aws-sdk-eks 1.94.0 → 1.96.0

data/lib/aws-sdk-eks/types.rb

@@ -10,6 +10,26 @@
 module Aws::EKS
   module Types
 
+    # The access configuration for the cluster.
+    #
+    # @!attribute [rw] bootstrap_cluster_creator_admin_permissions
+    #   Specifies whether or not the cluster creator IAM principal was set
+    #   as a cluster admin access entry during cluster creation time.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] authentication_mode
+    #   The current authentication mode of the cluster.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AccessConfigResponse AWS API Documentation
+    #
+    class AccessConfigResponse < Struct.new(
+      :bootstrap_cluster_creator_admin_permissions,
+      :authentication_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # You don't have permissions to perform the requested operation. The
     # [IAM principal][1] making the request must have at least one IAM
     # permissions policy attached that grants the required permissions. For
@@ -32,6 +52,137 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # An access entry allows an IAM principal (user or role) to access your
+    # cluster. Access entries can replace the need to maintain the
+    # `aws-auth` `ConfigMap` for authentication. For more information about
+    # access entries, see [Access entries][1] in the *Amazon EKS User
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
+    #
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM principal for the access entry. If you ever
+    #   delete the IAM principal with this ARN, the access entry isn't
+    #   automatically deleted. We recommend that you delete the access entry
+    #   with an ARN for an IAM principal that you delete. If you don't
+    #   delete the access entry and ever recreate the IAM principal, even if
+    #   it has the same ARN, the access entry won't work. This is because
+    #   even though the ARN is the same for the recreated IAM principal, the
+    #   `roleID` or `userID` (you can see this with the Security Token
+    #   Service `GetCallerIdentity` API) is different for the recreated IAM
+    #   principal than it was for the original IAM principal. Even though
+    #   you don't see the IAM principal's `roleID` or `userID` for an
+    #   access entry, Amazon EKS stores it with the access entry.
+    #   @return [String]
+    #
+    # @!attribute [rw] kubernetes_groups
+    #   A `name` that you've specified in a Kubernetes `RoleBinding` or
+    #   `ClusterRoleBinding` object so that Kubernetes authorizes the
+    #   `principalARN` access to cluster objects.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] access_entry_arn
+    #   The ARN of the access entry.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The Unix epoch timestamp at object creation.
+    #   @return [Time]
+    #
+    # @!attribute [rw] modified_at
+    #   The Unix epoch timestamp for the last modification to the object.
+    #   @return [Time]
+    #
+    # @!attribute [rw] tags
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] username
+    #   The `name` of a user that can authenticate to your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of the access entry.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AccessEntry AWS API Documentation
+    #
+    class AccessEntry < Struct.new(
+      :cluster_name,
+      :principal_arn,
+      :kubernetes_groups,
+      :access_entry_arn,
+      :created_at,
+      :modified_at,
+      :tags,
+      :username,
+      :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An access policy includes permissions that allow Amazon EKS to
+    # authorize an IAM principal to work with Kubernetes objects on your
+    # cluster. The policies are managed by Amazon EKS, but they're not IAM
+    # policies. You can't view the permissions in the policies using the
+    # API. The permissions for many of the policies are similar to the
+    # Kubernetes `cluster-admin`, `admin`, `edit`, and `view` cluster roles.
+    # For more information about these cluster roles, see [User-facing
+    # roles][1] in the Kubernetes documentation. To view the contents of the
+    # policies, see [Access policy permissions][2] in the *Amazon EKS User
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
+    # [2]: https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions
+    #
+    # @!attribute [rw] name
+    #   The name of the access policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] arn
+    #   The ARN of the access policy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AccessPolicy AWS API Documentation
+    #
+    class AccessPolicy < Struct.new(
+      :name,
+      :arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The scope of an `AccessPolicy` that's associated to an `AccessEntry`.
+    #
+    # @!attribute [rw] type
+    #   The scope type of an access policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] namespaces
+    #   A Kubernetes `namespace` that an access policy is scoped to. A value
+    #   is required if you specified `namespace` for `Type`.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AccessScope AWS API Documentation
+    #
+    class AccessScope < Struct.new(
+      :type,
+      :namespaces)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An Amazon EKS add-on. For more information, see [Amazon EKS
     # add-ons][1] in the *Amazon EKS User Guide*.
     #
@@ -44,7 +195,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] cluster_name
-    #   The name of the cluster.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] status
@@ -64,23 +215,23 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] created_at
-    #   The date and time that the add-on was created.
+    #   The Unix epoch timestamp at object creation.
     #   @return [Time]
     #
     # @!attribute [rw] modified_at
-    #   The date and time that the add-on was last modified.
+    #   The Unix epoch timestamp for the last modification to the object.
     #   @return [Time]
     #
     # @!attribute [rw] service_account_role_arn
     #   The Amazon Resource Name (ARN) of the IAM role that's bound to the
-    #   Kubernetes service account that the add-on uses.
+    #   Kubernetes `ServiceAccount` object that the add-on uses.
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The metadata that you apply to the add-on to assist with
-    #   categorization and organization. Each tag consists of a key and an
-    #   optional value. You define both. Add-on tags do not propagate to any
-    #   other resources associated with the cluster.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] publisher
@@ -231,8 +382,59 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the cluster that you are associating with encryption
-    #   configuration.
+    #   The name of your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The Amazon Resource Name (ARN) of the IAM user or role for the
+    #   `AccessEntry` that you're associating the access policy to.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_arn
+    #   The ARN of the `AccessPolicy` that you're associating. For a list
+    #   of ARNs, use `ListAccessPolicies`.
+    #   @return [String]
+    #
+    # @!attribute [rw] access_scope
+    #   The scope for the `AccessPolicy`. You can scope access policies to
+    #   an entire cluster or to specific Kubernetes namespaces.
+    #   @return [Types::AccessScope]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateAccessPolicyRequest AWS API Documentation
+    #
+    class AssociateAccessPolicyRequest < Struct.new(
+      :cluster_name,
+      :principal_arn,
+      :policy_arn,
+      :access_scope)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM principal for the `AccessEntry`.
+    #   @return [String]
+    #
+    # @!attribute [rw] associated_access_policy
+    #   The `AccessPolicy` and scope associated to the `AccessEntry`.
+    #   @return [Types::AssociatedAccessPolicy]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateAccessPolicyResponse AWS API Documentation
+    #
+    class AssociateAccessPolicyResponse < Struct.new(
+      :cluster_name,
+      :principal_arn,
+      :associated_access_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] encryption_config
@@ -240,8 +442,8 @@ module Aws::EKS
     #   @return [Array<Types::EncryptionConfig>]
     #
     # @!attribute [rw] client_request_token
-    #   The client request token you are using with the encryption
-    #   configuration.
+    #   A unique, case-sensitive identifier that you provide to ensure the
+    #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -270,7 +472,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the cluster to associate the configuration to.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] oidc
@@ -279,13 +481,14 @@ module Aws::EKS
     #   @return [Types::OidcIdentityProviderConfigRequest]
     #
     # @!attribute [rw] tags
-    #   The metadata to apply to the configuration to assist with
-    #   categorization and organization. Each tag consists of a key and an
-    #   optional value. You define both.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -320,6 +523,36 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # An access policy association.
+    #
+    # @!attribute [rw] policy_arn
+    #   The ARN of the `AccessPolicy`.
+    #   @return [String]
+    #
+    # @!attribute [rw] access_scope
+    #   The scope of the access policy.
+    #   @return [Types::AccessScope]
+    #
+    # @!attribute [rw] associated_at
+    #   The date and time the `AccessPolicy` was associated with an
+    #   `AccessEntry`.
+    #   @return [Time]
+    #
+    # @!attribute [rw] modified_at
+    #   The Unix epoch timestamp for the last modification to the object.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociatedAccessPolicy AWS API Documentation
+    #
+    class AssociatedAccessPolicy < Struct.new(
+      :policy_arn,
+      :access_scope,
+      :associated_at,
+      :modified_at)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An Auto Scaling group that is associated with an Amazon EKS managed
     # node group.
     #
@@ -422,7 +655,7 @@ module Aws::EKS
     # An object representing an Amazon EKS cluster.
     #
     # @!attribute [rw] name
-    #   The name of the cluster.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] arn
@@ -430,8 +663,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] created_at
-    #   The Unix epoch timestamp in seconds for when the cluster was
-    #   created.
+    #   The Unix epoch timestamp at object creation.
     #   @return [Time]
     #
     # @!attribute [rw] version
@@ -452,7 +684,7 @@ module Aws::EKS
     #   The VPC configuration used by the cluster control plane. Amazon EKS
     #   VPC resources have specific requirements to work properly with
     #   Kubernetes. For more information, see [Cluster VPC
-    #   Considerations][1] and [Cluster Security Group Considerations][2] in
+    #   considerations][1] and [Cluster security group considerations][2] in
     #   the *Amazon EKS User Guide*.
     #
     #
@@ -482,25 +714,29 @@ module Aws::EKS
     #   @return [Types::Certificate]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #   @return [String]
     #
     # @!attribute [rw] platform_version
     #   The platform version of your Amazon EKS cluster. For more
-    #   information, see [Platform Versions][1] in the <i> <i>Amazon EKS
-    #   User Guide</i> </i>.
+    #   information about clusters deployed on the Amazon Web Services
+    #   Cloud, see [Platform versions][1] in the <i> <i>Amazon EKS User
+    #   Guide</i> </i>. For more information about local clusters deployed
+    #   on an Outpost, see [Amazon EKS local cluster platform versions][2]
+    #   in the <i> <i>Amazon EKS User Guide</i> </i>.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html
+    #   [2]: https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-platform-versions.html
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The metadata that you apply to the cluster to assist with
-    #   categorization and organization. Each tag consists of a key and an
-    #   optional value. You define both. Cluster tags do not propagate to
-    #   any other resources associated with the cluster.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] encryption_config
@@ -529,6 +765,10 @@ module Aws::EKS
     #   available for clusters on the Amazon Web Services cloud.
     #   @return [Types::OutpostConfigResponse]
     #
+    # @!attribute [rw] access_config
+    #   The access configuration for the cluster.
+    #   @return [Types::AccessConfigResponse]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/Cluster AWS API Documentation
     #
     class Cluster < Struct.new(
@@ -551,7 +791,8 @@ module Aws::EKS
       :connector_config,
       :id,
       :health,
-      :outpost_config)
+      :outpost_config,
+      :access_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -723,17 +964,160 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # The access configuration information for the cluster.
+    #
+    # @!attribute [rw] bootstrap_cluster_creator_admin_permissions
+    #   Specifies whether or not the cluster creator IAM principal was set
+    #   as a cluster admin access entry during cluster creation time. The
+    #   default value is `true`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] authentication_mode
+    #   The desired authentication mode for the cluster. If you create a
+    #   cluster by using the EKS API, Amazon Web Services SDKs, or
+    #   CloudFormation, the default is `CONFIG_MAP`. If you create the
+    #   cluster by using the Amazon Web Services Management Console, the
+    #   default value is `API_AND_CONFIG_MAP`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAccessConfigRequest AWS API Documentation
+    #
+    class CreateAccessConfigRequest < Struct.new(
+      :bootstrap_cluster_creator_admin_permissions,
+      :authentication_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] cluster_name
-    #   The name of the cluster to create the add-on for.
+    #   The name of your cluster.
     #   @return [String]
     #
-    # @!attribute [rw] addon_name
-    #   The name of the add-on. The name must match one of the names that [
-    #   `DescribeAddonVersions` ][1] returns.
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM principal for the `AccessEntry`. You can specify
+    #   one ARN for each access entry. You can't specify the same ARN in
+    #   more than one access entry. This value can't be changed after
+    #   access entry creation.
     #
+    #   [IAM best practices][1] recommend using IAM roles with temporary
+    #   credentials, rather than IAM users with long-term credentials.
     #
     #
-    #   [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp
+    #   @return [String]
+    #
+    # @!attribute [rw] kubernetes_groups
+    #   The value for `name` that you've specified for `kind: Group` as a
+    #   `subject` in a Kubernetes `RoleBinding` or `ClusterRoleBinding`
+    #   object. Amazon EKS doesn't confirm that the value for `name` exists
+    #   in any bindings on your cluster. You can specify one or more names.
+    #
+    #   Kubernetes authorizes the `principalArn` of the access entry to
+    #   access any cluster objects that you've specified in a Kubernetes
+    #   `Role` or `ClusterRole` object that is also specified in a
+    #   binding's `roleRef`. For more information about creating Kubernetes
+    #   `RoleBinding`, `ClusterRoleBinding`, `Role`, or `ClusterRole`
+    #   objects, see [Using RBAC Authorization in the Kubernetes
+    #   documentation][1].
+    #
+    #   If you want Amazon EKS to authorize the `principalArn` (instead of,
+    #   or in addition to Kubernetes authorizing the `principalArn`), you
+    #   can associate one or more access policies to the access entry using
+    #   `AssociateAccessPolicy`. If you associate any access policies, the
+    #   `principalARN` has all permissions assigned in the associated access
+    #   policies and all permissions in any Kubernetes `Role` or
+    #   `ClusterRole` objects that the group names are bound to.
+    #
+    #
+    #
+    #   [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] tags
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] client_request_token
+    #   A unique, case-sensitive identifier that you provide to ensure the
+    #   idempotency of the request.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @!attribute [rw] username
+    #   The username to authenticate to Kubernetes with. We recommend not
+    #   specifying a username and letting Amazon EKS specify it for you. For
+    #   more information about the value Amazon EKS specifies for you, or
+    #   constraints before specifying your own username, see [Creating
+    #   access entries][1] in the *Amazon EKS User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   If the `principalArn` is for an IAM role that's used for
+    #   self-managed Amazon EC2 nodes, specify `EC2_LINUX` or `EC2_WINDOWS`.
+    #   Amazon EKS grants the necessary permissions to the node for you. If
+    #   the `principalArn` is for any other purpose, specify `STANDARD`. If
+    #   you don't specify a value, Amazon EKS sets the value to `STANDARD`.
+    #   It's unnecessary to create access entries for IAM roles used with
+    #   Fargate profiles or managed Amazon EC2 nodes, because Amazon EKS
+    #   creates entries in the `aws-auth` `ConfigMap` for the roles. You
+    #   can't change this value once you've created the access entry.
+    #
+    #   If you set the value to `EC2_LINUX` or `EC2_WINDOWS`, you can't
+    #   specify values for `kubernetesGroups`, or associate an
+    #   `AccessPolicy` to the access entry.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAccessEntryRequest AWS API Documentation
+    #
+    class CreateAccessEntryRequest < Struct.new(
+      :cluster_name,
+      :principal_arn,
+      :kubernetes_groups,
+      :tags,
+      :client_request_token,
+      :username,
+      :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] access_entry
+    #   An access entry allows an IAM principal (user or role) to access
+    #   your cluster. Access entries can replace the need to maintain the
+    #   `aws-auth` `ConfigMap` for authentication. For more information
+    #   about access entries, see [Access entries][1] in the *Amazon EKS
+    #   User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
+    #   @return [Types::AccessEntry]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAccessEntryResponse AWS API Documentation
+    #
+    class CreateAccessEntryResponse < Struct.new(
+      :access_entry)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] addon_name
+    #   The name of the add-on. The name must match one of the names
+    #   returned by `DescribeAddonVersions`.
     #   @return [String]
     #
     # @!attribute [rw] addon_version
@@ -805,19 +1189,16 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The metadata to apply to the cluster to assist with categorization
-    #   and organization. Each tag consists of a key and an optional value.
-    #   You define both.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] configuration_values
     #   The set of configuration values for the add-on that's created. The
-    #   values that you provide are validated against the schema in [
-    #   `DescribeAddonConfiguration` ][1].
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html
+    #   values that you provide are validated against the schema returned by
+    #   `DescribeAddonConfiguration`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAddonRequest AWS API Documentation
@@ -918,7 +1299,7 @@ module Aws::EKS
     #   @return [Types::Logging]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -926,9 +1307,10 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The metadata to apply to the cluster to assist with categorization
-    #   and organization. Each tag consists of a key and an optional value.
-    #   You define both.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] encryption_config
@@ -948,6 +1330,10 @@ module Aws::EKS
     #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-local-cluster-overview.html
     #   @return [Types::OutpostConfigRequest]
     #
+    # @!attribute [rw] access_config
+    #   The access configuration for the cluster.
+    #   @return [Types::CreateAccessConfigRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateClusterRequest AWS API Documentation
     #
     class CreateClusterRequest < Struct.new(
@@ -960,7 +1346,8 @@ module Aws::EKS
       :client_request_token,
       :tags,
       :encryption_config,
-      :outpost_config)
+      :outpost_config,
+      :access_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1012,7 +1399,7 @@ module Aws::EKS
     #   @return [Boolean]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -1057,16 +1444,16 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] cluster_name
-    #   The name of the Amazon EKS cluster to apply the Fargate profile to.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] pod_execution_role_arn
-    #   The Amazon Resource Name (ARN) of the pod execution role to use for
-    #   pods that match the selectors in the Fargate profile. The pod
-    #   execution role allows Fargate infrastructure to register with your
-    #   cluster as a node, and it provides read access to Amazon ECR image
-    #   repositories. For more information, see [Pod Execution Role][1] in
-    #   the *Amazon EKS User Guide*.
+    #   The Amazon Resource Name (ARN) of the `Pod` execution role to use
+    #   for a `Pod` that matches the selectors in the Fargate profile. The
+    #   `Pod` execution role allows Fargate infrastructure to register with
+    #   your cluster as a node, and it provides read access to Amazon ECR
+    #   image repositories. For more information, see [ `Pod` execution
+    #   role][1] in the *Amazon EKS User Guide*.
     #
     #
     #
@@ -1074,21 +1461,21 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] subnets
-    #   The IDs of subnets to launch your pods into. At this time, pods
-    #   running on Fargate are not assigned public IP addresses, so only
-    #   private subnets (with no direct route to an Internet Gateway) are
-    #   accepted for this parameter.
+    #   The IDs of subnets to launch a `Pod` into. A `Pod` running on
+    #   Fargate isn't assigned a public IP address, so only private subnets
+    #   (with no direct route to an Internet Gateway) are accepted for this
+    #   parameter.
     #   @return [Array<String>]
     #
     # @!attribute [rw] selectors
-    #   The selectors to match for pods to use this Fargate profile. Each
-    #   selector must have an associated namespace. Optionally, you can also
-    #   specify labels for a namespace. You may specify up to five selectors
-    #   in a Fargate profile.
+    #   The selectors to match for a `Pod` to use this Fargate profile. Each
+    #   selector must have an associated Kubernetes `namespace`. Optionally,
+    #   you can also specify `labels` for a `namespace`. You may specify up
+    #   to five selectors in a Fargate profile.
     #   @return [Array<Types::FargateProfileSelector>]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -1096,11 +1483,10 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The metadata to apply to the Fargate profile to assist with
-    #   categorization and organization. Each tag consists of a key and an
-    #   optional value. You define both. Fargate profile tags do not
-    #   propagate to any other resources associated with the Fargate
-    #   profile, such as the pods that are scheduled with it.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateFargateProfileRequest AWS API Documentation
@@ -1130,7 +1516,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the cluster to create the node group in.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] nodegroup_name
@@ -1159,15 +1545,14 @@ module Aws::EKS
     # @!attribute [rw] subnets
     #   The subnets to use for the Auto Scaling group that is created for
     #   your node group. If you specify `launchTemplate`, then don't
-    #   specify [ `SubnetId` ][1] in your launch template, or the node group
+    #   specify ` SubnetId ` in your launch template, or the node group
     #   deployment will fail. For more information about using launch
-    #   templates with Amazon EKS, see [Launch template support][2] in the
+    #   templates with Amazon EKS, see [Launch template support][1] in the
     #   *Amazon EKS User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html
-    #   [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
     #   @return [Array<String>]
     #
     # @!attribute [rw] instance_types
@@ -1228,22 +1613,20 @@ module Aws::EKS
     #   into a cluster, you must create an IAM role for those nodes to use
     #   when they are launched. For more information, see [Amazon EKS node
     #   IAM role][1] in the <i> <i>Amazon EKS User Guide</i> </i>. If you
-    #   specify `launchTemplate`, then don't specify [ `IamInstanceProfile`
-    #   ][2] in your launch template, or the node group deployment will
-    #   fail. For more information about using launch templates with Amazon
-    #   EKS, see [Launch template support][3] in the *Amazon EKS User
-    #   Guide*.
+    #   specify `launchTemplate`, then don't specify ` IamInstanceProfile `
+    #   in your launch template, or the node group deployment will fail. For
+    #   more information about using launch templates with Amazon EKS, see
+    #   [Launch template support][2] in the *Amazon EKS User Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html
-    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html
-    #   [3]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
+    #   [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
     #   @return [String]
     #
     # @!attribute [rw] labels
-    #   The Kubernetes labels to be applied to the nodes in the node group
-    #   when they are created.
+    #   The Kubernetes `labels` to apply to the nodes in the node group when
+    #   they are created.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] taints
@@ -1256,15 +1639,14 @@ module Aws::EKS
     #   @return [Array<Types::Taint>]
     #
     # @!attribute [rw] tags
-    #   The metadata to apply to the node group to assist with
-    #   categorization and organization. Each tag consists of a key and an
-    #   optional value. You define both. Node group tags do not propagate to
-    #   any other resources associated with the node group, such as the
-    #   Amazon EC2 instances or subnets.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -1383,7 +1765,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -1391,9 +1773,10 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The metadata that you apply to a resource to assist with
-    #   categorization and organization. Each tag consists of a key and an
-    #   optional value. You define both.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #
     #   The following basic restrictions apply to tags:
     #
@@ -1450,7 +1833,28 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the cluster to delete the add-on from.
+    #   The name of your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM principal for the `AccessEntry`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteAccessEntryRequest AWS API Documentation
+    #
+    class DeleteAccessEntryRequest < Struct.new(
+      :cluster_name,
+      :principal_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteAccessEntryResponse AWS API Documentation
+    #
+    class DeleteAccessEntryResponse < Aws::EmptyStructure; end
+
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] addon_name
@@ -1544,8 +1948,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the Amazon EKS cluster associated with the Fargate
-    #   profile to delete.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] fargate_profile_name
@@ -1574,8 +1977,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the Amazon EKS cluster that is associated with your node
-    #   group.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] nodegroup_name
@@ -1657,13 +2059,38 @@ module Aws::EKS
       include Aws::Structure
     end
 
-    # @!attribute [rw] addon_name
-    #   The name of the add-on. The name must match one of the names that [
-    #   `DescribeAddonVersions` ][1] returns.
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
+    #   @return [String]
     #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM principal for the `AccessEntry`.
+    #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAccessEntryRequest AWS API Documentation
     #
-    #   [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html
+    class DescribeAccessEntryRequest < Struct.new(
+      :cluster_name,
+      :principal_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] access_entry
+    #   Information about the access entry.
+    #   @return [Types::AccessEntry]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAccessEntryResponse AWS API Documentation
+    #
+    class DescribeAccessEntryResponse < Struct.new(
+      :access_entry)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] addon_name
+    #   The name of the add-on. The name must match one of the names
+    #   returned by `DescribeAddonVersions`.
     #   @return [String]
     #
     # @!attribute [rw] addon_version
@@ -1698,8 +2125,8 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] configuration_schema
-    #   A JSON schema that's used to validate the configuration values that
-    #   you provide when an addon is created or updated.
+    #   A JSON schema that's used to validate the configuration values you
+    #   provide when an add-on is created or updated.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAddonConfigurationResponse AWS API Documentation
@@ -1713,7 +2140,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the cluster.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] addon_name
@@ -1756,15 +2183,21 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   The maximum number of results to return.
+    #   The maximum number of results, returned in paginated output. You
+    #   receive `maxResults` in a single page, along with a `nextToken`
+    #   response element. You can see the remaining results of the initial
+    #   request by sending another request with the returned `nextToken`
+    #   value. This value can be between 1 and 100. If you don't use this
+    #   parameter, 100 results and a `nextToken` value, if applicable, are
+    #   returned.
     #   @return [Integer]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value returned from a previous paginated
-    #   `DescribeAddonVersionsRequest` where `maxResults` was used and the
-    #   results exceeded the value of that parameter. Pagination continues
-    #   from the end of the previous results that returned the `nextToken`
-    #   value.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
     #
     #   <note markdown="1"> This token should be treated as an opaque identifier that is used
     #   only to retrieve the next items in a list and not for other
@@ -1840,7 +2273,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] name
-    #   The name of the cluster to describe.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeClusterRequest AWS API Documentation
@@ -1888,8 +2321,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the Amazon EKS cluster associated with the Fargate
-    #   profile.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] fargate_profile_name
@@ -1918,8 +2350,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The cluster name that the identity provider configuration is
-    #   associated to.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_config
@@ -1949,7 +2380,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the Amazon EKS cluster associated with the node group.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] nodegroup_name
@@ -2006,6 +2437,8 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # Describes an update request.
+    #
     # @!attribute [rw] name
     #   The name of the Amazon EKS cluster associated with the update.
     #   @return [String]
@@ -2053,7 +2486,35 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the cluster to disassociate an identity provider from.
+    #   The name of your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM principal for the `AccessEntry`.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_arn
+    #   The ARN of the policy to disassociate from the access entry. For a
+    #   list of associated policies ARNs, use
+    #   `ListAssociatedAccessPolicies`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateAccessPolicyRequest AWS API Documentation
+    #
+    class DisassociateAccessPolicyRequest < Struct.new(
+      :cluster_name,
+      :principal_arn,
+      :policy_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateAccessPolicyResponse AWS API Documentation
+    #
+    class DisassociateAccessPolicyResponse < Aws::EmptyStructure; end
+
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_config
@@ -2198,7 +2659,7 @@ module Aws::EKS
     #
     # @!attribute [rw] resources
     #   Specifies the resources to be encrypted. The only supported value is
-    #   "secrets".
+    #   `secrets`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] provider
@@ -2230,7 +2691,7 @@ module Aws::EKS
     #     interface limit for your account.
     #
     #   * **IpNotAvailable**: A subnet associated with the cluster doesn't
-    #     have any free IP addresses.
+    #     have any available IP addresses.
     #
     #   * **AccessDenied**: You don't have permissions to perform the
     #     specified operation.
@@ -2273,20 +2734,18 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] cluster_name
-    #   The name of the Amazon EKS cluster that the Fargate profile belongs
-    #   to.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] created_at
-    #   The Unix epoch timestamp in seconds for when the Fargate profile was
-    #   created.
+    #   The Unix epoch timestamp at object creation.
     #   @return [Time]
     #
     # @!attribute [rw] pod_execution_role_arn
-    #   The Amazon Resource Name (ARN) of the pod execution role to use for
-    #   pods that match the selectors in the Fargate profile. For more
-    #   information, see [Pod Execution Role][1] in the *Amazon EKS User
-    #   Guide*.
+    #   The Amazon Resource Name (ARN) of the `Pod` execution role to use
+    #   for any `Pod` that matches the selectors in the Fargate profile. For
+    #   more information, see [ `Pod` execution role][1] in the *Amazon EKS
+    #   User Guide*.
     #
     #
     #
@@ -2294,11 +2753,11 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] subnets
-    #   The IDs of subnets to launch pods into.
+    #   The IDs of subnets to launch a `Pod` into.
     #   @return [Array<String>]
     #
     # @!attribute [rw] selectors
-    #   The selectors to match for pods to use this Fargate profile.
+    #   The selectors to match for a `Pod` to use this Fargate profile.
     #   @return [Array<Types::FargateProfileSelector>]
     #
     # @!attribute [rw] status
@@ -2306,11 +2765,10 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The metadata applied to the Fargate profile to assist with
-    #   categorization and organization. Each tag consists of a key and an
-    #   optional value. You define both. Fargate profile tags do not
-    #   propagate to any other resources associated with the Fargate
-    #   profile, such as the pods that are scheduled with it.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/FargateProfile AWS API Documentation
@@ -2332,7 +2790,7 @@ module Aws::EKS
     # An object representing an Fargate profile selector.
     #
     # @!attribute [rw] namespace
-    #   The Kubernetes namespace that the selector should match.
+    #   The Kubernetes `namespace` that the selector should match.
     #   @return [String]
     #
     # @!attribute [rw] labels
@@ -2524,7 +2982,7 @@ module Aws::EKS
     #     addresses to instances launched into it. If you want your
     #     instances to be assigned a public IP address, then you need to
     #     enable the `auto-assign public IP address` setting for the subnet.
-    #     See [Modifying the public IPv4 addressing attribute for your
+    #     See [Modifying the public `IPv4` addressing attribute for your
     #     subnet][1] in the *Amazon VPC User Guide*.
     #
     #   * **IamInstanceProfileNotFound**: We couldn't find the IAM instance
@@ -2593,10 +3051,10 @@ module Aws::EKS
     #   * Doesn't overlap with any CIDR block assigned to the VPC that you
     #     selected for VPC.
     #
-    #   * Between /24 and /12.
+    #   * Between `/24` and `/12`.
     #
-    #   You can only specify a custom CIDR block when you create a cluster
-    #   and can't change this value once the cluster is created.
+    #   You can only specify a custom CIDR block when you create a cluster.
+    #   You can't change this value after the cluster is created.
     #   @return [String]
     #
     # @!attribute [rw] ip_family
@@ -2636,13 +3094,13 @@ module Aws::EKS
     # not both.
     #
     # @!attribute [rw] service_ipv_4_cidr
-    #   The CIDR block that Kubernetes pod and service IP addresses are
-    #   assigned from. Kubernetes assigns addresses from an IPv4 CIDR block
-    #   assigned to a subnet that the node is in. If you didn't specify a
-    #   CIDR block when you created the cluster, then Kubernetes assigns
-    #   addresses from either the `10.100.0.0/16` or `172.20.0.0/16` CIDR
-    #   blocks. If this was specified, then it was specified when the
-    #   cluster was created and it can't be changed.
+    #   The CIDR block that Kubernetes `Pod` and `Service` object IP
+    #   addresses are assigned from. Kubernetes assigns addresses from an
+    #   `IPv4` CIDR block assigned to a subnet that the node is in. If you
+    #   didn't specify a CIDR block when you created the cluster, then
+    #   Kubernetes assigns addresses from either the `10.100.0.0/16` or
+    #   `172.20.0.0/16` CIDR blocks. If this was specified, then it was
+    #   specified when the cluster was created and it can't be changed.
     #   @return [String]
     #
     # @!attribute [rw] service_ipv_6_cidr
@@ -2655,96 +3113,235 @@ module Aws::EKS
     #   the cluster.
     #   @return [String]
     #
-    # @!attribute [rw] ip_family
-    #   The IP family used to assign Kubernetes pod and service IP
-    #   addresses. The IP family is always `ipv4`, unless you have a `1.21`
-    #   or later cluster running version 1.10.1 or later of the Amazon VPC
-    #   CNI add-on and specified `ipv6` when you created the cluster.
+    # @!attribute [rw] ip_family
+    #   The IP family used to assign Kubernetes `Pod` and `Service` objects
+    #   IP addresses. The IP family is always `ipv4`, unless you have a
+    #   `1.21` or later cluster running version `1.10.1` or later of the
+    #   Amazon VPC CNI plugin for Kubernetes and specified `ipv6` when you
+    #   created the cluster.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/KubernetesNetworkConfigResponse AWS API Documentation
+    #
+    class KubernetesNetworkConfigResponse < Struct.new(
+      :service_ipv_4_cidr,
+      :service_ipv_6_cidr,
+      :ip_family)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An object representing a node group launch template specification. The
+    # launch template can't include [ `SubnetId` ][1], [
+    # `IamInstanceProfile` ][2], [ `RequestSpotInstances` ][3], [
+    # `HibernationOptions` ][4], or [ `TerminateInstances` ][5], or the node
+    # group deployment or update will fail. For more information about
+    # launch templates, see [ `CreateLaunchTemplate` ][6] in the Amazon EC2
+    # API Reference. For more information about using launch templates with
+    # Amazon EKS, see [Launch template support][7] in the *Amazon EKS User
+    # Guide*.
+    #
+    # You must specify either the launch template ID or the launch template
+    # name in the request, but not both.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html
+    # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html
+    # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html
+    # [4]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html
+    # [5]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html
+    # [6]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html
+    # [7]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
+    #
+    # @!attribute [rw] name
+    #   The name of the launch template.
+    #
+    #   You must specify either the launch template name or the launch
+    #   template ID in the request, but not both.
+    #   @return [String]
+    #
+    # @!attribute [rw] version
+    #   The version number of the launch template to use. If no version is
+    #   specified, then the template's default version is used.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   The ID of the launch template.
+    #
+    #   You must specify either the launch template ID or the launch
+    #   template name in the request, but not both.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/LaunchTemplateSpecification AWS API Documentation
+    #
+    class LaunchTemplateSpecification < Struct.new(
+      :name,
+      :version,
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] associated_policy_arn
+    #   The ARN of an `AccessPolicy`. When you specify an access policy ARN,
+    #   only the access entries associated to that access policy are
+    #   returned. For a list of available policy ARNs, use
+    #   `ListAccessPolicies`.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results, returned in paginated output. You
+    #   receive `maxResults` in a single page, along with a `nextToken`
+    #   response element. You can see the remaining results of the initial
+    #   request by sending another request with the returned `nextToken`
+    #   value. This value can be between 1 and 100. If you don't use this
+    #   parameter, 100 results and a `nextToken` value, if applicable, are
+    #   returned.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessEntriesRequest AWS API Documentation
+    #
+    class ListAccessEntriesRequest < Struct.new(
+      :cluster_name,
+      :associated_policy_arn,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] access_entries
+    #   The list of access entries that exist for the cluster.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] next_token
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessEntriesResponse AWS API Documentation
+    #
+    class ListAccessEntriesResponse < Struct.new(
+      :access_entries,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] max_results
+    #   The maximum number of results, returned in paginated output. You
+    #   receive `maxResults` in a single page, along with a `nextToken`
+    #   response element. You can see the remaining results of the initial
+    #   request by sending another request with the returned `nextToken`
+    #   value. This value can be between 1 and 100. If you don't use this
+    #   parameter, 100 results and a `nextToken` value, if applicable, are
+    #   returned.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/KubernetesNetworkConfigResponse AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessPoliciesRequest AWS API Documentation
     #
-    class KubernetesNetworkConfigResponse < Struct.new(
-      :service_ipv_4_cidr,
-      :service_ipv_6_cidr,
-      :ip_family)
+    class ListAccessPoliciesRequest < Struct.new(
+      :max_results,
+      :next_token)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # An object representing a node group launch template specification. The
-    # launch template can't include [ `SubnetId` ][1], [
-    # `IamInstanceProfile` ][2], [ `RequestSpotInstances` ][3], [
-    # `HibernationOptions` ][4], or [ `TerminateInstances` ][5], or the node
-    # group deployment or update will fail. For more information about
-    # launch templates, see [ `CreateLaunchTemplate` ][6] in the Amazon EC2
-    # API Reference. For more information about using launch templates with
-    # Amazon EKS, see [Launch template support][7] in the *Amazon EKS User
-    # Guide*.
-    #
-    # You must specify either the launch template ID or the launch template
-    # name in the request, but not both.
+    # @!attribute [rw] access_policies
+    #   The list of available access policies. You can't view the contents
+    #   of an access policy using the API. To view the contents, see [Access
+    #   policy permissions][1] in the *Amazon EKS User Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html
-    # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html
-    # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html
-    # [4]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html
-    # [5]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html
-    # [6]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html
-    # [7]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
-    #
-    # @!attribute [rw] name
-    #   The name of the launch template.
-    #
-    #   You must specify either the launch template name or the launch
-    #   template ID in the request, but not both.
-    #   @return [String]
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions
+    #   @return [Array<Types::AccessPolicy>]
     #
-    # @!attribute [rw] version
-    #   The version number of the launch template to use. If no version is
-    #   specified, then the template's default version is used.
-    #   @return [String]
+    # @!attribute [rw] next_token
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
     #
-    # @!attribute [rw] id
-    #   The ID of the launch template.
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
     #
-    #   You must specify either the launch template ID or the launch
-    #   template name in the request, but not both.
+    #    </note>
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/LaunchTemplateSpecification AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessPoliciesResponse AWS API Documentation
     #
-    class LaunchTemplateSpecification < Struct.new(
-      :name,
-      :version,
-      :id)
+    class ListAccessPoliciesResponse < Struct.new(
+      :access_policies,
+      :next_token)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the cluster.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   The maximum number of add-on results returned by `ListAddonsRequest`
-    #   in paginated output. When you use this parameter,
-    #   `ListAddonsRequest` returns only `maxResults` results in a single
-    #   page along with a `nextToken` response element. You can see the
-    #   remaining results of the initial request by sending another
-    #   `ListAddonsRequest` request with the returned `nextToken` value.
-    #   This value can be between 1 and 100. If you don't use this
-    #   parameter, `ListAddonsRequest` returns up to 100 results and a
-    #   `nextToken` value, if applicable.
+    #   The maximum number of results, returned in paginated output. You
+    #   receive `maxResults` in a single page, along with a `nextToken`
+    #   response element. You can see the remaining results of the initial
+    #   request by sending another request with the returned `nextToken`
+    #   value. This value can be between 1 and 100. If you don't use this
+    #   parameter, 100 results and a `nextToken` value, if applicable, are
+    #   returned.
     #   @return [Integer]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value returned from a previous paginated
-    #   `ListAddonsRequest` where `maxResults` was used and the results
-    #   exceeded the value of that parameter. Pagination continues from the
-    #   end of the previous results that returned the `nextToken` value.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
     #
     #   <note markdown="1"> This token should be treated as an opaque identifier that is used
     #   only to retrieve the next items in a list and not for other
@@ -2789,22 +3386,102 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM principal for the `AccessEntry`.
+    #   @return [String]
+    #
     # @!attribute [rw] max_results
-    #   The maximum number of cluster results returned by `ListClusters` in
-    #   paginated output. When you use this parameter, `ListClusters`
-    #   returns only `maxResults` results in a single page along with a
-    #   `nextToken` response element. You can see the remaining results of
-    #   the initial request by sending another `ListClusters` request with
-    #   the returned `nextToken` value. This value can be between 1 and 100.
-    #   If you don't use this parameter, `ListClusters` returns up to 100
-    #   results and a `nextToken` value if applicable.
+    #   The maximum number of results, returned in paginated output. You
+    #   receive `maxResults` in a single page, along with a `nextToken`
+    #   response element. You can see the remaining results of the initial
+    #   request by sending another request with the returned `nextToken`
+    #   value. This value can be between 1 and 100. If you don't use this
+    #   parameter, 100 results and a `nextToken` value, if applicable, are
+    #   returned.
     #   @return [Integer]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value returned from a previous paginated
-    #   `ListClusters` request where `maxResults` was used and the results
-    #   exceeded the value of that parameter. Pagination continues from the
-    #   end of the previous results that returned the `nextToken` value.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAssociatedAccessPoliciesRequest AWS API Documentation
+    #
+    class ListAssociatedAccessPoliciesRequest < Struct.new(
+      :cluster_name,
+      :principal_arn,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM principal for the `AccessEntry`.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] associated_access_policies
+    #   The list of access policies associated with the access entry.
+    #   @return [Array<Types::AssociatedAccessPolicy>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAssociatedAccessPoliciesResponse AWS API Documentation
+    #
+    class ListAssociatedAccessPoliciesResponse < Struct.new(
+      :cluster_name,
+      :principal_arn,
+      :next_token,
+      :associated_access_policies)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] max_results
+    #   The maximum number of results, returned in paginated output. You
+    #   receive `maxResults` in a single page, along with a `nextToken`
+    #   response element. You can see the remaining results of the initial
+    #   request by sending another request with the returned `nextToken`
+    #   value. This value can be between 1 and 100. If you don't use this
+    #   parameter, 100 results and a `nextToken` value, if applicable, are
+    #   returned.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
     #
     #   <note markdown="1"> This token should be treated as an opaque identifier that is used
     #   only to retrieve the next items in a list and not for other
@@ -2815,9 +3492,14 @@ module Aws::EKS
     #
     # @!attribute [rw] include
     #   Indicates whether external clusters are included in the returned
-    #   list. Use '`all`' to return connected clusters, or blank to return
-    #   only Amazon EKS clusters. '`all`' must be in lowercase otherwise
-    #   an error occurs.
+    #   list. Use '`all`' to return
+    #   [https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html][1]connected
+    #   clusters, or blank to return only Amazon EKS clusters. '`all`'
+    #   must be in lowercase otherwise an error occurs.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListClustersRequest AWS API Documentation
@@ -2832,14 +3514,21 @@ module Aws::EKS
 
     # @!attribute [rw] clusters
     #   A list of all of the clusters for your account in the specified
-    #   Region.
+    #   Amazon Web Services Region.
     #   @return [Array<String>]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value to include in a future `ListClusters` request.
-    #   When the results of a `ListClusters` request exceed `maxResults`,
-    #   you can use this value to retrieve the next page of results. This
-    #   value is `null` when there are no more results to return.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListClustersResponse AWS API Documentation
@@ -2908,28 +3597,31 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the Amazon EKS cluster that you would like to list
-    #   Fargate profiles in.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   The maximum number of Fargate profile results returned by
-    #   `ListFargateProfiles` in paginated output. When you use this
-    #   parameter, `ListFargateProfiles` returns only `maxResults` results
-    #   in a single page along with a `nextToken` response element. You can
-    #   see the remaining results of the initial request by sending another
-    #   `ListFargateProfiles` request with the returned `nextToken` value.
-    #   This value can be between 1 and 100. If you don't use this
-    #   parameter, `ListFargateProfiles` returns up to 100 results and a
-    #   `nextToken` value if applicable.
+    #   The maximum number of results, returned in paginated output. You
+    #   receive `maxResults` in a single page, along with a `nextToken`
+    #   response element. You can see the remaining results of the initial
+    #   request by sending another request with the returned `nextToken`
+    #   value. This value can be between 1 and 100. If you don't use this
+    #   parameter, 100 results and a `nextToken` value, if applicable, are
+    #   returned.
     #   @return [Integer]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value returned from a previous paginated
-    #   `ListFargateProfiles` request where `maxResults` was used and the
-    #   results exceeded the value of that parameter. Pagination continues
-    #   from the end of the previous results that returned the `nextToken`
-    #   value.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListFargateProfilesRequest AWS API Documentation
@@ -2948,11 +3640,17 @@ module Aws::EKS
     #   @return [Array<String>]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value to include in a future `ListFargateProfiles`
-    #   request. When the results of a `ListFargateProfiles` request exceed
-    #   `maxResults`, you can use this value to retrieve the next page of
-    #   results. This value is `null` when there are no more results to
-    #   return.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListFargateProfilesResponse AWS API Documentation
@@ -2965,28 +3663,31 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The cluster name that you want to list identity provider
-    #   configurations for.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   The maximum number of identity provider configurations returned by
-    #   `ListIdentityProviderConfigs` in paginated output. When you use this
-    #   parameter, `ListIdentityProviderConfigs` returns only `maxResults`
-    #   results in a single page along with a `nextToken` response element.
-    #   You can see the remaining results of the initial request by sending
-    #   another `ListIdentityProviderConfigs` request with the returned
-    #   `nextToken` value. This value can be between 1 and 100. If you
-    #   don't use this parameter, `ListIdentityProviderConfigs` returns up
-    #   to 100 results and a `nextToken` value, if applicable.
+    #   The maximum number of results, returned in paginated output. You
+    #   receive `maxResults` in a single page, along with a `nextToken`
+    #   response element. You can see the remaining results of the initial
+    #   request by sending another request with the returned `nextToken`
+    #   value. This value can be between 1 and 100. If you don't use this
+    #   parameter, 100 results and a `nextToken` value, if applicable, are
+    #   returned.
     #   @return [Integer]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value returned from a previous paginated
-    #   `IdentityProviderConfigsRequest` where `maxResults` was used and the
-    #   results exceeded the value of that parameter. Pagination continues
-    #   from the end of the previous results that returned the `nextToken`
-    #   value.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigsRequest AWS API Documentation
@@ -3021,27 +3722,31 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the Amazon EKS cluster that you would like to list node
-    #   groups in.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   The maximum number of node group results returned by
-    #   `ListNodegroups` in paginated output. When you use this parameter,
-    #   `ListNodegroups` returns only `maxResults` results in a single page
-    #   along with a `nextToken` response element. You can see the remaining
-    #   results of the initial request by sending another `ListNodegroups`
-    #   request with the returned `nextToken` value. This value can be
-    #   between 1 and 100. If you don't use this parameter,
-    #   `ListNodegroups` returns up to 100 results and a `nextToken` value
-    #   if applicable.
+    #   The maximum number of results, returned in paginated output. You
+    #   receive `maxResults` in a single page, along with a `nextToken`
+    #   response element. You can see the remaining results of the initial
+    #   request by sending another request with the returned `nextToken`
+    #   value. This value can be between 1 and 100. If you don't use this
+    #   parameter, 100 results and a `nextToken` value, if applicable, are
+    #   returned.
     #   @return [Integer]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value returned from a previous paginated
-    #   `ListNodegroups` request where `maxResults` was used and the results
-    #   exceeded the value of that parameter. Pagination continues from the
-    #   end of the previous results that returned the `nextToken` value.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListNodegroupsRequest AWS API Documentation
@@ -3060,11 +3765,17 @@ module Aws::EKS
     #   @return [Array<String>]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value to include in a future `ListNodegroups`
-    #   request. When the results of a `ListNodegroups` request exceed
-    #   `maxResults`, you can use this value to retrieve the next page of
-    #   results. This value is `null` when there are no more results to
-    #   return.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListNodegroupsResponse AWS API Documentation
@@ -3168,9 +3879,8 @@ module Aws::EKS
     end
 
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) that identifies the resource for
-    #   which to list the tags. Currently, the supported resources are
-    #   Amazon EKS clusters and managed node groups.
+    #   The Amazon Resource Name (ARN) that identifies the resource to list
+    #   tags for.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListTagsForResourceRequest AWS API Documentation
@@ -3206,21 +3916,27 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value returned from a previous paginated
-    #   `ListUpdates` request where `maxResults` was used and the results
-    #   exceeded the value of that parameter. Pagination continues from the
-    #   end of the previous results that returned the `nextToken` value.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   The maximum number of update results returned by `ListUpdates` in
-    #   paginated output. When you use this parameter, `ListUpdates` returns
-    #   only `maxResults` results in a single page along with a `nextToken`
+    #   The maximum number of results, returned in paginated output. You
+    #   receive `maxResults` in a single page, along with a `nextToken`
     #   response element. You can see the remaining results of the initial
-    #   request by sending another `ListUpdates` request with the returned
-    #   `nextToken` value. This value can be between 1 and 100. If you
-    #   don't use this parameter, `ListUpdates` returns up to 100 results
-    #   and a `nextToken` value if applicable.
+    #   request by sending another request with the returned `nextToken`
+    #   value. This value can be between 1 and 100. If you don't use this
+    #   parameter, 100 results and a `nextToken` value, if applicable, are
+    #   returned.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListUpdatesRequest AWS API Documentation
@@ -3240,10 +3956,17 @@ module Aws::EKS
     #   @return [Array<String>]
     #
     # @!attribute [rw] next_token
-    #   The `nextToken` value to include in a future `ListUpdates` request.
-    #   When the results of a `ListUpdates` request exceed `maxResults`, you
-    #   can use this value to retrieve the next page of results. This value
-    #   is `null` when there are no more results to return.
+    #   The `nextToken` value returned from a previous paginated request,
+    #   where `maxResults` was used and the results exceeded the value of
+    #   that parameter. Pagination continues from the end of the previous
+    #   results that returned the `nextToken` value. This value is null when
+    #   there are no more results to return.
+    #
+    #   <note markdown="1"> This token should be treated as an opaque identifier that is used
+    #   only to retrieve the next items in a list and not for other
+    #   programmatic purposes.
+    #
+    #    </note>
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListUpdatesResponse AWS API Documentation
@@ -3325,7 +4048,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] cluster_name
-    #   The name of the cluster that the managed node group resides in.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] version
@@ -3341,13 +4064,11 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] created_at
-    #   The Unix epoch timestamp in seconds for when the managed node group
-    #   was created.
+    #   The Unix epoch timestamp at object creation.
     #   @return [Time]
     #
     # @!attribute [rw] modified_at
-    #   The Unix epoch timestamp in seconds for when the managed node group
-    #   was last modified.
+    #   The Unix epoch timestamp for the last modification to the object.
     #   @return [Time]
     #
     # @!attribute [rw] status
@@ -3396,11 +4117,11 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] labels
-    #   The Kubernetes labels applied to the nodes in the node group.
+    #   The Kubernetes `labels` applied to the nodes in the node group.
     #
-    #   <note markdown="1"> Only labels that are applied with the Amazon EKS API are shown here.
-    #   There may be other Kubernetes labels applied to the nodes in this
-    #   group.
+    #   <note markdown="1"> Only `labels` that are applied with the Amazon EKS API are shown
+    #   here. There may be other Kubernetes `labels` applied to the nodes in
+    #   this group.
     #
     #    </note>
     #   @return [Hash<String,String>]
@@ -3444,11 +4165,10 @@ module Aws::EKS
     #   @return [Types::LaunchTemplateSpecification]
     #
     # @!attribute [rw] tags
-    #   The metadata applied to the node group to assist with categorization
-    #   and organization. Each tag consists of a key and an optional value.
-    #   You define both. Node group tags do not propagate to any other
-    #   resources associated with the node group, such as the Amazon EC2
-    #   instances or subnets.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/Nodegroup AWS API Documentation
@@ -3541,9 +4261,9 @@ module Aws::EKS
     #   The current number of nodes that the managed node group should
     #   maintain.
     #
-    #   If you use Cluster Autoscaler, you shouldn't change the desiredSize
-    #   value directly, as this can cause the Cluster Autoscaler to suddenly
-    #   scale up or scale down.
+    #   If you use the Kubernetes [Cluster Autoscaler][1], you shouldn't
+    #   change the `desiredSize` value directly, as this can cause the
+    #   Cluster Autoscaler to suddenly scale up or scale down.
     #
     #   Whenever this parameter changes, the number of worker nodes in the
     #   node group is updated to the specified size. If this parameter is
@@ -3552,14 +4272,19 @@ module Aws::EKS
     #   match the given value. When using CloudFormation, no action occurs
     #   if you remove this parameter from your CFN template.
     #
-    #   This parameter can be different from minSize in some cases, such as
-    #   when starting with extra hosts for testing. This parameter can also
-    #   be different when you want to start with an estimated number of
-    #   needed hosts, but let Cluster Autoscaler reduce the number if there
-    #   are too many. When Cluster Autoscaler is used, the desiredSize
-    #   parameter is altered by Cluster Autoscaler (but can be out-of-date
-    #   for short periods of time). Cluster Autoscaler doesn't scale a
-    #   managed node group lower than minSize or higher than maxSize.
+    #   This parameter can be different from `minSize` in some cases, such
+    #   as when starting with extra hosts for testing. This parameter can
+    #   also be different when you want to start with an estimated number of
+    #   needed hosts, but let the Cluster Autoscaler reduce the number if
+    #   there are too many. When the Cluster Autoscaler is used, the
+    #   `desiredSize` parameter is altered by the Cluster Autoscaler (but
+    #   can be out-of-date for short periods of time). the Cluster
+    #   Autoscaler doesn't scale a managed node group lower than `minSize`
+    #   or higher than `maxSize`.
+    #
+    #
+    #
+    #   [1]: https://github.com/kubernetes/autoscaler#kubernetes-autoscaler
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/NodegroupScalingConfig AWS API Documentation
@@ -3576,16 +4301,15 @@ module Aws::EKS
     #
     # @!attribute [rw] max_unavailable
     #   The maximum number of nodes unavailable at once during a version
-    #   update. Nodes will be updated in parallel. This value or
+    #   update. Nodes are updated in parallel. This value or
     #   `maxUnavailablePercentage` is required to have a value.The maximum
     #   number is 100.
     #   @return [Integer]
     #
     # @!attribute [rw] max_unavailable_percentage
     #   The maximum percentage of nodes unavailable during a version update.
-    #   This percentage of nodes will be updated in parallel, up to 100
-    #   nodes at once. This value or `maxUnavailable` is required to have a
-    #   value.
+    #   This percentage of nodes are updated in parallel, up to 100 nodes at
+    #   once. This value or `maxUnavailable` is required to have a value.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/NodegroupUpdateConfig AWS API Documentation
@@ -3644,7 +4368,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] cluster_name
-    #   The cluster that the configuration is associated to.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] issuer_url
@@ -3685,9 +4409,10 @@ module Aws::EKS
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] tags
-    #   The metadata to apply to the provider configuration to assist with
-    #   categorization and organization. Each tag consists of a key and an
-    #   optional value. You define both.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] status
@@ -3715,8 +4440,8 @@ module Aws::EKS
 
     # An object representing an OpenID Connect (OIDC) configuration. Before
     # associating an OIDC identity provider to your cluster, review the
-    # considerations in [Authenticating users for your cluster from an
-    # OpenID Connect identity provider][1] in the *Amazon EKS User Guide*.
+    # considerations in [Authenticating users for your cluster from an OIDC
+    # identity provider][1] in the *Amazon EKS User Guide*.
     #
     #
     #
@@ -3727,10 +4452,10 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] issuer_url
-    #   The URL of the OpenID identity provider that allows the API server
-    #   to discover public signing keys for verifying tokens. The URL must
+    #   The URL of the OIDC identity provider that allows the API server to
+    #   discover public signing keys for verifying tokens. The URL must
     #   begin with `https://` and should correspond to the `iss` claim in
-    #   the provider's OIDC ID tokens. Per the OIDC standard, path
+    #   the provider's OIDC ID tokens. Based on the OIDC standard, path
     #   components are allowed but query parameters are not. Typically the
     #   URL consists of only a hostname, like `https://server.example.org`
     #   or `https://example.com`. This URL should point to the level below
@@ -3740,14 +4465,14 @@ module Aws::EKS
     #
     # @!attribute [rw] client_id
     #   This is also known as *audience*. The ID for the client application
-    #   that makes authentication requests to the OpenID identity provider.
+    #   that makes authentication requests to the OIDC identity provider.
     #   @return [String]
     #
     # @!attribute [rw] username_claim
     #   The JSON Web Token (JWT) claim to use as the username. The default
     #   is `sub`, which is expected to be a unique identifier of the end
     #   user. You can choose other claims, such as `email` or `name`,
-    #   depending on the OpenID identity provider. Claims other than `email`
+    #   depending on the OIDC identity provider. Claims other than `email`
     #   are prefixed with the issuer URL to prevent naming clashes with
     #   other plug-ins.
     #   @return [String]
@@ -3887,7 +4612,7 @@ module Aws::EKS
     end
 
     # Amazon EKS Pod Identity associations provide the ability to manage
-    # credentials for your applications, similar to the way that 7EC2l
+    # credentials for your applications, similar to the way that Amazon EC2
     # instance profiles provide credentials to Amazon EC2 instances.
     #
     # @!attribute [rw] cluster_name
@@ -3921,9 +4646,10 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The metadata that you apply to a resource to assist with
-    #   categorization and organization. Each tag consists of a key and an
-    #   optional value. You define both.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #
     #   The following basic restrictions apply to tags:
     #
@@ -4050,7 +4776,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] name
-    #   Define a unique name for this cluster for your Region.
+    #   A unique name for this cluster in your Amazon Web Services Region.
     #   @return [String]
     #
     # @!attribute [rw] connector_config
@@ -4059,7 +4785,7 @@ module Aws::EKS
     #   @return [Types::ConnectorConfigRequest]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -4067,10 +4793,10 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The metadata that you apply to the cluster to assist with
-    #   categorization and organization. Each tag consists of a key and an
-    #   optional value, both of which you define. Cluster tags do not
-    #   propagate to any other resources associated with the cluster.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/RegisterClusterRequest AWS API Documentation
@@ -4196,9 +4922,9 @@ module Aws::EKS
     end
 
     # The specified resource could not be found. You can view your available
-    # clusters with ListClusters. You can view your available managed node
-    # groups with ListNodegroups. Amazon EKS clusters and node groups are
-    # Region-specific.
+    # clusters with `ListClusters`. You can view your available managed node
+    # groups with `ListNodegroups`. Amazon EKS clusters and node groups are
+    # Amazon Web Services Region specific.
     #
     # @!attribute [rw] cluster_name
     #   The Amazon EKS cluster associated with the exception.
@@ -4302,14 +5028,14 @@ module Aws::EKS
     end
 
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) of the resource to which to add tags.
-    #   Currently, the supported resources are Amazon EKS clusters and
-    #   managed node groups.
+    #   The Amazon Resource Name (ARN) of the resource to add tags to.
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The tags to add to the resource. A tag is an array of key-value
-    #   pairs.
+    #   Metadata that assists with categorization and organization. Each tag
+    #   consists of a key and an optional value. You define both. Tags
+    #   don't propagate to any other cluster or Amazon Web Services
+    #   resources.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/TagResourceRequest AWS API Documentation
@@ -4325,8 +5051,9 @@ module Aws::EKS
     #
     class TagResourceResponse < Aws::EmptyStructure; end
 
-    # A property that allows a node to repel a set of pods. For more
-    # information, see [Node taints on managed node groups][1].
+    # A property that allows a node to repel a `Pod`. For more information,
+    # see [Node taints on managed node groups][1] in the *Amazon EKS User
+    # Guide*.
     #
     #
     #
@@ -4391,13 +5118,11 @@ module Aws::EKS
     end
 
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) of the resource from which to delete
-    #   tags. Currently, the supported resources are Amazon EKS clusters and
-    #   managed node groups.
+    #   The Amazon Resource Name (ARN) of the resource to delete tags from.
     #   @return [String]
     #
     # @!attribute [rw] tag_keys
-    #   The keys of the tags to be removed.
+    #   The keys of the tags to remove.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UntagResourceRequest AWS API Documentation
@@ -4433,7 +5158,7 @@ module Aws::EKS
     #   @return [Array<Types::UpdateParam>]
     #
     # @!attribute [rw] created_at
-    #   The Unix epoch timestamp in seconds for when the update was created.
+    #   The Unix epoch timestamp at object creation.
     #   @return [Time]
     #
     # @!attribute [rw] errors
@@ -4453,8 +5178,101 @@ module Aws::EKS
       include Aws::Structure
     end
 
+    # The access configuration information for the cluster.
+    #
+    # @!attribute [rw] authentication_mode
+    #   The desired authentication mode for the cluster.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAccessConfigRequest AWS API Documentation
+    #
+    class UpdateAccessConfigRequest < Struct.new(
+      :authentication_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] cluster_name
+    #   The name of your cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM principal for the `AccessEntry`.
+    #   @return [String]
+    #
+    # @!attribute [rw] kubernetes_groups
+    #   The value for `name` that you've specified for `kind: Group` as a
+    #   `subject` in a Kubernetes `RoleBinding` or `ClusterRoleBinding`
+    #   object. Amazon EKS doesn't confirm that the value for `name` exists
+    #   in any bindings on your cluster. You can specify one or more names.
+    #
+    #   Kubernetes authorizes the `principalArn` of the access entry to
+    #   access any cluster objects that you've specified in a Kubernetes
+    #   `Role` or `ClusterRole` object that is also specified in a
+    #   binding's `roleRef`. For more information about creating Kubernetes
+    #   `RoleBinding`, `ClusterRoleBinding`, `Role`, or `ClusterRole`
+    #   objects, see [Using RBAC Authorization in the Kubernetes
+    #   documentation][1].
+    #
+    #   If you want Amazon EKS to authorize the `principalArn` (instead of,
+    #   or in addition to Kubernetes authorizing the `principalArn`), you
+    #   can associate one or more access policies to the access entry using
+    #   `AssociateAccessPolicy`. If you associate any access policies, the
+    #   `principalARN` has all permissions assigned in the associated access
+    #   policies and all permissions in any Kubernetes `Role` or
+    #   `ClusterRole` objects that the group names are bound to.
+    #
+    #
+    #
+    #   [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] client_request_token
+    #   A unique, case-sensitive identifier that you provide to ensure the
+    #   idempotency of the request.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @!attribute [rw] username
+    #   The username to authenticate to Kubernetes with. We recommend not
+    #   specifying a username and letting Amazon EKS specify it for you. For
+    #   more information about the value Amazon EKS specifies for you, or
+    #   constraints before specifying your own username, see [Creating
+    #   access entries][1] in the *Amazon EKS User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAccessEntryRequest AWS API Documentation
+    #
+    class UpdateAccessEntryRequest < Struct.new(
+      :cluster_name,
+      :principal_arn,
+      :kubernetes_groups,
+      :client_request_token,
+      :username)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] access_entry
+    #   The ARN of the IAM principal for the `AccessEntry`.
+    #   @return [Types::AccessEntry]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAccessEntryResponse AWS API Documentation
+    #
+    class UpdateAccessEntryResponse < Struct.new(
+      :access_entry)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] cluster_name
-    #   The name of the cluster.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] addon_name
@@ -4514,7 +5332,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -4523,12 +5341,8 @@ module Aws::EKS
     #
     # @!attribute [rw] configuration_values
     #   The set of configuration values for the add-on that's created. The
-    #   values that you provide are validated against the schema in
-    #   [DescribeAddonConfiguration][1].
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html
+    #   values that you provide are validated against the schema returned by
+    #   `DescribeAddonConfiguration`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAddonRequest AWS API Documentation
@@ -4586,20 +5400,25 @@ module Aws::EKS
     #   @return [Types::Logging]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
     #   @return [String]
     #
+    # @!attribute [rw] access_config
+    #   The access configuration for the cluster.
+    #   @return [Types::UpdateAccessConfigRequest]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateClusterConfigRequest AWS API Documentation
     #
     class UpdateClusterConfigRequest < Struct.new(
       :name,
       :resources_vpc_config,
       :logging,
-      :client_request_token)
+      :client_request_token,
+      :access_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4625,7 +5444,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -4693,15 +5512,15 @@ module Aws::EKS
       include Aws::Structure
     end
 
-    # An object representing a Kubernetes label change for a managed node
+    # An object representing a Kubernetes `label` change for a managed node
     # group.
     #
     # @!attribute [rw] add_or_update_labels
-    #   Kubernetes labels to be added or updated.
+    #   The Kubernetes `labels` to add or update.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] remove_labels
-    #   Kubernetes labels to be removed.
+    #   The Kubernetes `labels` to remove.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateLabelsPayload AWS API Documentation
@@ -4714,8 +5533,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the Amazon EKS cluster that the managed node group
-    #   resides in.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] nodegroup_name
@@ -4723,7 +5541,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] labels
-    #   The Kubernetes labels to be applied to the nodes in the node group
+    #   The Kubernetes `labels` to apply to the nodes in the node group
     #   after the update.
     #   @return [Types::UpdateLabelsPayload]
     #
@@ -4747,7 +5565,7 @@ module Aws::EKS
     #   @return [Types::NodegroupUpdateConfig]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -4781,8 +5599,7 @@ module Aws::EKS
     end
 
     # @!attribute [rw] cluster_name
-    #   The name of the Amazon EKS cluster that is associated with the
-    #   managed node group to update.
+    #   The name of your cluster.
     #   @return [String]
     #
     # @!attribute [rw] nodegroup_name
@@ -4836,15 +5653,15 @@ module Aws::EKS
     #   @return [Types::LaunchTemplateSpecification]
     #
     # @!attribute [rw] force
-    #   Force the update if the existing node group's pods are unable to be
-    #   drained due to a pod disruption budget issue. If an update fails
-    #   because pods could not be drained, you can force the update after it
-    #   fails to terminate the old node whether or not any pods are running
-    #   on the node.
+    #   Force the update if any `Pod` on the existing node group can't be
+    #   drained due to a `Pod` disruption budget issue. If an update fails
+    #   because all Pods can't be drained, you can force the update after
+    #   it fails to terminate the old node whether or not any `Pod` is
+    #   running on the node.
     #   @return [Boolean]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -4909,7 +5726,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] client_request_token
-    #   Unique, case-sensitive identifier that you provide to ensure the
+    #   A unique, case-sensitive identifier that you provide to ensure the
     #   idempotency of the request.
     #
     #   **A suitable default value is auto-generated.** You should normally
@@ -4941,7 +5758,8 @@ module Aws::EKS
     end
 
     # An object representing the details of an update to a taints payload.
-    # For more information, see [Node taints on managed node groups][1].
+    # For more information, see [Node taints on managed node groups][1] in
+    # the *Amazon EKS User Guide*.
     #
     #
     #
@@ -5024,10 +5842,10 @@ module Aws::EKS
     #   Kubernetes API server endpoint. Communication to the endpoint from
     #   addresses outside of the CIDR blocks that you specify is denied. The
     #   default value is `0.0.0.0/0`. If you've disabled private endpoint
-    #   access and you have nodes or Fargate pods in the cluster, then
-    #   ensure that you specify the necessary CIDR blocks. For more
-    #   information, see [Amazon EKS cluster endpoint access control][1] in
-    #   the <i> <i>Amazon EKS User Guide</i> </i>.
+    #   access, make sure that you specify the necessary CIDR blocks for
+    #   every node and Fargate `Pod` in the cluster. For more information,
+    #   see [Amazon EKS cluster endpoint access control][1] in the <i>
+    #   <i>Amazon EKS User Guide</i> </i>.
     #
     #
     #
@@ -5070,10 +5888,7 @@ module Aws::EKS
     #   @return [String]
     #
     # @!attribute [rw] endpoint_public_access
-    #   This parameter indicates whether the Amazon EKS public API server
-    #   endpoint is enabled. If the Amazon EKS public API server endpoint is
-    #   disabled, your cluster's Kubernetes API server can only receive
-    #   requests that originate from within the cluster VPC.
+    #   Whether the public API server endpoint is enabled.
     #   @return [Boolean]
     #
     # @!attribute [rw] endpoint_private_access
@@ -5095,17 +5910,7 @@ module Aws::EKS
     #
     # @!attribute [rw] public_access_cidrs
     #   The CIDR blocks that are allowed access to your cluster's public
-    #   Kubernetes API server endpoint. Communication to the endpoint from
-    #   addresses outside of the listed CIDR blocks is denied. The default
-    #   value is `0.0.0.0/0`. If you've disabled private endpoint access
-    #   and you have nodes or Fargate pods in the cluster, then ensure that
-    #   the necessary CIDR blocks are listed. For more information, see
-    #   [Amazon EKS cluster endpoint access control][1] in the <i> <i>Amazon
-    #   EKS User Guide</i> </i>.
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
+    #   Kubernetes API server endpoint.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/VpcConfigResponse AWS API Documentation