you provide to ensure the
1649
+ # A unique, case-sensitive identifier that you provide to ensure the
1268
1650
  # idempotency of the request.
1269
1651
  #
1270
1652
  # **A suitable default value is auto-generated.** You should normally
@@ -1383,7 +1765,7 @@ module Aws::EKS
1383
1765
  # @return [String]
1384
1766
  #
1385
1767
  # @!attribute [rw] client_request_token
1386
- # Unique, case-sensitive identifier that you provide to ensure the
1768
+ # A unique, case-sensitive identifier that you provide to ensure the
1387
1769
  # idempotency of the request.
1388
1770
  #
1389
1771
  # **A suitable default value is auto-generated.** You should normally
@@ -1391,9 +1773,10 @@ module Aws::EKS
1391
1773
  # @return [String]
1392
1774
  #
1393
1775
  # @!attribute [rw] tags
1394
- # The metadata that you apply to a resource to assist with
1395
- # categorization and organization. Each tag consists of a key and an
1396
- # optional value. You define both.
1776
+ # Metadata that assists with categorization and organization. Each tag
1777
+ # consists of a key and an optional value. You define both. Tags
1778
+ # don't propagate to any other cluster or Amazon Web Services
1779
+ # resources.
1397
1780
  #
1398
1781
  # The following basic restrictions apply to tags:
1399
1782
  #
@@ -1450,7 +1833,28 @@ module Aws::EKS
1450
1833
  end
1451
1834
 
1452
1835
  # @!attribute [rw] cluster_name
1453
- # The name of the cluster to delete the add-on from.
1836
+ # The name of your cluster.
1837
+ # @return [String]
1838
+ #
1839
+ # @!attribute [rw] principal_arn
1840
+ # The ARN of the IAM principal for the `AccessEntry`.
1841
+ # @return [String]
1842
+ #
1843
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteAccessEntryRequest AWS API Documentation
1844
+ #
1845
+ class DeleteAccessEntryRequest < Struct.new(
1846
+ :cluster_name,
1847
+ :principal_arn)
1848
+ SENSITIVE = []
1849
+ include Aws::Structure
1850
+ end
1851
+
1852
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteAccessEntryResponse AWS API Documentation
1853
+ #
1854
+ class DeleteAccessEntryResponse < Aws::EmptyStructure; end
1855
+
1856
+ # @!attribute [rw] cluster_name
1857
+ # The name of your cluster.
1454
1858
  # @return [String]
1455
1859
  #
1456
1860
  # @!attribute [rw] addon_name
@@ -1544,8 +1948,7 @@ module Aws::EKS
1544
1948
  end
1545
1949
 
1546
1950
  # @!attribute [rw] cluster_name
1547
- # The name of the Amazon EKS cluster associated with the Fargate
1548
- # profile to delete.
1951
+ # The name of your cluster.
1549
1952
  # @return [String]
1550
1953
  #
1551
1954
  # @!attribute [rw] fargate_profile_name
@@ -1574,8 +1977,7 @@ module Aws::EKS
1574
1977
  end
1575
1978
 
1576
1979
  # @!attribute [rw] cluster_name
1577
- # The name of the Amazon EKS cluster that is associated with your node
1578
- # group.
1980
+ # The name of your cluster.
1579
1981
  # @return [String]
1580
1982
  #
1581
1983
  # @!attribute [rw] nodegroup_name
@@ -1657,13 +2059,38 @@ module Aws::EKS
1657
2059
  include Aws::Structure
1658
2060
  end
1659
2061
 
1660
- # @!attribute [rw] addon_name
1661
- # The name of the add-on. The name must match one of the names that [
1662
- # `DescribeAddonVersions` ][1] returns.
2062
+ # @!attribute [rw] cluster_name
2063
+ # The name of your cluster.
2064
+ # @return [String]
1663
2065
  #
2066
+ # @!attribute [rw] principal_arn
2067
+ # The ARN of the IAM principal for the `AccessEntry`.
2068
+ # @return [String]
1664
2069
  #
2070
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAccessEntryRequest AWS API Documentation
1665
2071
  #
1666
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html
2072
+ class DescribeAccessEntryRequest < Struct.new(
2073
+ :cluster_name,
2074
+ :principal_arn)
2075
+ SENSITIVE = []
2076
+ include Aws::Structure
2077
+ end
2078
+
2079
+ # @!attribute [rw] access_entry
2080
+ # Information about the access entry.
2081
+ # @return [Types::AccessEntry]
2082
+ #
2083
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAccessEntryResponse AWS API Documentation
2084
+ #
2085
+ class DescribeAccessEntryResponse < Struct.new(
2086
+ :access_entry)
2087
+ SENSITIVE = []
2088
+ include Aws::Structure
2089
+ end
2090
+
2091
+ # @!attribute [rw] addon_name
2092
+ # The name of the add-on. The name must match one of the names
2093
+ # returned by `DescribeAddonVersions`.
1667
2094
  # @return [String]
1668
2095
  #
1669
2096
  # @!attribute [rw] addon_version
@@ -1698,8 +2125,8 @@ module Aws::EKS
1698
2125
  # @return [String]
1699
2126
  #
1700
2127
  # @!attribute [rw] configuration_schema
1701
- # A JSON schema that's used to validate the configuration values that
1702
- # you provide when an addon is created or updated.
2128
+ # A JSON schema that's used to validate the configuration values you
2129
+ # provide when an add-on is created or updated.
1703
2130
  # @return [String]
1704
2131
  #
1705
2132
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAddonConfigurationResponse AWS API Documentation
@@ -1713,7 +2140,7 @@ module Aws::EKS
1713
2140
  end
1714
2141
 
1715
2142
  # @!attribute [rw] cluster_name
1716
- # The name of the cluster.
2143
+ # The name of your cluster.
1717
2144
  # @return [String]
1718
2145
  #
1719
2146
  # @!attribute [rw] addon_name
@@ -1756,15 +2183,21 @@ module Aws::EKS
1756
2183
  # @return [String]
1757
2184
  #
1758
2185
  # @!attribute [rw] max_results
1759
- # The maximum number of results to return.
2186
+ # The maximum number of results, returned in paginated output. You
2187
+ # receive `maxResults` in a single page, along with a `nextToken`
2188
+ # response element. You can see the remaining results of the initial
2189
+ # request by sending another request with the returned `nextToken`
2190
+ # value. This value can be between 1 and 100. If you don't use this
2191
+ # parameter, 100 results and a `nextToken` value, if applicable, are
2192
+ # returned.
1760
2193
  # @return [Integer]
1761
2194
  #
1762
2195
  # @!attribute [rw] next_token
1763
- # The `nextToken` value returned from a previous paginated
1764
- # `DescribeAddonVersionsRequest` where `maxResults` was used and the
1765
- # results exceeded the value of that parameter. Pagination continues
1766
- # from the end of the previous results that returned the `nextToken`
1767
- # value.
2196
+ # The `nextToken` value returned from a previous paginated request,
2197
+ # where `maxResults` was used and the results exceeded the value of
2198
+ # that parameter. Pagination continues from the end of the previous
2199
+ # results that returned the `nextToken` value. This value is null when
2200
+ # there are no more results to return.
1768
2201
  #
1769
2202
  # <note markdown="1"> This token should be treated as an opaque identifier that is used
1770
2203
  # only to retrieve the next items in a list and not for other
@@ -1840,7 +2273,7 @@ module Aws::EKS
1840
2273
  end
1841
2274
 
1842
2275
  # @!attribute [rw] name
1843
- # The name of the cluster to describe.
2276
+ # The name of your cluster.
1844
2277
  # @return [String]
1845
2278
  #
1846
2279
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeClusterRequest AWS API Documentation
@@ -1888,8 +2321,7 @@ module Aws::EKS
1888
2321
  end
1889
2322
 
1890
2323
  # @!attribute [rw] cluster_name
1891
- # The name of the Amazon EKS cluster associated with the Fargate
1892
- # profile.
2324
+ # The name of your cluster.
1893
2325
  # @return [String]
1894
2326
  #
1895
2327
  # @!attribute [rw] fargate_profile_name
@@ -1918,8 +2350,7 @@ module Aws::EKS
1918
2350
  end
1919
2351
 
1920
2352
  # @!attribute [rw] cluster_name
1921
- # The cluster name that the identity provider configuration is
1922
- # associated to.
2353
+ # The name of your cluster.
1923
2354
  # @return [String]
1924
2355
  #
1925
2356
  # @!attribute [rw] identity_provider_config
@@ -1949,7 +2380,7 @@ module Aws::EKS
1949
2380
  end
1950
2381
 
1951
2382
  # @!attribute [rw] cluster_name
1952
- # The name of the Amazon EKS cluster associated with the node group.
2383
+ # The name of your cluster.
1953
2384
  # @return [String]
1954
2385
  #
1955
2386
  # @!attribute [rw] nodegroup_name
@@ -2006,6 +2437,8 @@ module Aws::EKS
2006
2437
  include Aws::Structure
2007
2438
  end
2008
2439
 
2440
+ # Describes an update request.
2441
+ #
2009
2442
  # @!attribute [rw] name
2010
2443
  # The name of the Amazon EKS cluster associated with the update.
2011
2444
  # @return [String]
@@ -2053,7 +2486,35 @@ module Aws::EKS
2053
2486
  end
2054
2487
 
2055
2488
  # @!attribute [rw] cluster_name
2056
- # The name of the cluster to disassociate an identity provider from.
2489
+ # The name of your cluster.
2490
+ # @return [String]
2491
+ #
2492
+ # @!attribute [rw] principal_arn
2493
+ # The ARN of the IAM principal for the `AccessEntry`.
2494
+ # @return [String]
2495
+ #
2496
+ # @!attribute [rw] policy_arn
2497
+ # The ARN of the policy to disassociate from the access entry. For a
2498
+ # list of associated policies ARNs, use
2499
+ # `ListAssociatedAccessPolicies`.
2500
+ # @return [String]
2501
+ #
2502
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateAccessPolicyRequest AWS API Documentation
2503
+ #
2504
+ class DisassociateAccessPolicyRequest < Struct.new(
2505
+ :cluster_name,
2506
+ :principal_arn,
2507
+ :policy_arn)
2508
+ SENSITIVE = []
2509
+ include Aws::Structure
2510
+ end
2511
+
2512
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateAccessPolicyResponse AWS API Documentation
2513
+ #
2514
+ class DisassociateAccessPolicyResponse < Aws::EmptyStructure; end
2515
+
2516
+ # @!attribute [rw] cluster_name
2517
+ # The name of your cluster.
2057
2518
  # @return [String]
2058
2519
  #
2059
2520
  # @!attribute [rw] identity_provider_config
@@ -2198,7 +2659,7 @@ module Aws::EKS
2198
2659
  #
2199
2660
  # @!attribute [rw] resources
2200
2661
  # Specifies the resources to be encrypted. The only supported value is
2201
- # "secrets".
2662
+ # `secrets`.
2202
2663
  # @return [Array<String>]
2203
2664
  #
2204
2665
  # @!attribute [rw] provider
@@ -2230,7 +2691,7 @@ module Aws::EKS
2230
2691
  # interface limit for your account.
2231
2692
  #
2232
2693
  # * **IpNotAvailable**: A subnet associated with the cluster doesn't
2233
- # have any free IP addresses.
2694
+ # have any available IP addresses.
2234
2695
  #
2235
2696
  # * **AccessDenied**: You don't have permissions to perform the
2236
2697
  # specified operation.
@@ -2273,20 +2734,18 @@ module Aws::EKS
2273
2734
  # @return [String]
2274
2735
  #
2275
2736
  # @!attribute [rw] cluster_name
2276
- # The name of the Amazon EKS cluster that the Fargate profile belongs
2277
- # to.
2737
+ # The name of your cluster.
2278
2738
  # @return [String]
2279
2739
  #
2280
2740
  # @!attribute [rw] created_at
2281
- # The Unix epoch timestamp in seconds for when the Fargate profile was
2282
- # created.
2741
+ # The Unix epoch timestamp at object creation.
2283
2742
  # @return [Time]
2284
2743
  #
2285
2744
  # @!attribute [rw] pod_execution_role_arn
2286
- # The Amazon Resource Name (ARN) of the pod execution role to use for
2287
- # pods that match the selectors in the Fargate profile. For more
2288
- # information, see [Pod Execution Role][1] in the *Amazon EKS User
2289
- # Guide*.
2745
+ # The Amazon Resource Name (ARN) of the `Pod` execution role to use
2746
+ # for any `Pod` that matches the selectors in the Fargate profile. For
2747
+ # more information, see [ `Pod` execution role][1] in the *Amazon EKS
2748
+ # User Guide*.
2290
2749
  #
2291
2750
  #
2292
2751
  #
@@ -2294,11 +2753,11 @@ module Aws::EKS
2294
2753
  # @return [String]
2295
2754
  #
2296
2755
  # @!attribute [rw] subnets
2297
- # The IDs of subnets to launch pods into.
2756
+ # The IDs of subnets to launch a `Pod` into.
2298
2757
  # @return [Array<String>]
2299
2758
  #
2300
2759
  # @!attribute [rw] selectors
2301
- # The selectors to match for pods to use this Fargate profile.
2760
+ # The selectors to match for a `Pod` to use this Fargate profile.
2302
2761
  # @return [Array<Types::FargateProfileSelector>]
2303
2762
  #
2304
2763
  # @!attribute [rw] status
@@ -2306,11 +2765,10 @@ module Aws::EKS
2306
2765
  # @return [String]
2307
2766
  #
2308
2767
  # @!attribute [rw] tags
2309
- # The metadata applied to the Fargate profile to assist with
2310
- # categorization and organization. Each tag consists of a key and an
2311
- # optional value. You define both. Fargate profile tags do not
2312
- # propagate to any other resources associated with the Fargate
2313
- # profile, such as the pods that are scheduled with it.
2768
+ # Metadata that assists with categorization and organization. Each tag
2769
+ # consists of a key and an optional value. You define both. Tags
2770
+ # don't propagate to any other cluster or Amazon Web Services
2771
+ # resources.
2314
2772
  # @return [Hash<String,String>]
2315
2773
  #
2316
2774
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/FargateProfile AWS API Documentation
@@ -2332,7 +2790,7 @@ module Aws::EKS
2332
2790
  # An object representing an Fargate profile selector.
2333
2791
  #
2334
2792
  # @!attribute [rw] namespace
2335
- # The Kubernetes namespace that the selector should match.
2793
+ # The Kubernetes `namespace` that the selector should match.
2336
2794
  # @return [String]
2337
2795
  #
2338
2796
  # @!attribute [rw] labels
@@ -2524,7 +2982,7 @@ module Aws::EKS
2524
2982
  # addresses to instances launched into it. If you want your
2525
2983
  # instances to be assigned a public IP address, then you need to
2526
2984
  # enable the `auto-assign public IP address` setting for the subnet.
2527
- # See [Modifying the public IPv4 addressing attribute for your
2985
+ # See [Modifying the public `IPv4` addressing attribute for your
2528
2986
  # subnet][1] in the *Amazon VPC User Guide*.
2529
2987
  #
2530
2988
  # * **IamInstanceProfileNotFound**: We couldn't find the IAM instance
@@ -2593,10 +3051,10 @@ module Aws::EKS
2593
3051
  # * Doesn't overlap with any CIDR block assigned to the VPC that you
2594
3052
  # selected for VPC.
2595
3053
  #
2596
- # * Between /24 and /12.
3054
+ # * Between `/24` and `/12`.
2597
3055
  #
2598
- # You can only specify a custom CIDR block when you create a cluster
2599
- # and can't change this value once the cluster is created.
3056
+ # You can only specify a custom CIDR block when you create a cluster.
3057
+ # You can't change this value after the cluster is created.
2600
3058
  # @return [String]
2601
3059
  #
2602
3060
  # @!attribute [rw] ip_family
@@ -2636,13 +3094,13 @@ module Aws::EKS
2636
3094
  # not both.
2637
3095
  #
2638
3096
  # @!attribute [rw] service_ipv_4_cidr
2639
- # The CIDR block that Kubernetes pod and service IP addresses are
2640
- # assigned from. Kubernetes assigns addresses from an IPv4 CIDR block
2641
- # assigned to a subnet that the node is in. If you didn't specify a
2642
- # CIDR block when you created the cluster, then Kubernetes assigns
2643
- # addresses from either the `10.100.0.0/16` or `172.20.0.0/16` CIDR
2644
- # blocks. If this was specified, then it was specified when the
2645
- # cluster was created and it can't be changed.
3097
+ # The CIDR block that Kubernetes `Pod` and `Service` object IP
3098
+ # addresses are assigned from. Kubernetes assigns addresses from an
3099
+ # `IPv4` CIDR block assigned to a subnet that the node is in. If you
3100
+ # didn't specify a CIDR block when you created the cluster, then
3101
+ # Kubernetes assigns addresses from either the `10.100.0.0/16` or
3102
+ # `172.20.0.0/16` CIDR blocks. If this was specified, then it was
3103
+ # specified when the cluster was created and it can't be changed.
2646
3104
  # @return [String]
2647
3105
  #
2648
3106
  # @!attribute [rw] service_ipv_6_cidr
@@ -2655,96 +3113,235 @@ module Aws::EKS
2655
3113
  # the cluster.
2656
3114
  # @return [String]
2657
3115
  #
2658
- # @!attribute [rw] ip_family
2659
- # The IP family used to assign Kubernetes pod and service IP
2660
- # addresses. The IP family is always `ipv4`, unless you have a `1.21`
2661
- # or later cluster running version 1.10.1 or later of the Amazon VPC
2662
- # CNI add-on and specified `ipv6` when you created the cluster.
3116
+ # @!attribute [rw] ip_family
3117
+ # The IP family used to assign Kubernetes `Pod` and `Service` objects
3118
+ # IP addresses. The IP family is always `ipv4`, unless you have a
3119
+ # `1.21` or later cluster running version `1.10.1` or later of the
3120
+ # Amazon VPC CNI plugin for Kubernetes and specified `ipv6` when you
3121
+ # created the cluster.
3122
+ # @return [String]
3123
+ #
3124
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/KubernetesNetworkConfigResponse AWS API Documentation
3125
+ #
3126
+ class KubernetesNetworkConfigResponse < Struct.new(
3127
+ :service_ipv_4_cidr,
3128
+ :service_ipv_6_cidr,
3129
+ :ip_family)
3130
+ SENSITIVE = []
3131
+ include Aws::Structure
3132
+ end
3133
+
3134
+ # An object representing a node group launch template specification. The
3135
+ # launch template can't include [ `SubnetId` ][1], [
3136
+ # `IamInstanceProfile` ][2], [ `RequestSpotInstances` ][3], [
3137
+ # `HibernationOptions` ][4], or [ `TerminateInstances` ][5], or the node
3138
+ # group deployment or update will fail. For more information about
3139
+ # launch templates, see [ `CreateLaunchTemplate` ][6] in the Amazon EC2
3140
+ # API Reference. For more information about using launch templates with
3141
+ # Amazon EKS, see [Launch template support][7] in the *Amazon EKS User
3142
+ # Guide*.
3143
+ #
3144
+ # You must specify either the launch template ID or the launch template
3145
+ # name in the request, but not both.
3146
+ #
3147
+ #
3148
+ #
3149
+ # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html
3150
+ # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html
3151
+ # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html
3152
+ # [4]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html
3153
+ # [5]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html
3154
+ # [6]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html
3155
+ # [7]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
3156
+ #
3157
+ # @!attribute [rw] name
3158
+ # The name of the launch template.
3159
+ #
3160
+ # You must specify either the launch template name or the launch
3161
+ # template ID in the request, but not both.
3162
+ # @return [String]
3163
+ #
3164
+ # @!attribute [rw] version
3165
+ # The version number of the launch template to use. If no version is
3166
+ # specified, then the template's default version is used.
3167
+ # @return [String]
3168
+ #
3169
+ # @!attribute [rw] id
3170
+ # The ID of the launch template.
3171
+ #
3172
+ # You must specify either the launch template ID or the launch
3173
+ # template name in the request, but not both.
3174
+ # @return [String]
3175
+ #
3176
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/LaunchTemplateSpecification AWS API Documentation
3177
+ #
3178
+ class LaunchTemplateSpecification < Struct.new(
3179
+ :name,
3180
+ :version,
3181
+ :id)
3182
+ SENSITIVE = []
3183
+ include Aws::Structure
3184
+ end
3185
+
3186
+ # @!attribute [rw] cluster_name
3187
+ # The name of your cluster.
3188
+ # @return [String]
3189
+ #
3190
+ # @!attribute [rw] associated_policy_arn
3191
+ # The ARN of an `AccessPolicy`. When you specify an access policy ARN,
3192
+ # only the access entries associated to that access policy are
3193
+ # returned. For a list of available policy ARNs, use
3194
+ # `ListAccessPolicies`.
3195
+ # @return [String]
3196
+ #
3197
+ # @!attribute [rw] max_results
3198
+ # The maximum number of results, returned in paginated output. You
3199
+ # receive `maxResults` in a single page, along with a `nextToken`
3200
+ # response element. You can see the remaining results of the initial
3201
+ # request by sending another request with the returned `nextToken`
3202
+ # value. This value can be between 1 and 100. If you don't use this
3203
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3204
+ # returned.
3205
+ # @return [Integer]
3206
+ #
3207
+ # @!attribute [rw] next_token
3208
+ # The `nextToken` value returned from a previous paginated request,
3209
+ # where `maxResults` was used and the results exceeded the value of
3210
+ # that parameter. Pagination continues from the end of the previous
3211
+ # results that returned the `nextToken` value. This value is null when
3212
+ # there are no more results to return.
3213
+ #
3214
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3215
+ # only to retrieve the next items in a list and not for other
3216
+ # programmatic purposes.
3217
+ #
3218
+ # </note>
3219
+ # @return [String]
3220
+ #
3221
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessEntriesRequest AWS API Documentation
3222
+ #
3223
+ class ListAccessEntriesRequest < Struct.new(
3224
+ :cluster_name,
3225
+ :associated_policy_arn,
3226
+ :max_results,
3227
+ :next_token)
3228
+ SENSITIVE = []
3229
+ include Aws::Structure
3230
+ end
3231
+
3232
+ # @!attribute [rw] access_entries
3233
+ # The list of access entries that exist for the cluster.
3234
+ # @return [Array<String>]
3235
+ #
3236
+ # @!attribute [rw] next_token
3237
+ # The `nextToken` value returned from a previous paginated request,
3238
+ # where `maxResults` was used and the results exceeded the value of
3239
+ # that parameter. Pagination continues from the end of the previous
3240
+ # results that returned the `nextToken` value. This value is null when
3241
+ # there are no more results to return.
3242
+ #
3243
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3244
+ # only to retrieve the next items in a list and not for other
3245
+ # programmatic purposes.
3246
+ #
3247
+ # </note>
3248
+ # @return [String]
3249
+ #
3250
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessEntriesResponse AWS API Documentation
3251
+ #
3252
+ class ListAccessEntriesResponse < Struct.new(
3253
+ :access_entries,
3254
+ :next_token)
3255
+ SENSITIVE = []
3256
+ include Aws::Structure
3257
+ end
3258
+
3259
+ # @!attribute [rw] max_results
3260
+ # The maximum number of results, returned in paginated output. You
3261
+ # receive `maxResults` in a single page, along with a `nextToken`
3262
+ # response element. You can see the remaining results of the initial
3263
+ # request by sending another request with the returned `nextToken`
3264
+ # value. This value can be between 1 and 100. If you don't use this
3265
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3266
+ # returned.
3267
+ # @return [Integer]
3268
+ #
3269
+ # @!attribute [rw] next_token
3270
+ # The `nextToken` value returned from a previous paginated request,
3271
+ # where `maxResults` was used and the results exceeded the value of
3272
+ # that parameter. Pagination continues from the end of the previous
3273
+ # results that returned the `nextToken` value. This value is null when
3274
+ # there are no more results to return.
3275
+ #
3276
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3277
+ # only to retrieve the next items in a list and not for other
3278
+ # programmatic purposes.
3279
+ #
3280
+ # </note>
2663
3281
  # @return [String]
2664
3282
  #
2665
- # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/KubernetesNetworkConfigResponse AWS API Documentation
3283
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessPoliciesRequest AWS API Documentation
2666
3284
  #
2667
- class KubernetesNetworkConfigResponse < Struct.new(
2668
- :service_ipv_4_cidr,
2669
- :service_ipv_6_cidr,
2670
- :ip_family)
3285
+ class ListAccessPoliciesRequest < Struct.new(
3286
+ :max_results,
3287
+ :next_token)
2671
3288
  SENSITIVE = []
2672
3289
  include Aws::Structure
2673
3290
  end
2674
3291
 
2675
- # An object representing a node group launch template specification. The
2676
- # launch template can't include [ `SubnetId` ][1], [
2677
- # `IamInstanceProfile` ][2], [ `RequestSpotInstances` ][3], [
2678
- # `HibernationOptions` ][4], or [ `TerminateInstances` ][5], or the node
2679
- # group deployment or update will fail. For more information about
2680
- # launch templates, see [ `CreateLaunchTemplate` ][6] in the Amazon EC2
2681
- # API Reference. For more information about using launch templates with
2682
- # Amazon EKS, see [Launch template support][7] in the *Amazon EKS User
2683
- # Guide*.
2684
- #
2685
- # You must specify either the launch template ID or the launch template
2686
- # name in the request, but not both.
3292
+ # @!attribute [rw] access_policies
3293
+ # The list of available access policies. You can't view the contents
3294
+ # of an access policy using the API. To view the contents, see [Access
3295
+ # policy permissions][1] in the *Amazon EKS User Guide*.
2687
3296
  #
2688
3297
  #
2689
3298
  #
2690
- # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html
2691
- # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html
2692
- # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html
2693
- # [4]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html
2694
- # [5]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html
2695
- # [6]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html
2696
- # [7]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
2697
- #
2698
- # @!attribute [rw] name
2699
- # The name of the launch template.
2700
- #
2701
- # You must specify either the launch template name or the launch
2702
- # template ID in the request, but not both.
2703
- # @return [String]
3299
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions
3300
+ # @return [Array<Types::AccessPolicy>]
2704
3301
  #
2705
- # @!attribute [rw] version
2706
- # The version number of the launch template to use. If no version is
2707
- # specified, then the template's default version is used.
2708
- # @return [String]
3302
+ # @!attribute [rw] next_token
3303
+ # The `nextToken` value returned from a previous paginated request,
3304
+ # where `maxResults` was used and the results exceeded the value of
3305
+ # that parameter. Pagination continues from the end of the previous
3306
+ # results that returned the `nextToken` value. This value is null when
3307
+ # there are no more results to return.
2709
3308
  #
2710
- # @!attribute [rw] id
2711
- # The ID of the launch template.
3309
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3310
+ # only to retrieve the next items in a list and not for other
3311
+ # programmatic purposes.
2712
3312
  #
2713
- # You must specify either the launch template ID or the launch
2714
- # template name in the request, but not both.
3313
+ # </note>
2715
3314
  # @return [String]
2716
3315
  #
2717
- # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/LaunchTemplateSpecification AWS API Documentation
3316
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessPoliciesResponse AWS API Documentation
2718
3317
  #
2719
- class LaunchTemplateSpecification < Struct.new(
2720
- :name,
2721
- :version,
2722
- :id)
3318
+ class ListAccessPoliciesResponse < Struct.new(
3319
+ :access_policies,
3320
+ :next_token)
2723
3321
  SENSITIVE = []
2724
3322
  include Aws::Structure
2725
3323
  end
2726
3324
 
2727
3325
  # @!attribute [rw] cluster_name
2728
- # The name of the cluster.
3326
+ # The name of your cluster.
2729
3327
  # @return [String]
2730
3328
  #
2731
3329
  # @!attribute [rw] max_results
2732
- # The maximum number of add-on results returned by `ListAddonsRequest`
2733
- # in paginated output. When you use this parameter,
2734
- # `ListAddonsRequest` returns only `maxResults` results in a single
2735
- # page along with a `nextToken` response element. You can see the
2736
- # remaining results of the initial request by sending another
2737
- # `ListAddonsRequest` request with the returned `nextToken` value.
2738
- # This value can be between 1 and 100. If you don't use this
2739
- # parameter, `ListAddonsRequest` returns up to 100 results and a
2740
- # `nextToken` value, if applicable.
3330
+ # The maximum number of results, returned in paginated output. You
3331
+ # receive `maxResults` in a single page, along with a `nextToken`
3332
+ # response element. You can see the remaining results of the initial
3333
+ # request by sending another request with the returned `nextToken`
3334
+ # value. This value can be between 1 and 100. If you don't use this
3335
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3336
+ # returned.
2741
3337
  # @return [Integer]
2742
3338
  #
2743
3339
  # @!attribute [rw] next_token
2744
- # The `nextToken` value returned from a previous paginated
2745
- # `ListAddonsRequest` where `maxResults` was used and the results
2746
- # exceeded the value of that parameter. Pagination continues from the
2747
- # end of the previous results that returned the `nextToken` value.
3340
+ # The `nextToken` value returned from a previous paginated request,
3341
+ # where `maxResults` was used and the results exceeded the value of
3342
+ # that parameter. Pagination continues from the end of the previous
3343
+ # results that returned the `nextToken` value. This value is null when
3344
+ # there are no more results to return.
2748
3345
  #
2749
3346
  # <note markdown="1"> This token should be treated as an opaque identifier that is used
2750
3347
  # only to retrieve the next items in a list and not for other
@@ -2789,22 +3386,102 @@ module Aws::EKS
2789
3386
  include Aws::Structure
2790
3387
  end
2791
3388
 
3389
+ # @!attribute [rw] cluster_name
3390
+ # The name of your cluster.
3391
+ # @return [String]
3392
+ #
3393
+ # @!attribute [rw] principal_arn
3394
+ # The ARN of the IAM principal for the `AccessEntry`.
3395
+ # @return [String]
3396
+ #
2792
3397
  # @!attribute [rw] max_results
2793
- # The maximum number of cluster results returned by `ListClusters` in
2794
- # paginated output. When you use this parameter, `ListClusters`
2795
- # returns only `maxResults` results in a single page along with a
2796
- # `nextToken` response element. You can see the remaining results of
2797
- # the initial request by sending another `ListClusters` request with
2798
- # the returned `nextToken` value. This value can be between 1 and 100.
2799
- # If you don't use this parameter, `ListClusters` returns up to 100
2800
- # results and a `nextToken` value if applicable.
3398
+ # The maximum number of results, returned in paginated output. You
3399
+ # receive `maxResults` in a single page, along with a `nextToken`
3400
+ # response element. You can see the remaining results of the initial
3401
+ # request by sending another request with the returned `nextToken`
3402
+ # value. This value can be between 1 and 100. If you don't use this
3403
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3404
+ # returned.
2801
3405
  # @return [Integer]
2802
3406
  #
2803
3407
  # @!attribute [rw] next_token
2804
- # The `nextToken` value returned from a previous paginated
2805
- # `ListClusters` request where `maxResults` was used and the results
2806
- # exceeded the value of that parameter. Pagination continues from the
2807
- # end of the previous results that returned the `nextToken` value.
3408
+ # The `nextToken` value returned from a previous paginated request,
3409
+ # where `maxResults` was used and the results exceeded the value of
3410
+ # that parameter. Pagination continues from the end of the previous
3411
+ # results that returned the `nextToken` value. This value is null when
3412
+ # there are no more results to return.
3413
+ #
3414
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3415
+ # only to retrieve the next items in a list and not for other
3416
+ # programmatic purposes.
3417
+ #
3418
+ # </note>
3419
+ # @return [String]
3420
+ #
3421
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAssociatedAccessPoliciesRequest AWS API Documentation
3422
+ #
3423
+ class ListAssociatedAccessPoliciesRequest < Struct.new(
3424
+ :cluster_name,
3425
+ :principal_arn,
3426
+ :max_results,
3427
+ :next_token)
3428
+ SENSITIVE = []
3429
+ include Aws::Structure
3430
+ end
3431
+
3432
+ # @!attribute [rw] cluster_name
3433
+ # The name of your cluster.
3434
+ # @return [String]
3435
+ #
3436
+ # @!attribute [rw] principal_arn
3437
+ # The ARN of the IAM principal for the `AccessEntry`.
3438
+ # @return [String]
3439
+ #
3440
+ # @!attribute [rw] next_token
3441
+ # The `nextToken` value returned from a previous paginated request,
3442
+ # where `maxResults` was used and the results exceeded the value of
3443
+ # that parameter. Pagination continues from the end of the previous
3444
+ # results that returned the `nextToken` value. This value is null when
3445
+ # there are no more results to return.
3446
+ #
3447
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3448
+ # only to retrieve the next items in a list and not for other
3449
+ # programmatic purposes.
3450
+ #
3451
+ # </note>
3452
+ # @return [String]
3453
+ #
3454
+ # @!attribute [rw] associated_access_policies
3455
+ # The list of access policies associated with the access entry.
3456
+ # @return [Array<Types::AssociatedAccessPolicy>]
3457
+ #
3458
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAssociatedAccessPoliciesResponse AWS API Documentation
3459
+ #
3460
+ class ListAssociatedAccessPoliciesResponse < Struct.new(
3461
+ :cluster_name,
3462
+ :principal_arn,
3463
+ :next_token,
3464
+ :associated_access_policies)
3465
+ SENSITIVE = []
3466
+ include Aws::Structure
3467
+ end
3468
+
3469
+ # @!attribute [rw] max_results
3470
+ # The maximum number of results, returned in paginated output. You
3471
+ # receive `maxResults` in a single page, along with a `nextToken`
3472
+ # response element. You can see the remaining results of the initial
3473
+ # request by sending another request with the returned `nextToken`
3474
+ # value. This value can be between 1 and 100. If you don't use this
3475
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3476
+ # returned.
3477
+ # @return [Integer]
3478
+ #
3479
+ # @!attribute [rw] next_token
3480
+ # The `nextToken` value returned from a previous paginated request,
3481
+ # where `maxResults` was used and the results exceeded the value of
3482
+ # that parameter. Pagination continues from the end of the previous
3483
+ # results that returned the `nextToken` value. This value is null when
3484
+ # there are no more results to return.
2808
3485
  #
2809
3486
  # <note markdown="1"> This token should be treated as an opaque identifier that is used
2810
3487
  # only to retrieve the next items in a list and not for other
@@ -2815,9 +3492,14 @@ module Aws::EKS
2815
3492
  #
2816
3493
  # @!attribute [rw] include
2817
3494
  # Indicates whether external clusters are included in the returned
2818
- # list. Use '`all`' to return connected clusters, or blank to return
2819
- # only Amazon EKS clusters. '`all`' must be in lowercase otherwise
2820
- # an error occurs.
3495
+ # list. Use '`all`' to return
3496
+ # [https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html][1]connected
3497
+ # clusters, or blank to return only Amazon EKS clusters. '`all`'
3498
+ # must be in lowercase otherwise an error occurs.
3499
+ #
3500
+ #
3501
+ #
3502
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html
2821
3503
  # @return [Array<String>]
2822
3504
  #
2823
3505
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListClustersRequest AWS API Documentation
@@ -2832,14 +3514,21 @@ module Aws::EKS
2832
3514
 
2833
3515
  # @!attribute [rw] clusters
2834
3516
  # A list of all of the clusters for your account in the specified
2835
- # Region.
3517
+ # Amazon Web Services Region.
2836
3518
  # @return [Array<String>]
2837
3519
  #
2838
3520
  # @!attribute [rw] next_token
2839
- # The `nextToken` value to include in a future `ListClusters` request.
2840
- # When the results of a `ListClusters` request exceed `maxResults`,
2841
- # you can use this value to retrieve the next page of results. This
2842
- # value is `null` when there are no more results to return.
3521
+ # The `nextToken` value returned from a previous paginated request,
3522
+ # where `maxResults` was used and the results exceeded the value of
3523
+ # that parameter. Pagination continues from the end of the previous
3524
+ # results that returned the `nextToken` value. This value is null when
3525
+ # there are no more results to return.
3526
+ #
3527
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3528
+ # only to retrieve the next items in a list and not for other
3529
+ # programmatic purposes.
3530
+ #
3531
+ # </note>
2843
3532
  # @return [String]
2844
3533
  #
2845
3534
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListClustersResponse AWS API Documentation
@@ -2908,28 +3597,31 @@ module Aws::EKS
2908
3597
  end
2909
3598
 
2910
3599
  # @!attribute [rw] cluster_name
2911
- # The name of the Amazon EKS cluster that you would like to list
2912
- # Fargate profiles in.
3600
+ # The name of your cluster.
2913
3601
  # @return [String]
2914
3602
  #
2915
3603
  # @!attribute [rw] max_results
2916
- # The maximum number of Fargate profile results returned by
2917
- # `ListFargateProfiles` in paginated output. When you use this
2918
- # parameter, `ListFargateProfiles` returns only `maxResults` results
2919
- # in a single page along with a `nextToken` response element. You can
2920
- # see the remaining results of the initial request by sending another
2921
- # `ListFargateProfiles` request with the returned `nextToken` value.
2922
- # This value can be between 1 and 100. If you don't use this
2923
- # parameter, `ListFargateProfiles` returns up to 100 results and a
2924
- # `nextToken` value if applicable.
3604
+ # The maximum number of results, returned in paginated output. You
3605
+ # receive `maxResults` in a single page, along with a `nextToken`
3606
+ # response element. You can see the remaining results of the initial
3607
+ # request by sending another request with the returned `nextToken`
3608
+ # value. This value can be between 1 and 100. If you don't use this
3609
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3610
+ # returned.
2925
3611
  # @return [Integer]
2926
3612
  #
2927
3613
  # @!attribute [rw] next_token
2928
- # The `nextToken` value returned from a previous paginated
2929
- # `ListFargateProfiles` request where `maxResults` was used and the
2930
- # results exceeded the value of that parameter. Pagination continues
2931
- # from the end of the previous results that returned the `nextToken`
2932
- # value.
3614
+ # The `nextToken` value returned from a previous paginated request,
3615
+ # where `maxResults` was used and the results exceeded the value of
3616
+ # that parameter. Pagination continues from the end of the previous
3617
+ # results that returned the `nextToken` value. This value is null when
3618
+ # there are no more results to return.
3619
+ #
3620
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3621
+ # only to retrieve the next items in a list and not for other
3622
+ # programmatic purposes.
3623
+ #
3624
+ # </note>
2933
3625
  # @return [String]
2934
3626
  #
2935
3627
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListFargateProfilesRequest AWS API Documentation
@@ -2948,11 +3640,17 @@ module Aws::EKS
2948
3640
  # @return [Array<String>]
2949
3641
  #
2950
3642
  # @!attribute [rw] next_token
2951
- # The `nextToken` value to include in a future `ListFargateProfiles`
2952
- # request. When the results of a `ListFargateProfiles` request exceed
2953
- # `maxResults`, you can use this value to retrieve the next page of
2954
- # results. This value is `null` when there are no more results to
2955
- # return.
3643
+ # The `nextToken` value returned from a previous paginated request,
3644
+ # where `maxResults` was used and the results exceeded the value of
3645
+ # that parameter. Pagination continues from the end of the previous
3646
+ # results that returned the `nextToken` value. This value is null when
3647
+ # there are no more results to return.
3648
+ #
3649
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3650
+ # only to retrieve the next items in a list and not for other
3651
+ # programmatic purposes.
3652
+ #
3653
+ # </note>
2956
3654
  # @return [String]
2957
3655
  #
2958
3656
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListFargateProfilesResponse AWS API Documentation
@@ -2965,28 +3663,31 @@ module Aws::EKS
2965
3663
  end
2966
3664
 
2967
3665
  # @!attribute [rw] cluster_name
2968
- # The cluster name that you want to list identity provider
2969
- # configurations for.
3666
+ # The name of your cluster.
2970
3667
  # @return [String]
2971
3668
  #
2972
3669
  # @!attribute [rw] max_results
2973
- # The maximum number of identity provider configurations returned by
2974
- # `ListIdentityProviderConfigs` in paginated output. When you use this
2975
- # parameter, `ListIdentityProviderConfigs` returns only `maxResults`
2976
- # results in a single page along with a `nextToken` response element.
2977
- # You can see the remaining results of the initial request by sending
2978
- # another `ListIdentityProviderConfigs` request with the returned
2979
- # `nextToken` value. This value can be between 1 and 100. If you
2980
- # don't use this parameter, `ListIdentityProviderConfigs` returns up
2981
- # to 100 results and a `nextToken` value, if applicable.
3670
+ # The maximum number of results, returned in paginated output. You
3671
+ # receive `maxResults` in a single page, along with a `nextToken`
3672
+ # response element. You can see the remaining results of the initial
3673
+ # request by sending another request with the returned `nextToken`
3674
+ # value. This value can be between 1 and 100. If you don't use this
3675
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3676
+ # returned.
2982
3677
  # @return [Integer]
2983
3678
  #
2984
3679
  # @!attribute [rw] next_token
2985
- # The `nextToken` value returned from a previous paginated
2986
- # `IdentityProviderConfigsRequest` where `maxResults` was used and the
2987
- # results exceeded the value of that parameter. Pagination continues
2988
- # from the end of the previous results that returned the `nextToken`
2989
- # value.
3680
+ # The `nextToken` value returned from a previous paginated request,
3681
+ # where `maxResults` was used and the results exceeded the value of
3682
+ # that parameter. Pagination continues from the end of the previous
3683
+ # results that returned the `nextToken` value. This value is null when
3684
+ # there are no more results to return.
3685
+ #
3686
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3687
+ # only to retrieve the next items in a list and not for other
3688
+ # programmatic purposes.
3689
+ #
3690
+ # </note>
2990
3691
  # @return [String]
2991
3692
  #
2992
3693
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigsRequest AWS API Documentation
@@ -3021,27 +3722,31 @@ module Aws::EKS
3021
3722
  end
3022
3723
 
3023
3724
  # @!attribute [rw] cluster_name
3024
- # The name of the Amazon EKS cluster that you would like to list node
3025
- # groups in.
3725
+ # The name of your cluster.
3026
3726
  # @return [String]
3027
3727
  #
3028
3728
  # @!attribute [rw] max_results
3029
- # The maximum number of node group results returned by
3030
- # `ListNodegroups` in paginated output. When you use this parameter,
3031
- # `ListNodegroups` returns only `maxResults` results in a single page
3032
- # along with a `nextToken` response element. You can see the remaining
3033
- # results of the initial request by sending another `ListNodegroups`
3034
- # request with the returned `nextToken` value. This value can be
3035
- # between 1 and 100. If you don't use this parameter,
3036
- # `ListNodegroups` returns up to 100 results and a `nextToken` value
3037
- # if applicable.
3729
+ # The maximum number of results, returned in paginated output. You
3730
+ # receive `maxResults` in a single page, along with a `nextToken`
3731
+ # response element. You can see the remaining results of the initial
3732
+ # request by sending another request with the returned `nextToken`
3733
+ # value. This value can be between 1 and 100. If you don't use this
3734
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3735
+ # returned.
3038
3736
  # @return [Integer]
3039
3737
  #
3040
3738
  # @!attribute [rw] next_token
3041
- # The `nextToken` value returned from a previous paginated
3042
- # `ListNodegroups` request where `maxResults` was used and the results
3043
- # exceeded the value of that parameter. Pagination continues from the
3044
- # end of the previous results that returned the `nextToken` value.
3739
+ # The `nextToken` value returned from a previous paginated request,
3740
+ # where `maxResults` was used and the results exceeded the value of
3741
+ # that parameter. Pagination continues from the end of the previous
3742
+ # results that returned the `nextToken` value. This value is null when
3743
+ # there are no more results to return.
3744
+ #
3745
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3746
+ # only to retrieve the next items in a list and not for other
3747
+ # programmatic purposes.
3748
+ #
3749
+ # </note>
3045
3750
  # @return [String]
3046
3751
  #
3047
3752
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListNodegroupsRequest AWS API Documentation
@@ -3060,11 +3765,17 @@ module Aws::EKS
3060
3765
  # @return [Array<String>]
3061
3766
  #
3062
3767
  # @!attribute [rw] next_token
3063
- # The `nextToken` value to include in a future `ListNodegroups`
3064
- # request. When the results of a `ListNodegroups` request exceed
3065
- # `maxResults`, you can use this value to retrieve the next page of
3066
- # results. This value is `null` when there are no more results to
3067
- # return.
3768
+ # The `nextToken` value returned from a previous paginated request,
3769
+ # where `maxResults` was used and the results exceeded the value of
3770
+ # that parameter. Pagination continues from the end of the previous
3771
+ # results that returned the `nextToken` value. This value is null when
3772
+ # there are no more results to return.
3773
+ #
3774
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3775
+ # only to retrieve the next items in a list and not for other
3776
+ # programmatic purposes.
3777
+ #
3778
+ # </note>
3068
3779
  # @return [String]
3069
3780
  #
3070
3781
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListNodegroupsResponse AWS API Documentation
@@ -3168,9 +3879,8 @@ module Aws::EKS
3168
3879
  end
3169
3880
 
3170
3881
  # @!attribute [rw] resource_arn
3171
- # The Amazon Resource Name (ARN) that identifies the resource for
3172
- # which to list the tags. Currently, the supported resources are
3173
- # Amazon EKS clusters and managed node groups.
3882
+ # The Amazon Resource Name (ARN) that identifies the resource to list
3883
+ # tags for.
3174
3884
  # @return [String]
3175
3885
  #
3176
3886
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListTagsForResourceRequest AWS API Documentation
@@ -3206,21 +3916,27 @@ module Aws::EKS
3206
3916
  # @return [String]
3207
3917
  #
3208
3918
  # @!attribute [rw] next_token
3209
- # The `nextToken` value returned from a previous paginated
3210
- # `ListUpdates` request where `maxResults` was used and the results
3211
- # exceeded the value of that parameter. Pagination continues from the
3212
- # end of the previous results that returned the `nextToken` value.
3919
+ # The `nextToken` value returned from a previous paginated request,
3920
+ # where `maxResults` was used and the results exceeded the value of
3921
+ # that parameter. Pagination continues from the end of the previous
3922
+ # results that returned the `nextToken` value. This value is null when
3923
+ # there are no more results to return.
3924
+ #
3925
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3926
+ # only to retrieve the next items in a list and not for other
3927
+ # programmatic purposes.
3928
+ #
3929
+ # </note>
3213
3930
  # @return [String]
3214
3931
  #
3215
3932
  # @!attribute [rw] max_results
3216
- # The maximum number of update results returned by `ListUpdates` in
3217
- # paginated output. When you use this parameter, `ListUpdates` returns
3218
- # only `maxResults` results in a single page along with a `nextToken`
3933
+ # The maximum number of results, returned in paginated output. You
3934
+ # receive `maxResults` in a single page, along with a `nextToken`
3219
3935
  # response element. You can see the remaining results of the initial
3220
- # request by sending another `ListUpdates` request with the returned
3221
- # `nextToken` value. This value can be between 1 and 100. If you
3222
- # don't use this parameter, `ListUpdates` returns up to 100 results
3223
- # and a `nextToken` value if applicable.
3936
+ # request by sending another request with the returned `nextToken`
3937
+ # value. This value can be between 1 and 100. If you don't use this
3938
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3939
+ # returned.
3224
3940
  # @return [Integer]
3225
3941
  #
3226
3942
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListUpdatesRequest AWS API Documentation
@@ -3240,10 +3956,17 @@ module Aws::EKS
3240
3956
  # @return [Array<String>]
3241
3957
  #
3242
3958
  # @!attribute [rw] next_token
3243
- # The `nextToken` value to include in a future `ListUpdates` request.
3244
- # When the results of a `ListUpdates` request exceed `maxResults`, you
3245
- # can use this value to retrieve the next page of results. This value
3246
- # is `null` when there are no more results to return.
3959
+ # The `nextToken` value returned from a previous paginated request,
3960
+ # where `maxResults` was used and the results exceeded the value of
3961
+ # that parameter. Pagination continues from the end of the previous
3962
+ # results that returned the `nextToken` value. This value is null when
3963
+ # there are no more results to return.
3964
+ #
3965
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used
3966
+ # only to retrieve the next items in a list and not for other
3967
+ # programmatic purposes.
3968
+ #
3969
+ # </note>
3247
3970
  # @return [String]
3248
3971
  #
3249
3972
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListUpdatesResponse AWS API Documentation
@@ -3325,7 +4048,7 @@ module Aws::EKS
3325
4048
  # @return [String]
3326
4049
  #
3327
4050
  # @!attribute [rw] cluster_name
3328
- # The name of the cluster that the managed node group resides in.
4051
+ # The name of your cluster.
3329
4052
  # @return [String]
3330
4053
  #
3331
4054
  # @!attribute [rw] version
@@ -3341,13 +4064,11 @@ module Aws::EKS
3341
4064
  # @return [String]
3342
4065
  #
3343
4066
  # @!attribute [rw] created_at
3344
- # The Unix epoch timestamp in seconds for when the managed node group
3345
- # was created.
4067
+ # The Unix epoch timestamp at object creation.
3346
4068
  # @return [Time]
3347
4069
  #
3348
4070
  # @!attribute [rw] modified_at
3349
- # The Unix epoch timestamp in seconds for when the managed node group
3350
- # was last modified.
4071
+ # The Unix epoch timestamp for the last modification to the object.
3351
4072
  # @return [Time]
3352
4073
  #
3353
4074
  # @!attribute [rw] status
@@ -3396,11 +4117,11 @@ module Aws::EKS
3396
4117
  # @return [String]
3397
4118
  #
3398
4119
  # @!attribute [rw] labels
3399
- # The Kubernetes labels applied to the nodes in the node group.
4120
+ # The Kubernetes `labels` applied to the nodes in the node group.
3400
4121
  #
3401
- # <note markdown="1"> Only labels that are applied with the Amazon EKS API are shown here.
3402
- # There may be other Kubernetes labels applied to the nodes in this
3403
- # group.
4122
+ # <note markdown="1"> Only `labels` that are applied with the Amazon EKS API are shown
4123
+ # here. There may be other Kubernetes `labels` applied to the nodes in
4124
+ # this group.
3404
4125
  #
3405
4126
  # </note>
3406
4127
  # @return [Hash<String,String>]
@@ -3444,11 +4165,10 @@ module Aws::EKS
3444
4165
  # @return [Types::LaunchTemplateSpecification]
3445
4166
  #
3446
4167
  # @!attribute [rw] tags
3447
- # The metadata applied to the node group to assist with categorization
3448
- # and organization. Each tag consists of a key and an optional value.
3449
- # You define both. Node group tags do not propagate to any other
3450
- # resources associated with the node group, such as the Amazon EC2
3451
- # instances or subnets.
4168
+ # Metadata that assists with categorization and organization. Each tag
4169
+ # consists of a key and an optional value. You define both. Tags
4170
+ # don't propagate to any other cluster or Amazon Web Services
4171
+ # resources.
3452
4172
  # @return [Hash<String,String>]
3453
4173
  #
3454
4174
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/Nodegroup AWS API Documentation
@@ -3541,9 +4261,9 @@ module Aws::EKS
3541
4261
  # The current number of nodes that the managed node group should
3542
4262
  # maintain.
3543
4263
  #
3544
- # If you use Cluster Autoscaler, you shouldn't change the desiredSize
3545
- # value directly, as this can cause the Cluster Autoscaler to suddenly
3546
- # scale up or scale down.
4264
+ # If you use the Kubernetes [Cluster Autoscaler][1], you shouldn't
4265
+ # change the `desiredSize` value directly, as this can cause the
4266
+ # Cluster Autoscaler to suddenly scale up or scale down.
3547
4267
  #
3548
4268
  # Whenever this parameter changes, the number of worker nodes in the
3549
4269
  # node group is updated to the specified size. If this parameter is
@@ -3552,14 +4272,19 @@ module Aws::EKS
3552
4272
  # match the given value. When using CloudFormation, no action occurs
3553
4273
  # if you remove this parameter from your CFN template.
3554
4274
  #
3555
- # This parameter can be different from minSize in some cases, such as
3556
- # when starting with extra hosts for testing. This parameter can also
3557
- # be different when you want to start with an estimated number of
3558
- # needed hosts, but let Cluster Autoscaler reduce the number if there
3559
- # are too many. When Cluster Autoscaler is used, the desiredSize
3560
- # parameter is altered by Cluster Autoscaler (but can be out-of-date
3561
- # for short periods of time). Cluster Autoscaler doesn't scale a
3562
- # managed node group lower than minSize or higher than maxSize.
4275
+ # This parameter can be different from `minSize` in some cases, such
4276
+ # as when starting with extra hosts for testing. This parameter can
4277
+ # also be different when you want to start with an estimated number of
4278
+ # needed hosts, but let the Cluster Autoscaler reduce the number if
4279
+ # there are too many. When the Cluster Autoscaler is used, the
4280
+ # `desiredSize` parameter is altered by the Cluster Autoscaler (but
4281
+ # can be out-of-date for short periods of time). the Cluster
4282
+ # Autoscaler doesn't scale a managed node group lower than `minSize`
4283
+ # or higher than `maxSize`.
4284
+ #
4285
+ #
4286
+ #
4287
+ # [1]: https://github.com/kubernetes/autoscaler#kubernetes-autoscaler
3563
4288
  # @return [Integer]
3564
4289
  #
3565
4290
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/NodegroupScalingConfig AWS API Documentation
@@ -3576,16 +4301,15 @@ module Aws::EKS
3576
4301
  #
3577
4302
  # @!attribute [rw] max_unavailable
3578
4303
  # The maximum number of nodes unavailable at once during a version
3579
- # update. Nodes will be updated in parallel. This value or
4304
+ # update. Nodes are updated in parallel. This value or
3580
4305
  # `maxUnavailablePercentage` is required to have a value.The maximum
3581
4306
  # number is 100.
3582
4307
  # @return [Integer]
3583
4308
  #
3584
4309
  # @!attribute [rw] max_unavailable_percentage
3585
4310
  # The maximum percentage of nodes unavailable during a version update.
3586
- # This percentage of nodes will be updated in parallel, up to 100
3587
- # nodes at once. This value or `maxUnavailable` is required to have a
3588
- # value.
4311
+ # This percentage of nodes are updated in parallel, up to 100 nodes at
4312
+ # once. This value or `maxUnavailable` is required to have a value.
3589
4313
  # @return [Integer]
3590
4314
  #
3591
4315
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/NodegroupUpdateConfig AWS API Documentation
@@ -3644,7 +4368,7 @@ module Aws::EKS
3644
4368
  # @return [String]
3645
4369
  #
3646
4370
  # @!attribute [rw] cluster_name
3647
- # The cluster that the configuration is associated to.
4371
+ # The name of your cluster.
3648
4372
  # @return [String]
3649
4373
  #
3650
4374
  # @!attribute [rw] issuer_url
@@ -3685,9 +4409,10 @@ module Aws::EKS
3685
4409
  # @return [Hash<String,String>]
3686
4410
  #
3687
4411
  # @!attribute [rw] tags
3688
- # The metadata to apply to the provider configuration to assist with
3689
- # categorization and organization. Each tag consists of a key and an
3690
- # optional value. You define both.
4412
+ # Metadata that assists with categorization and organization. Each tag
4413
+ # consists of a key and an optional value. You define both. Tags
4414
+ # don't propagate to any other cluster or Amazon Web Services
4415
+ # resources.
3691
4416
  # @return [Hash<String,String>]
3692
4417
  #
3693
4418
  # @!attribute [rw] status
@@ -3715,8 +4440,8 @@ module Aws::EKS
3715
4440
 
3716
4441
  # An object representing an OpenID Connect (OIDC) configuration. Before
3717
4442
  # associating an OIDC identity provider to your cluster, review the
3718
- # considerations in [Authenticating users for your cluster from an
3719
- # OpenID Connect identity provider][1] in the *Amazon EKS User Guide*.
4443
+ # considerations in [Authenticating users for your cluster from an OIDC
4444
+ # identity provider][1] in the *Amazon EKS User Guide*.
3720
4445
  #
3721
4446
  #
3722
4447
  #
@@ -3727,10 +4452,10 @@ module Aws::EKS
3727
4452
  # @return [String]
3728
4453
  #
3729
4454
  # @!attribute [rw] issuer_url
3730
- # The URL of the OpenID identity provider that allows the API server
3731
- # to discover public signing keys for verifying tokens. The URL must
4455
+ # The URL of the OIDC identity provider that allows the API server to
4456
+ # discover public signing keys for verifying tokens. The URL must
3732
4457
  # begin with `https://` and should correspond to the `iss` claim in
3733
- # the provider's OIDC ID tokens. Per the OIDC standard, path
4458
+ # the provider's OIDC ID tokens. Based on the OIDC standard, path
3734
4459
  # components are allowed but query parameters are not. Typically the
3735
4460
  # URL consists of only a hostname, like `https://server.example.org`
3736
4461
  # or `https://example.com`. This URL should point to the level below
@@ -3740,14 +4465,14 @@ module Aws::EKS
3740
4465
  #
3741
4466
  # @!attribute [rw] client_id
3742
4467
  # This is also known as *audience*. The ID for the client application
3743
- # that makes authentication requests to the OpenID identity provider.
4468
+ # that makes authentication requests to the OIDC identity provider.
3744
4469
  # @return [String]
3745
4470
  #
3746
4471
  # @!attribute [rw] username_claim
3747
4472
  # The JSON Web Token (JWT) claim to use as the username. The default
3748
4473
  # is `sub`, which is expected to be a unique identifier of the end
3749
4474
  # user. You can choose other claims, such as `email` or `name`,
3750
- # depending on the OpenID identity provider. Claims other than `email`
4475
+ # depending on the OIDC identity provider. Claims other than `email`
3751
4476
  # are prefixed with the issuer URL to prevent naming clashes with
3752
4477
  # other plug-ins.
3753
4478
  # @return [String]
@@ -3887,7 +4612,7 @@ module Aws::EKS
3887
4612
  end
3888
4613
 
3889
4614
  # Amazon EKS Pod Identity associations provide the ability to manage
3890
- # credentials for your applications, similar to the way that 7EC2l
4615
+ # credentials for your applications, similar to the way that Amazon EC2
3891
4616
  # instance profiles provide credentials to Amazon EC2 instances.
3892
4617
  #
3893
4618
  # @!attribute [rw] cluster_name
@@ -3921,9 +4646,10 @@ module Aws::EKS
3921
4646
  # @return [String]
3922
4647
  #
3923
4648
  # @!attribute [rw] tags
3924
- # The metadata that you apply to a resource to assist with
3925
- # categorization and organization. Each tag consists of a key and an
3926
- # optional value. You define both.
4649
+ # Metadata that assists with categorization and organization. Each tag
4650
+ # consists of a key and an optional value. You define both. Tags
4651
+ # don't propagate to any other cluster or Amazon Web Services
4652
+ # resources.
3927
4653
  #
3928
4654
  # The following basic restrictions apply to tags:
3929
4655
  #
@@ -4050,7 +4776,7 @@ module Aws::EKS
4050
4776
  end
4051
4777
 
4052
4778
  # @!attribute [rw] name
4053
- # Define a unique name for this cluster for your Region.
4779
+ # A unique name for this cluster in your Amazon Web Services Region.
4054
4780
  # @return [String]
4055
4781
  #
4056
4782
  # @!attribute [rw] connector_config
@@ -4059,7 +4785,7 @@ module Aws::EKS
4059
4785
  # @return [Types::ConnectorConfigRequest]
4060
4786
  #
4061
4787
  # @!attribute [rw] client_request_token
4062
- # Unique, case-sensitive identifier that you provide to ensure the
4788
+ # A unique, case-sensitive identifier that you provide to ensure the
4063
4789
  # idempotency of the request.
4064
4790
  #
4065
4791
  # **A suitable default value is auto-generated.** You should normally
@@ -4067,10 +4793,10 @@ module Aws::EKS
4067
4793
  # @return [String]
4068
4794
  #
4069
4795
  # @!attribute [rw] tags
4070
- # The metadata that you apply to the cluster to assist with
4071
- # categorization and organization. Each tag consists of a key and an
4072
- # optional value, both of which you define. Cluster tags do not
4073
- # propagate to any other resources associated with the cluster.
4796
+ # Metadata that assists with categorization and organization. Each tag
4797
+ # consists of a key and an optional value. You define both. Tags
4798
+ # don't propagate to any other cluster or Amazon Web Services
4799
+ # resources.
4074
4800
  # @return [Hash<String,String>]
4075
4801
  #
4076
4802
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/RegisterClusterRequest AWS API Documentation
@@ -4196,9 +4922,9 @@ module Aws::EKS
4196
4922
  end
4197
4923
 
4198
4924
  # The specified resource could not be found. You can view your available
4199
- # clusters with ListClusters. You can view your available managed node
4200
- # groups with ListNodegroups. Amazon EKS clusters and node groups are
4201
- # Region-specific.
4925
+ # clusters with `ListClusters`. You can view your available managed node
4926
+ # groups with `ListNodegroups`. Amazon EKS clusters and node groups are
4927
+ # Amazon Web Services Region specific.
4202
4928
  #
4203
4929
  # @!attribute [rw] cluster_name
4204
4930
  # The Amazon EKS cluster associated with the exception.
@@ -4302,14 +5028,14 @@ module Aws::EKS
4302
5028
  end
4303
5029
 
4304
5030
  # @!attribute [rw] resource_arn
4305
- # The Amazon Resource Name (ARN) of the resource to which to add tags.
4306
- # Currently, the supported resources are Amazon EKS clusters and
4307
- # managed node groups.
5031
+ # The Amazon Resource Name (ARN) of the resource to add tags to.
4308
5032
  # @return [String]
4309
5033
  #
4310
5034
  # @!attribute [rw] tags
4311
- # The tags to add to the resource. A tag is an array of key-value
4312
- # pairs.
5035
+ # Metadata that assists with categorization and organization. Each tag
5036
+ # consists of a key and an optional value. You define both. Tags
5037
+ # don't propagate to any other cluster or Amazon Web Services
5038
+ # resources.
4313
5039
  # @return [Hash<String,String>]
4314
5040
  #
4315
5041
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/TagResourceRequest AWS API Documentation
@@ -4325,8 +5051,9 @@ module Aws::EKS
4325
5051
  #
4326
5052
  class TagResourceResponse < Aws::EmptyStructure; end
4327
5053
 
4328
- # A property that allows a node to repel a set of pods. For more
4329
- # information, see [Node taints on managed node groups][1].
5054
+ # A property that allows a node to repel a `Pod`. For more information,
5055
+ # see [Node taints on managed node groups][1] in the *Amazon EKS User
5056
+ # Guide*.
4330
5057
  #
4331
5058
  #
4332
5059
  #
@@ -4391,13 +5118,11 @@ module Aws::EKS
4391
5118
  end
4392
5119
 
4393
5120
  # @!attribute [rw] resource_arn
4394
- # The Amazon Resource Name (ARN) of the resource from which to delete
4395
- # tags. Currently, the supported resources are Amazon EKS clusters and
4396
- # managed node groups.
5121
+ # The Amazon Resource Name (ARN) of the resource to delete tags from.
4397
5122
  # @return [String]
4398
5123
  #
4399
5124
  # @!attribute [rw] tag_keys
4400
- # The keys of the tags to be removed.
5125
+ # The keys of the tags to remove.
4401
5126
  # @return [Array<String>]
4402
5127
  #
4403
5128
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UntagResourceRequest AWS API Documentation
@@ -4433,7 +5158,7 @@ module Aws::EKS
4433
5158
  # @return [Array<Types::UpdateParam>]
4434
5159
  #
4435
5160
  # @!attribute [rw] created_at
4436
- # The Unix epoch timestamp in seconds for when the update was created.
5161
+ # The Unix epoch timestamp at object creation.
4437
5162
  # @return [Time]
4438
5163
  #
4439
5164
  # @!attribute [rw] errors
@@ -4453,8 +5178,101 @@ module Aws::EKS
4453
5178
  include Aws::Structure
4454
5179
  end
4455
5180
 
5181
+ # The access configuration information for the cluster.
5182
+ #
5183
+ # @!attribute [rw] authentication_mode
5184
+ # The desired authentication mode for the cluster.
5185
+ # @return [String]
5186
+ #
5187
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAccessConfigRequest AWS API Documentation
5188
+ #
5189
+ class UpdateAccessConfigRequest < Struct.new(
5190
+ :authentication_mode)
5191
+ SENSITIVE = []
5192
+ include Aws::Structure
5193
+ end
5194
+
5195
+ # @!attribute [rw] cluster_name
5196
+ # The name of your cluster.
5197
+ # @return [String]
5198
+ #
5199
+ # @!attribute [rw] principal_arn
5200
+ # The ARN of the IAM principal for the `AccessEntry`.
5201
+ # @return [String]
5202
+ #
5203
+ # @!attribute [rw] kubernetes_groups
5204
+ # The value for `name` that you've specified for `kind: Group` as a
5205
+ # `subject` in a Kubernetes `RoleBinding` or `ClusterRoleBinding`
5206
+ # object. Amazon EKS doesn't confirm that the value for `name` exists
5207
+ # in any bindings on your cluster. You can specify one or more names.
5208
+ #
5209
+ # Kubernetes authorizes the `principalArn` of the access entry to
5210
+ # access any cluster objects that you've specified in a Kubernetes
5211
+ # `Role` or `ClusterRole` object that is also specified in a
5212
+ # binding's `roleRef`. For more information about creating Kubernetes
5213
+ # `RoleBinding`, `ClusterRoleBinding`, `Role`, or `ClusterRole`
5214
+ # objects, see [Using RBAC Authorization in the Kubernetes
5215
+ # documentation][1].
5216
+ #
5217
+ # If you want Amazon EKS to authorize the `principalArn` (instead of,
5218
+ # or in addition to Kubernetes authorizing the `principalArn`), you
5219
+ # can associate one or more access policies to the access entry using
5220
+ # `AssociateAccessPolicy`. If you associate any access policies, the
5221
+ # `principalARN` has all permissions assigned in the associated access
5222
+ # policies and all permissions in any Kubernetes `Role` or
5223
+ # `ClusterRole` objects that the group names are bound to.
5224
+ #
5225
+ #
5226
+ #
5227
+ # [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
5228
+ # @return [Array<String>]
5229
+ #
5230
+ # @!attribute [rw] client_request_token
5231
+ # A unique, case-sensitive identifier that you provide to ensure the
5232
+ # idempotency of the request.
5233
+ #
5234
+ # **A suitable default value is auto-generated.** You should normally
5235
+ # not need to pass this option.
5236
+ # @return [String]
5237
+ #
5238
+ # @!attribute [rw] username
5239
+ # The username to authenticate to Kubernetes with. We recommend not
5240
+ # specifying a username and letting Amazon EKS specify it for you. For
5241
+ # more information about the value Amazon EKS specifies for you, or
5242
+ # constraints before specifying your own username, see [Creating
5243
+ # access entries][1] in the *Amazon EKS User Guide*.
5244
+ #
5245
+ #
5246
+ #
5247
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries
5248
+ # @return [String]
5249
+ #
5250
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAccessEntryRequest AWS API Documentation
5251
+ #
5252
+ class UpdateAccessEntryRequest < Struct.new(
5253
+ :cluster_name,
5254
+ :principal_arn,
5255
+ :kubernetes_groups,
5256
+ :client_request_token,
5257
+ :username)
5258
+ SENSITIVE = []
5259
+ include Aws::Structure
5260
+ end
5261
+
5262
+ # @!attribute [rw] access_entry
5263
+ # The ARN of the IAM principal for the `AccessEntry`.
5264
+ # @return [Types::AccessEntry]
5265
+ #
5266
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAccessEntryResponse AWS API Documentation
5267
+ #
5268
+ class UpdateAccessEntryResponse < Struct.new(
5269
+ :access_entry)
5270
+ SENSITIVE = []
5271
+ include Aws::Structure
5272
+ end
5273
+
4456
5274
  # @!attribute [rw] cluster_name
4457
- # The name of the cluster.
5275
+ # The name of your cluster.
4458
5276
  # @return [String]
4459
5277
  #
4460
5278
  # @!attribute [rw] addon_name
@@ -4514,7 +5332,7 @@ module Aws::EKS
4514
5332
  # @return [String]
4515
5333
  #
4516
5334
  # @!attribute [rw] client_request_token
4517
- # Unique, case-sensitive identifier that you provide to ensure the
5335
+ # A unique, case-sensitive identifier that you provide to ensure the
4518
5336
  # idempotency of the request.
4519
5337
  #
4520
5338
  # **A suitable default value is auto-generated.** You should normally
@@ -4523,12 +5341,8 @@ module Aws::EKS
4523
5341
  #
4524
5342
  # @!attribute [rw] configuration_values
4525
5343
  # The set of configuration values for the add-on that's created. The
4526
- # values that you provide are validated against the schema in
4527
- # [DescribeAddonConfiguration][1].
4528
- #
4529
- #
4530
- #
4531
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html
5344
+ # values that you provide are validated against the schema returned by
5345
+ # `DescribeAddonConfiguration`.
4532
5346
  # @return [String]
4533
5347
  #
4534
5348
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAddonRequest AWS API Documentation
@@ -4586,20 +5400,25 @@ module Aws::EKS
4586
5400
  # @return [Types::Logging]
4587
5401
  #
4588
5402
  # @!attribute [rw] client_request_token
4589
- # Unique, case-sensitive identifier that you provide to ensure the
5403
+ # A unique, case-sensitive identifier that you provide to ensure the
4590
5404
  # idempotency of the request.
4591
5405
  #
4592
5406
  # **A suitable default value is auto-generated.** You should normally
4593
5407
  # not need to pass this option.
4594
5408
  # @return [String]
4595
5409
  #
5410
+ # @!attribute [rw] access_config
5411
+ # The access configuration for the cluster.
5412
+ # @return [Types::UpdateAccessConfigRequest]
5413
+ #
4596
5414
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateClusterConfigRequest AWS API Documentation
4597
5415
  #
4598
5416
  class UpdateClusterConfigRequest < Struct.new(
4599
5417
  :name,
4600
5418
  :resources_vpc_config,
4601
5419
  :logging,
4602
- :client_request_token)
5420
+ :client_request_token,
5421
+ :access_config)
4603
5422
  SENSITIVE = []
4604
5423
  include Aws::Structure
4605
5424
  end
@@ -4625,7 +5444,7 @@ module Aws::EKS
4625
5444
  # @return [String]
4626
5445
  #
4627
5446
  # @!attribute [rw] client_request_token
4628
- # Unique, case-sensitive identifier that you provide to ensure the
5447
+ # A unique, case-sensitive identifier that you provide to ensure the
4629
5448
  # idempotency of the request.
4630
5449
  #
4631
5450
  # **A suitable default value is auto-generated.** You should normally
@@ -4693,15 +5512,15 @@ module Aws::EKS
4693
5512
  include Aws::Structure
4694
5513
  end
4695
5514
 
4696
- # An object representing a Kubernetes label change for a managed node
5515
+ # An object representing a Kubernetes `label` change for a managed node
4697
5516
  # group.
4698
5517
  #
4699
5518
  # @!attribute [rw] add_or_update_labels
4700
- # Kubernetes labels to be added or updated.
5519
+ # The Kubernetes `labels` to add or update.
4701
5520
  # @return [Hash<String,String>]
4702
5521
  #
4703
5522
  # @!attribute [rw] remove_labels
4704
- # Kubernetes labels to be removed.
5523
+ # The Kubernetes `labels` to remove.
4705
5524
  # @return [Array<String>]
4706
5525
  #
4707
5526
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateLabelsPayload AWS API Documentation
@@ -4714,8 +5533,7 @@ module Aws::EKS
4714
5533
  end
4715
5534
 
4716
5535
  # @!attribute [rw] cluster_name
4717
- # The name of the Amazon EKS cluster that the managed node group
4718
- # resides in.
5536
+ # The name of your cluster.
4719
5537
  # @return [String]
4720
5538
  #
4721
5539
  # @!attribute [rw] nodegroup_name
@@ -4723,7 +5541,7 @@ module Aws::EKS
4723
5541
  # @return [String]
4724
5542
  #
4725
5543
  # @!attribute [rw] labels
4726
- # The Kubernetes labels to be applied to the nodes in the node group
5544
+ # The Kubernetes `labels` to apply to the nodes in the node group
4727
5545
  # after the update.
4728
5546
  # @return [Types::UpdateLabelsPayload]
4729
5547
  #
@@ -4747,7 +5565,7 @@ module Aws::EKS
4747
5565
  # @return [Types::NodegroupUpdateConfig]
4748
5566
  #
4749
5567
  # @!attribute [rw] client_request_token
4750
- # Unique, case-sensitive identifier that you provide to ensure the
5568
+ # A unique, case-sensitive identifier that you provide to ensure the
4751
5569
  # idempotency of the request.
4752
5570
  #
4753
5571
  # **A suitable default value is auto-generated.** You should normally
@@ -4781,8 +5599,7 @@ module Aws::EKS
4781
5599
  end
4782
5600
 
4783
5601
  # @!attribute [rw] cluster_name
4784
- # The name of the Amazon EKS cluster that is associated with the
4785
- # managed node group to update.
5602
+ # The name of your cluster.
4786
5603
  # @return [String]
4787
5604
  #
4788
5605
  # @!attribute [rw] nodegroup_name
@@ -4836,15 +5653,15 @@ module Aws::EKS
4836
5653
  # @return [Types::LaunchTemplateSpecification]
4837
5654
  #
4838
5655
  # @!attribute [rw] force
4839
- # Force the update if the existing node group's pods are unable to be
4840
- # drained due to a pod disruption budget issue. If an update fails
4841
- # because pods could not be drained, you can force the update after it
4842
- # fails to terminate the old node whether or not any pods are running
4843
- # on the node.
5656
+ # Force the update if any `Pod` on the existing node group can't be
5657
+ # drained due to a `Pod` disruption budget issue. If an update fails
5658
+ # because all Pods can't be drained, you can force the update after
5659
+ # it fails to terminate the old node whether or not any `Pod` is
5660
+ # running on the node.
4844
5661
  # @return [Boolean]
4845
5662
  #
4846
5663
  # @!attribute [rw] client_request_token
4847
- # Unique, case-sensitive identifier that you provide to ensure the
5664
+ # A unique, case-sensitive identifier that you provide to ensure the
4848
5665
  # idempotency of the request.
4849
5666
  #
4850
5667
  # **A suitable default value is auto-generated.** You should normally
@@ -4909,7 +5726,7 @@ module Aws::EKS
4909
5726
  # @return [String]
4910
5727
  #
4911
5728
  # @!attribute [rw] client_request_token
4912
- # Unique, case-sensitive identifier that you provide to ensure the
5729
+ # A unique, case-sensitive identifier that you provide to ensure the
4913
5730
  # idempotency of the request.
4914
5731
  #
4915
5732
  # **A suitable default value is auto-generated.** You should normally
@@ -4941,7 +5758,8 @@ module Aws::EKS
4941
5758
  end
4942
5759
 
4943
5760
  # An object representing the details of an update to a taints payload.
4944
- # For more information, see [Node taints on managed node groups][1].
5761
+ # For more information, see [Node taints on managed node groups][1] in
5762
+ # the *Amazon EKS User Guide*.
4945
5763
  #
4946
5764
  #
4947
5765
  #
@@ -5024,10 +5842,10 @@ module Aws::EKS
5024
5842
  # Kubernetes API server endpoint. Communication to the endpoint from
5025
5843
  # addresses outside of the CIDR blocks that you specify is denied. The
5026
5844
  # default value is `0.0.0.0/0`. If you've disabled private endpoint
5027
- # access and you have nodes or Fargate pods in the cluster, then
5028
- # ensure that you specify the necessary CIDR blocks. For more
5029
- # information, see [Amazon EKS cluster endpoint access control][1] in
5030
- # the <i> <i>Amazon EKS User Guide</i> </i>.
5845
+ # access, make sure that you specify the necessary CIDR blocks for
5846
+ # every node and Fargate `Pod` in the cluster. For more information,
5847
+ # see [Amazon EKS cluster endpoint access control][1] in the <i>
5848
+ # <i>Amazon EKS User Guide</i> </i>.
5031
5849
  #
5032
5850
  #
5033
5851
  #
@@ -5070,10 +5888,7 @@ module Aws::EKS
5070
5888
  # @return [String]
5071
5889
  #
5072
5890
  # @!attribute [rw] endpoint_public_access
5073
- # This parameter indicates whether the Amazon EKS public API server
5074
- # endpoint is enabled. If the Amazon EKS public API server endpoint is
5075
- # disabled, your cluster's Kubernetes API server can only receive
5076
- # requests that originate from within the cluster VPC.
5891
+ # Whether the public API server endpoint is enabled.
5077
5892
  # @return [Boolean]
5078
5893
  #
5079
5894
  # @!attribute [rw] endpoint_private_access
@@ -5095,17 +5910,7 @@ module Aws::EKS
5095
5910
  #
5096
5911
  # @!attribute [rw] public_access_cidrs
5097
5912
  # The CIDR blocks that are allowed access to your cluster's public
5098
- # Kubernetes API server endpoint. Communication to the endpoint from
5099
- # addresses outside of the listed CIDR blocks is denied. The default
5100
- # value is `0.0.0.0/0`. If you've disabled private endpoint access
5101
- # and you have nodes or Fargate pods in the cluster, then ensure that
5102
- # the necessary CIDR blocks are listed. For more information, see
5103
- # [Amazon EKS cluster endpoint access control][1] in the <i> <i>Amazon
5104
- # EKS User Guide</i> </i>.
5105
- #
5106
- #
5107
- #
5108
- # [1]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
5913
+ # Kubernetes API server endpoint.
5109
5914
  # @return [Array<String>]
5110
5915
  #
5111
5916
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/VpcConfigResponse AWS API Documentation