aws-sdk-eks 1.95.0 → 1.96.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -388,23 +388,84 @@ module Aws::EKS
388
388
 
389
389
  # @!group API Operations
390
390
 
391
- # Associate encryption configuration to an existing cluster.
391
+ # Associates an access policy and its scope to an access entry. For more
392
+ # information about associating access policies, see [Associating and
393
+ # disassociating access policies to and from access entries][1] in the
394
+ # *Amazon EKS User Guide*.
392
395
  #
393
- # You can use this API to enable encryption on existing clusters which
394
- # do not have encryption already enabled. This allows you to implement a
396
+ #
397
+ #
398
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html
399
+ #
400
+ # @option params [required, String] :cluster_name
401
+ # The name of your cluster.
402
+ #
403
+ # @option params [required, String] :principal_arn
404
+ # The Amazon Resource Name (ARN) of the IAM user or role for the
405
+ # `AccessEntry` that you're associating the access policy to.
406
+ #
407
+ # @option params [required, String] :policy_arn
408
+ # The ARN of the `AccessPolicy` that you're associating. For a list of
409
+ # ARNs, use `ListAccessPolicies`.
410
+ #
411
+ # @option params [required, Types::AccessScope] :access_scope
412
+ # The scope for the `AccessPolicy`. You can scope access policies to an
413
+ # entire cluster or to specific Kubernetes namespaces.
414
+ #
415
+ # @return [Types::AssociateAccessPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
416
+ #
417
+ # * {Types::AssociateAccessPolicyResponse#cluster_name #cluster_name} => String
418
+ # * {Types::AssociateAccessPolicyResponse#principal_arn #principal_arn} => String
419
+ # * {Types::AssociateAccessPolicyResponse#associated_access_policy #associated_access_policy} => Types::AssociatedAccessPolicy
420
+ #
421
+ # @example Request syntax with placeholder values
422
+ #
423
+ # resp = client.associate_access_policy({
424
+ # cluster_name: "String", # required
425
+ # principal_arn: "String", # required
426
+ # policy_arn: "String", # required
427
+ # access_scope: { # required
428
+ # type: "cluster", # accepts cluster, namespace
429
+ # namespaces: ["String"],
430
+ # },
431
+ # })
432
+ #
433
+ # @example Response structure
434
+ #
435
+ # resp.cluster_name #=> String
436
+ # resp.principal_arn #=> String
437
+ # resp.associated_access_policy.policy_arn #=> String
438
+ # resp.associated_access_policy.access_scope.type #=> String, one of "cluster", "namespace"
439
+ # resp.associated_access_policy.access_scope.namespaces #=> Array
440
+ # resp.associated_access_policy.access_scope.namespaces[0] #=> String
441
+ # resp.associated_access_policy.associated_at #=> Time
442
+ # resp.associated_access_policy.modified_at #=> Time
443
+ #
444
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateAccessPolicy AWS API Documentation
445
+ #
446
+ # @overload associate_access_policy(params = {})
447
+ # @param [Hash] params ({})
448
+ def associate_access_policy(params = {}, options = {})
449
+ req = build_request(:associate_access_policy, params)
450
+ req.send_request(options)
451
+ end
452
+
453
+ # Associates an encryption configuration to an existing cluster.
454
+ #
455
+ # Use this API to enable encryption on existing clusters that don't
456
+ # already have encryption enabled. This allows you to implement a
395
457
  # defense-in-depth security strategy without migrating applications to
396
458
  # new Amazon EKS clusters.
397
459
  #
398
460
  # @option params [required, String] :cluster_name
399
- # The name of the cluster that you are associating with encryption
400
- # configuration.
461
+ # The name of your cluster.
401
462
  #
402
463
  # @option params [required, Array<Types::EncryptionConfig>] :encryption_config
403
464
  # The configuration you are using for encryption.
404
465
  #
405
466
  # @option params [String] :client_request_token
406
- # The client request token you are using with the encryption
407
- # configuration.
467
+ # A unique, case-sensitive identifier that you provide to ensure the
468
+ # idempotency of the request.
408
469
  #
409
470
  # **A suitable default value is auto-generated.** You should normally
410
471
  # not need to pass this option.**
@@ -432,9 +493,9 @@ module Aws::EKS
432
493
  #
433
494
  # resp.update.id #=> String
434
495
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
435
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
496
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
436
497
  # resp.update.params #=> Array
437
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
498
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
438
499
  # resp.update.params[0].value #=> String
439
500
  # resp.update.created_at #=> Time
440
501
  # resp.update.errors #=> Array
@@ -452,34 +513,34 @@ module Aws::EKS
452
513
  req.send_request(options)
453
514
  end
454
515
 
455
- # Associate an identity provider configuration to a cluster.
516
+ # Associates an identity provider configuration to a cluster.
456
517
  #
457
518
  # If you want to authenticate identities using an identity provider, you
458
519
  # can create an identity provider configuration and associate it to your
459
520
  # cluster. After configuring authentication to your cluster you can
460
- # create Kubernetes `roles` and `clusterroles` to assign permissions to
461
- # the roles, and then bind the roles to the identities using Kubernetes
462
- # `rolebindings` and `clusterrolebindings`. For more information see
463
- # [Using RBAC Authorization][1] in the Kubernetes documentation.
521
+ # create Kubernetes `Role` and `ClusterRole` objects, assign permissions
522
+ # to them, and then bind them to the identities using Kubernetes
523
+ # `RoleBinding` and `ClusterRoleBinding` objects. For more information
524
+ # see [Using RBAC Authorization][1] in the Kubernetes documentation.
464
525
  #
465
526
  #
466
527
  #
467
528
  # [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
468
529
  #
469
530
  # @option params [required, String] :cluster_name
470
- # The name of the cluster to associate the configuration to.
531
+ # The name of your cluster.
471
532
  #
472
533
  # @option params [required, Types::OidcIdentityProviderConfigRequest] :oidc
473
534
  # An object representing an OpenID Connect (OIDC) identity provider
474
535
  # configuration.
475
536
  #
476
537
  # @option params [Hash<String,String>] :tags
477
- # The metadata to apply to the configuration to assist with
478
- # categorization and organization. Each tag consists of a key and an
479
- # optional value. You define both.
538
+ # Metadata that assists with categorization and organization. Each tag
539
+ # consists of a key and an optional value. You define both. Tags don't
540
+ # propagate to any other cluster or Amazon Web Services resources.
480
541
  #
481
542
  # @option params [String] :client_request_token
482
- # Unique, case-sensitive identifier that you provide to ensure the
543
+ # A unique, case-sensitive identifier that you provide to ensure the
483
544
  # idempotency of the request.
484
545
  #
485
546
  # **A suitable default value is auto-generated.** You should normally
@@ -516,9 +577,9 @@ module Aws::EKS
516
577
  #
517
578
  # resp.update.id #=> String
518
579
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
519
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
580
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
520
581
  # resp.update.params #=> Array
521
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
582
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
522
583
  # resp.update.params[0].value #=> String
523
584
  # resp.update.created_at #=> Time
524
585
  # resp.update.errors #=> Array
@@ -538,6 +599,147 @@ module Aws::EKS
538
599
  req.send_request(options)
539
600
  end
540
601
 
602
+ # Creates an access entry.
603
+ #
604
+ # An access entry allows an IAM principal to access your cluster. Access
605
+ # entries can replace the need to maintain entries in the `aws-auth`
606
+ # `ConfigMap` for authentication. You have the following options for
607
+ # authorizing an IAM principal to access Kubernetes objects on your
608
+ # cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or
609
+ # both. Kubernetes RBAC authorization requires you to create and manage
610
+ # Kubernetes `Role`, `ClusterRole`, `RoleBinding`, and
611
+ # `ClusterRoleBinding` objects, in addition to managing access entries.
612
+ # If you use Amazon EKS authorization exclusively, you don't need to
613
+ # create and manage Kubernetes `Role`, `ClusterRole`, `RoleBinding`, and
614
+ # `ClusterRoleBinding` objects.
615
+ #
616
+ # For more information about access entries, see [Access entries][1] in
617
+ # the *Amazon EKS User Guide*.
618
+ #
619
+ #
620
+ #
621
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
622
+ #
623
+ # @option params [required, String] :cluster_name
624
+ # The name of your cluster.
625
+ #
626
+ # @option params [required, String] :principal_arn
627
+ # The ARN of the IAM principal for the `AccessEntry`. You can specify
628
+ # one ARN for each access entry. You can't specify the same ARN in more
629
+ # than one access entry. This value can't be changed after access entry
630
+ # creation.
631
+ #
632
+ # [IAM best practices][1] recommend using IAM roles with temporary
633
+ # credentials, rather than IAM users with long-term credentials.
634
+ #
635
+ #
636
+ #
637
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp
638
+ #
639
+ # @option params [Array<String>] :kubernetes_groups
640
+ # The value for `name` that you've specified for `kind: Group` as a
641
+ # `subject` in a Kubernetes `RoleBinding` or `ClusterRoleBinding`
642
+ # object. Amazon EKS doesn't confirm that the value for `name` exists
643
+ # in any bindings on your cluster. You can specify one or more names.
644
+ #
645
+ # Kubernetes authorizes the `principalArn` of the access entry to access
646
+ # any cluster objects that you've specified in a Kubernetes `Role` or
647
+ # `ClusterRole` object that is also specified in a binding's `roleRef`.
648
+ # For more information about creating Kubernetes `RoleBinding`,
649
+ # `ClusterRoleBinding`, `Role`, or `ClusterRole` objects, see [Using
650
+ # RBAC Authorization in the Kubernetes documentation][1].
651
+ #
652
+ # If you want Amazon EKS to authorize the `principalArn` (instead of, or
653
+ # in addition to Kubernetes authorizing the `principalArn`), you can
654
+ # associate one or more access policies to the access entry using
655
+ # `AssociateAccessPolicy`. If you associate any access policies, the
656
+ # `principalARN` has all permissions assigned in the associated access
657
+ # policies and all permissions in any Kubernetes `Role` or `ClusterRole`
658
+ # objects that the group names are bound to.
659
+ #
660
+ #
661
+ #
662
+ # [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
663
+ #
664
+ # @option params [Hash<String,String>] :tags
665
+ # Metadata that assists with categorization and organization. Each tag
666
+ # consists of a key and an optional value. You define both. Tags don't
667
+ # propagate to any other cluster or Amazon Web Services resources.
668
+ #
669
+ # @option params [String] :client_request_token
670
+ # A unique, case-sensitive identifier that you provide to ensure the
671
+ # idempotency of the request.
672
+ #
673
+ # **A suitable default value is auto-generated.** You should normally
674
+ # not need to pass this option.**
675
+ #
676
+ # @option params [String] :username
677
+ # The username to authenticate to Kubernetes with. We recommend not
678
+ # specifying a username and letting Amazon EKS specify it for you. For
679
+ # more information about the value Amazon EKS specifies for you, or
680
+ # constraints before specifying your own username, see [Creating access
681
+ # entries][1] in the *Amazon EKS User Guide*.
682
+ #
683
+ #
684
+ #
685
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries
686
+ #
687
+ # @option params [String] :type
688
+ # If the `principalArn` is for an IAM role that's used for self-managed
689
+ # Amazon EC2 nodes, specify `EC2_LINUX` or `EC2_WINDOWS`. Amazon EKS
690
+ # grants the necessary permissions to the node for you. If the
691
+ # `principalArn` is for any other purpose, specify `STANDARD`. If you
692
+ # don't specify a value, Amazon EKS sets the value to `STANDARD`. It's
693
+ # unnecessary to create access entries for IAM roles used with Fargate
694
+ # profiles or managed Amazon EC2 nodes, because Amazon EKS creates
695
+ # entries in the `aws-auth` `ConfigMap` for the roles. You can't change
696
+ # this value once you've created the access entry.
697
+ #
698
+ # If you set the value to `EC2_LINUX` or `EC2_WINDOWS`, you can't
699
+ # specify values for `kubernetesGroups`, or associate an `AccessPolicy`
700
+ # to the access entry.
701
+ #
702
+ # @return [Types::CreateAccessEntryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
703
+ #
704
+ # * {Types::CreateAccessEntryResponse#access_entry #access_entry} => Types::AccessEntry
705
+ #
706
+ # @example Request syntax with placeholder values
707
+ #
708
+ # resp = client.create_access_entry({
709
+ # cluster_name: "String", # required
710
+ # principal_arn: "String", # required
711
+ # kubernetes_groups: ["String"],
712
+ # tags: {
713
+ # "TagKey" => "TagValue",
714
+ # },
715
+ # client_request_token: "String",
716
+ # username: "String",
717
+ # type: "String",
718
+ # })
719
+ #
720
+ # @example Response structure
721
+ #
722
+ # resp.access_entry.cluster_name #=> String
723
+ # resp.access_entry.principal_arn #=> String
724
+ # resp.access_entry.kubernetes_groups #=> Array
725
+ # resp.access_entry.kubernetes_groups[0] #=> String
726
+ # resp.access_entry.access_entry_arn #=> String
727
+ # resp.access_entry.created_at #=> Time
728
+ # resp.access_entry.modified_at #=> Time
729
+ # resp.access_entry.tags #=> Hash
730
+ # resp.access_entry.tags["TagKey"] #=> String
731
+ # resp.access_entry.username #=> String
732
+ # resp.access_entry.type #=> String
733
+ #
734
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAccessEntry AWS API Documentation
735
+ #
736
+ # @overload create_access_entry(params = {})
737
+ # @param [Hash] params ({})
738
+ def create_access_entry(params = {}, options = {})
739
+ req = build_request(:create_access_entry, params)
740
+ req.send_request(options)
741
+ end
742
+
541
743
  # Creates an Amazon EKS add-on.
542
744
  #
543
745
  # Amazon EKS add-ons help to automate the provisioning and lifecycle
@@ -550,15 +752,11 @@ module Aws::EKS
550
752
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html
551
753
  #
552
754
  # @option params [required, String] :cluster_name
553
- # The name of the cluster to create the add-on for.
755
+ # The name of your cluster.
554
756
  #
555
757
  # @option params [required, String] :addon_name
556
- # The name of the add-on. The name must match one of the names that [
557
- # `DescribeAddonVersions` ][1] returns.
558
- #
559
- #
560
- #
561
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html
758
+ # The name of the add-on. The name must match one of the names returned
759
+ # by `DescribeAddonVersions`.
562
760
  #
563
761
  # @option params [String] :addon_version
564
762
  # The version of the add-on. The version must match one of the versions
@@ -625,18 +823,14 @@ module Aws::EKS
625
823
  # not need to pass this option.**
626
824
  #
627
825
  # @option params [Hash<String,String>] :tags
628
- # The metadata to apply to the cluster to assist with categorization and
629
- # organization. Each tag consists of a key and an optional value. You
630
- # define both.
826
+ # Metadata that assists with categorization and organization. Each tag
827
+ # consists of a key and an optional value. You define both. Tags don't
828
+ # propagate to any other cluster or Amazon Web Services resources.
631
829
  #
632
830
  # @option params [String] :configuration_values
633
831
  # The set of configuration values for the add-on that's created. The
634
- # values that you provide are validated against the schema in [
635
- # `DescribeAddonConfiguration` ][1].
636
- #
637
- #
638
- #
639
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html
832
+ # values that you provide are validated against the schema returned by
833
+ # `DescribeAddonConfiguration`.
640
834
  #
641
835
  # @return [Types::CreateAddonResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
642
836
  #
@@ -801,16 +995,16 @@ module Aws::EKS
801
995
  # [2]: http://aws.amazon.com/cloudwatch/pricing/
802
996
  #
803
997
  # @option params [String] :client_request_token
804
- # Unique, case-sensitive identifier that you provide to ensure the
998
+ # A unique, case-sensitive identifier that you provide to ensure the
805
999
  # idempotency of the request.
806
1000
  #
807
1001
  # **A suitable default value is auto-generated.** You should normally
808
1002
  # not need to pass this option.**
809
1003
  #
810
1004
  # @option params [Hash<String,String>] :tags
811
- # The metadata to apply to the cluster to assist with categorization and
812
- # organization. Each tag consists of a key and an optional value. You
813
- # define both.
1005
+ # Metadata that assists with categorization and organization. Each tag
1006
+ # consists of a key and an optional value. You define both. Tags don't
1007
+ # propagate to any other cluster or Amazon Web Services resources.
814
1008
  #
815
1009
  # @option params [Array<Types::EncryptionConfig>] :encryption_config
816
1010
  # The encryption configuration for the cluster.
@@ -827,6 +1021,9 @@ module Aws::EKS
827
1021
  #
828
1022
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-local-cluster-overview.html
829
1023
  #
1024
+ # @option params [Types::CreateAccessConfigRequest] :access_config
1025
+ # The access configuration for the cluster.
1026
+ #
830
1027
  # @return [Types::CreateClusterResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
831
1028
  #
832
1029
  # * {Types::CreateClusterResponse#cluster #cluster} => Types::Cluster
@@ -900,6 +1097,10 @@ module Aws::EKS
900
1097
  # group_name: "String",
901
1098
  # },
902
1099
  # },
1100
+ # access_config: {
1101
+ # bootstrap_cluster_creator_admin_permissions: false,
1102
+ # authentication_mode: "API", # accepts API, API_AND_CONFIG_MAP, CONFIG_MAP
1103
+ # },
903
1104
  # })
904
1105
  #
905
1106
  # @example Response structure
@@ -953,6 +1154,8 @@ module Aws::EKS
953
1154
  # resp.cluster.outpost_config.outpost_arns[0] #=> String
954
1155
  # resp.cluster.outpost_config.control_plane_instance_type #=> String
955
1156
  # resp.cluster.outpost_config.control_plane_placement.group_name #=> String
1157
+ # resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
1158
+ # resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"
956
1159
  #
957
1160
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateCluster AWS API Documentation
958
1161
  #
@@ -998,7 +1201,7 @@ module Aws::EKS
998
1201
  # of the term.
999
1202
  #
1000
1203
  # @option params [String] :client_request_token
1001
- # Unique, case-sensitive identifier that you provide to ensure the
1204
+ # A unique, case-sensitive identifier that you provide to ensure the
1002
1205
  # idempotency of the request.
1003
1206
  #
1004
1207
  # **A suitable default value is auto-generated.** You should normally
@@ -1090,7 +1293,7 @@ module Aws::EKS
1090
1293
  # must wait for that Fargate profile to finish deleting before you can
1091
1294
  # create any other profiles in that cluster.
1092
1295
  #
1093
- # For more information, see [Fargate Profile][3] in the *Amazon EKS User
1296
+ # For more information, see [Fargate profile][3] in the *Amazon EKS User
1094
1297
  # Guide*.
1095
1298
  #
1096
1299
  #
@@ -1103,45 +1306,42 @@ module Aws::EKS
1103
1306
  # The name of the Fargate profile.
1104
1307
  #
1105
1308
  # @option params [required, String] :cluster_name
1106
- # The name of the Amazon EKS cluster to apply the Fargate profile to.
1309
+ # The name of your cluster.
1107
1310
  #
1108
1311
  # @option params [required, String] :pod_execution_role_arn
1109
- # The Amazon Resource Name (ARN) of the pod execution role to use for
1110
- # pods that match the selectors in the Fargate profile. The pod
1312
+ # The Amazon Resource Name (ARN) of the `Pod` execution role to use for
1313
+ # a `Pod` that matches the selectors in the Fargate profile. The `Pod`
1111
1314
  # execution role allows Fargate infrastructure to register with your
1112
1315
  # cluster as a node, and it provides read access to Amazon ECR image
1113
- # repositories. For more information, see [Pod Execution Role][1] in the
1114
- # *Amazon EKS User Guide*.
1316
+ # repositories. For more information, see [ `Pod` execution role][1] in
1317
+ # the *Amazon EKS User Guide*.
1115
1318
  #
1116
1319
  #
1117
1320
  #
1118
1321
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html
1119
1322
  #
1120
1323
  # @option params [Array<String>] :subnets
1121
- # The IDs of subnets to launch your pods into. At this time, pods
1122
- # running on Fargate are not assigned public IP addresses, so only
1123
- # private subnets (with no direct route to an Internet Gateway) are
1124
- # accepted for this parameter.
1324
+ # The IDs of subnets to launch a `Pod` into. A `Pod` running on Fargate
1325
+ # isn't assigned a public IP address, so only private subnets (with no
1326
+ # direct route to an Internet Gateway) are accepted for this parameter.
1125
1327
  #
1126
1328
  # @option params [Array<Types::FargateProfileSelector>] :selectors
1127
- # The selectors to match for pods to use this Fargate profile. Each
1128
- # selector must have an associated namespace. Optionally, you can also
1129
- # specify labels for a namespace. You may specify up to five selectors
1130
- # in a Fargate profile.
1329
+ # The selectors to match for a `Pod` to use this Fargate profile. Each
1330
+ # selector must have an associated Kubernetes `namespace`. Optionally,
1331
+ # you can also specify `labels` for a `namespace`. You may specify up to
1332
+ # five selectors in a Fargate profile.
1131
1333
  #
1132
1334
  # @option params [String] :client_request_token
1133
- # Unique, case-sensitive identifier that you provide to ensure the
1335
+ # A unique, case-sensitive identifier that you provide to ensure the
1134
1336
  # idempotency of the request.
1135
1337
  #
1136
1338
  # **A suitable default value is auto-generated.** You should normally
1137
1339
  # not need to pass this option.**
1138
1340
  #
1139
1341
  # @option params [Hash<String,String>] :tags
1140
- # The metadata to apply to the Fargate profile to assist with
1141
- # categorization and organization. Each tag consists of a key and an
1142
- # optional value. You define both. Fargate profile tags do not propagate
1143
- # to any other resources associated with the Fargate profile, such as
1144
- # the pods that are scheduled with it.
1342
+ # Metadata that assists with categorization and organization. Each tag
1343
+ # consists of a key and an optional value. You define both. Tags don't
1344
+ # propagate to any other cluster or Amazon Web Services resources.
1145
1345
  #
1146
1346
  # @return [Types::CreateFargateProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1147
1347
  #
@@ -1194,26 +1394,32 @@ module Aws::EKS
1194
1394
  req.send_request(options)
1195
1395
  end
1196
1396
 
1197
- # Creates a managed node group for an Amazon EKS cluster. You can only
1198
- # create a node group for your cluster that is equal to the current
1199
- # Kubernetes version for the cluster.
1397
+ # Creates a managed node group for an Amazon EKS cluster.
1398
+ #
1399
+ # You can only create a node group for your cluster that is equal to the
1400
+ # current Kubernetes version for the cluster. All node groups are
1401
+ # created with the latest AMI release version for the respective minor
1402
+ # Kubernetes version of the cluster, unless you deploy a custom AMI
1403
+ # using a launch template. For more information about using launch
1404
+ # templates, see [Launch template support][1].
1200
1405
  #
1201
1406
  # An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group
1202
1407
  # and associated Amazon EC2 instances that are managed by Amazon Web
1203
1408
  # Services for an Amazon EKS cluster. For more information, see [Managed
1204
- # node groups][1] in the *Amazon EKS User Guide*.
1409
+ # node groups][2] in the *Amazon EKS User Guide*.
1205
1410
  #
1206
- # <note markdown="1"> Windows AMI types are only supported for commercial Regions that
1207
- # support Windows Amazon EKS.
1411
+ # <note markdown="1"> Windows AMI types are only supported for commercial Amazon Web
1412
+ # Services Regions that support Windows on Amazon EKS.
1208
1413
  #
1209
1414
  # </note>
1210
1415
  #
1211
1416
  #
1212
1417
  #
1213
- # [1]: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
1418
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1419
+ # [2]: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
1214
1420
  #
1215
1421
  # @option params [required, String] :cluster_name
1216
- # The name of the cluster to create the node group in.
1422
+ # The name of your cluster.
1217
1423
  #
1218
1424
  # @option params [required, String] :nodegroup_name
1219
1425
  # The unique name to give your node group.
@@ -1236,16 +1442,14 @@ module Aws::EKS
1236
1442
  #
1237
1443
  # @option params [required, Array<String>] :subnets
1238
1444
  # The subnets to use for the Auto Scaling group that is created for your
1239
- # node group. If you specify `launchTemplate`, then don't specify [
1240
- # `SubnetId` ][1] in your launch template, or the node group deployment
1241
- # will fail. For more information about using launch templates with
1242
- # Amazon EKS, see [Launch template support][2] in the *Amazon EKS User
1243
- # Guide*.
1445
+ # node group. If you specify `launchTemplate`, then don't specify `
1446
+ # SubnetId ` in your launch template, or the node group deployment will
1447
+ # fail. For more information about using launch templates with Amazon
1448
+ # EKS, see [Launch template support][1] in the *Amazon EKS User Guide*.
1244
1449
  #
1245
1450
  #
1246
1451
  #
1247
- # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html
1248
- # [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1452
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1249
1453
  #
1250
1454
  # @option params [Array<String>] :instance_types
1251
1455
  # Specify the instance types for a node group. If you specify a GPU
@@ -1301,20 +1505,19 @@ module Aws::EKS
1301
1505
  # cluster, you must create an IAM role for those nodes to use when they
1302
1506
  # are launched. For more information, see [Amazon EKS node IAM role][1]
1303
1507
  # in the <i> <i>Amazon EKS User Guide</i> </i>. If you specify
1304
- # `launchTemplate`, then don't specify [ `IamInstanceProfile` ][2] in
1305
- # your launch template, or the node group deployment will fail. For more
1508
+ # `launchTemplate`, then don't specify ` IamInstanceProfile ` in your
1509
+ # launch template, or the node group deployment will fail. For more
1306
1510
  # information about using launch templates with Amazon EKS, see [Launch
1307
- # template support][3] in the *Amazon EKS User Guide*.
1511
+ # template support][2] in the *Amazon EKS User Guide*.
1308
1512
  #
1309
1513
  #
1310
1514
  #
1311
1515
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html
1312
- # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html
1313
- # [3]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1516
+ # [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1314
1517
  #
1315
1518
  # @option params [Hash<String,String>] :labels
1316
- # The Kubernetes labels to be applied to the nodes in the node group
1317
- # when they are created.
1519
+ # The Kubernetes `labels` to apply to the nodes in the node group when
1520
+ # they are created.
1318
1521
  #
1319
1522
  # @option params [Array<Types::Taint>] :taints
1320
1523
  # The Kubernetes taints to be applied to the nodes in the node group.
@@ -1325,14 +1528,12 @@ module Aws::EKS
1325
1528
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html
1326
1529
  #
1327
1530
  # @option params [Hash<String,String>] :tags
1328
- # The metadata to apply to the node group to assist with categorization
1329
- # and organization. Each tag consists of a key and an optional value.
1330
- # You define both. Node group tags do not propagate to any other
1331
- # resources associated with the node group, such as the Amazon EC2
1332
- # instances or subnets.
1531
+ # Metadata that assists with categorization and organization. Each tag
1532
+ # consists of a key and an optional value. You define both. Tags don't
1533
+ # propagate to any other cluster or Amazon Web Services resources.
1333
1534
  #
1334
1535
  # @option params [String] :client_request_token
1335
- # Unique, case-sensitive identifier that you provide to ensure the
1536
+ # A unique, case-sensitive identifier that you provide to ensure the
1336
1537
  # idempotency of the request.
1337
1538
  #
1338
1539
  # **A suitable default value is auto-generated.** You should normally
@@ -1497,7 +1698,7 @@ module Aws::EKS
1497
1698
  # credentials are rotated automatically.
1498
1699
  #
1499
1700
  # Amazon EKS Pod Identity associations provide the ability to manage
1500
- # credentials for your applications, similar to the way that 7EC2l
1701
+ # credentials for your applications, similar to the way that Amazon EC2
1501
1702
  # instance profiles provide credentials to Amazon EC2 instances.
1502
1703
  #
1503
1704
  # If a pod uses a service account that has an association, Amazon EKS
@@ -1530,16 +1731,16 @@ module Aws::EKS
1530
1731
  # use this service account.
1531
1732
  #
1532
1733
  # @option params [String] :client_request_token
1533
- # Unique, case-sensitive identifier that you provide to ensure the
1734
+ # A unique, case-sensitive identifier that you provide to ensure the
1534
1735
  # idempotency of the request.
1535
1736
  #
1536
1737
  # **A suitable default value is auto-generated.** You should normally
1537
1738
  # not need to pass this option.**
1538
1739
  #
1539
1740
  # @option params [Hash<String,String>] :tags
1540
- # The metadata that you apply to a resource to assist with
1541
- # categorization and organization. Each tag consists of a key and an
1542
- # optional value. You define both.
1741
+ # Metadata that assists with categorization and organization. Each tag
1742
+ # consists of a key and an optional value. You define both. Tags don't
1743
+ # propagate to any other cluster or Amazon Web Services resources.
1543
1744
  #
1544
1745
  # The following basic restrictions apply to tags:
1545
1746
  #
@@ -1605,14 +1806,44 @@ module Aws::EKS
1605
1806
  req.send_request(options)
1606
1807
  end
1607
1808
 
1608
- # Delete an Amazon EKS add-on.
1809
+ # Deletes an access entry.
1810
+ #
1811
+ # Deleting an access entry of a type other than `Standard` can cause
1812
+ # your cluster to function improperly. If you delete an access entry in
1813
+ # error, you can recreate it.
1814
+ #
1815
+ # @option params [required, String] :cluster_name
1816
+ # The name of your cluster.
1817
+ #
1818
+ # @option params [required, String] :principal_arn
1819
+ # The ARN of the IAM principal for the `AccessEntry`.
1820
+ #
1821
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1822
+ #
1823
+ # @example Request syntax with placeholder values
1824
+ #
1825
+ # resp = client.delete_access_entry({
1826
+ # cluster_name: "String", # required
1827
+ # principal_arn: "String", # required
1828
+ # })
1829
+ #
1830
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteAccessEntry AWS API Documentation
1831
+ #
1832
+ # @overload delete_access_entry(params = {})
1833
+ # @param [Hash] params ({})
1834
+ def delete_access_entry(params = {}, options = {})
1835
+ req = build_request(:delete_access_entry, params)
1836
+ req.send_request(options)
1837
+ end
1838
+
1839
+ # Deletes an Amazon EKS add-on.
1609
1840
  #
1610
- # When you remove the add-on, it will also be deleted from the cluster.
1611
- # You can always manually start an add-on on the cluster using the
1612
- # Kubernetes API.
1841
+ # When you remove an add-on, it's deleted from the cluster. You can
1842
+ # always manually start an add-on on the cluster using the Kubernetes
1843
+ # API.
1613
1844
  #
1614
1845
  # @option params [required, String] :cluster_name
1615
- # The name of the cluster to delete the add-on from.
1846
+ # The name of your cluster.
1616
1847
  #
1617
1848
  # @option params [required, String] :addon_name
1618
1849
  # The name of the add-on. The name must match one of the names returned
@@ -1671,18 +1902,18 @@ module Aws::EKS
1671
1902
  req.send_request(options)
1672
1903
  end
1673
1904
 
1674
- # Deletes the Amazon EKS cluster control plane.
1905
+ # Deletes an Amazon EKS cluster control plane.
1675
1906
  #
1676
1907
  # If you have active services in your cluster that are associated with a
1677
1908
  # load balancer, you must delete those services before deleting the
1678
1909
  # cluster so that the load balancers are deleted properly. Otherwise,
1679
1910
  # you can have orphaned resources in your VPC that prevent you from
1680
1911
  # being able to delete the VPC. For more information, see [Deleting a
1681
- # Cluster][1] in the *Amazon EKS User Guide*.
1912
+ # cluster][1] in the *Amazon EKS User Guide*.
1682
1913
  #
1683
1914
  # If you have managed node groups or Fargate profiles attached to the
1684
1915
  # cluster, you must delete them first. For more information, see
1685
- # DeleteNodegroup and DeleteFargateProfile.
1916
+ # `DeleteNodgroup` and `DeleteFargateProfile`.
1686
1917
  #
1687
1918
  #
1688
1919
  #
@@ -1765,6 +1996,8 @@ module Aws::EKS
1765
1996
  # resp.cluster.outpost_config.outpost_arns[0] #=> String
1766
1997
  # resp.cluster.outpost_config.control_plane_instance_type #=> String
1767
1998
  # resp.cluster.outpost_config.control_plane_placement.group_name #=> String
1999
+ # resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
2000
+ # resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"
1768
2001
  #
1769
2002
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteCluster AWS API Documentation
1770
2003
  #
@@ -1823,19 +2056,18 @@ module Aws::EKS
1823
2056
 
1824
2057
  # Deletes an Fargate profile.
1825
2058
  #
1826
- # When you delete a Fargate profile, any pods running on Fargate that
1827
- # were created with the profile are deleted. If those pods match another
1828
- # Fargate profile, then they are scheduled on Fargate with that profile.
1829
- # If they no longer match any Fargate profiles, then they are not
1830
- # scheduled on Fargate and they may remain in a pending state.
2059
+ # When you delete a Fargate profile, any `Pod` running on Fargate that
2060
+ # was created with the profile is deleted. If the `Pod` matches another
2061
+ # Fargate profile, then it is scheduled on Fargate with that profile. If
2062
+ # it no longer matches any Fargate profiles, then it's not scheduled on
2063
+ # Fargate and may remain in a pending state.
1831
2064
  #
1832
2065
  # Only one Fargate profile in a cluster can be in the `DELETING` status
1833
2066
  # at a time. You must wait for a Fargate profile to finish deleting
1834
2067
  # before you can delete any other profiles in that cluster.
1835
2068
  #
1836
2069
  # @option params [required, String] :cluster_name
1837
- # The name of the Amazon EKS cluster associated with the Fargate profile
1838
- # to delete.
2070
+ # The name of your cluster.
1839
2071
  #
1840
2072
  # @option params [required, String] :fargate_profile_name
1841
2073
  # The name of the Fargate profile to delete.
@@ -1877,11 +2109,10 @@ module Aws::EKS
1877
2109
  req.send_request(options)
1878
2110
  end
1879
2111
 
1880
- # Deletes an Amazon EKS node group for a cluster.
2112
+ # Deletes a managed node group.
1881
2113
  #
1882
2114
  # @option params [required, String] :cluster_name
1883
- # The name of the Amazon EKS cluster that is associated with your node
1884
- # group.
2115
+ # The name of your cluster.
1885
2116
  #
1886
2117
  # @option params [required, String] :nodegroup_name
1887
2118
  # The name of the node group to delete.
@@ -2001,6 +2232,13 @@ module Aws::EKS
2001
2232
  # Deregisters a connected cluster to remove it from the Amazon EKS
2002
2233
  # control plane.
2003
2234
  #
2235
+ # A connected cluster is a Kubernetes cluster that you've connected to
2236
+ # your control plane using the [Amazon EKS Connector][1].
2237
+ #
2238
+ #
2239
+ #
2240
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html
2241
+ #
2004
2242
  # @option params [required, String] :name
2005
2243
  # The name of the connected cluster to deregister.
2006
2244
  #
@@ -2065,6 +2303,8 @@ module Aws::EKS
2065
2303
  # resp.cluster.outpost_config.outpost_arns[0] #=> String
2066
2304
  # resp.cluster.outpost_config.control_plane_instance_type #=> String
2067
2305
  # resp.cluster.outpost_config.control_plane_placement.group_name #=> String
2306
+ # resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
2307
+ # resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"
2068
2308
  #
2069
2309
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeregisterCluster AWS API Documentation
2070
2310
  #
@@ -2075,10 +2315,52 @@ module Aws::EKS
2075
2315
  req.send_request(options)
2076
2316
  end
2077
2317
 
2318
+ # Describes an access entry.
2319
+ #
2320
+ # @option params [required, String] :cluster_name
2321
+ # The name of your cluster.
2322
+ #
2323
+ # @option params [required, String] :principal_arn
2324
+ # The ARN of the IAM principal for the `AccessEntry`.
2325
+ #
2326
+ # @return [Types::DescribeAccessEntryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2327
+ #
2328
+ # * {Types::DescribeAccessEntryResponse#access_entry #access_entry} => Types::AccessEntry
2329
+ #
2330
+ # @example Request syntax with placeholder values
2331
+ #
2332
+ # resp = client.describe_access_entry({
2333
+ # cluster_name: "String", # required
2334
+ # principal_arn: "String", # required
2335
+ # })
2336
+ #
2337
+ # @example Response structure
2338
+ #
2339
+ # resp.access_entry.cluster_name #=> String
2340
+ # resp.access_entry.principal_arn #=> String
2341
+ # resp.access_entry.kubernetes_groups #=> Array
2342
+ # resp.access_entry.kubernetes_groups[0] #=> String
2343
+ # resp.access_entry.access_entry_arn #=> String
2344
+ # resp.access_entry.created_at #=> Time
2345
+ # resp.access_entry.modified_at #=> Time
2346
+ # resp.access_entry.tags #=> Hash
2347
+ # resp.access_entry.tags["TagKey"] #=> String
2348
+ # resp.access_entry.username #=> String
2349
+ # resp.access_entry.type #=> String
2350
+ #
2351
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAccessEntry AWS API Documentation
2352
+ #
2353
+ # @overload describe_access_entry(params = {})
2354
+ # @param [Hash] params ({})
2355
+ def describe_access_entry(params = {}, options = {})
2356
+ req = build_request(:describe_access_entry, params)
2357
+ req.send_request(options)
2358
+ end
2359
+
2078
2360
  # Describes an Amazon EKS add-on.
2079
2361
  #
2080
2362
  # @option params [required, String] :cluster_name
2081
- # The name of the cluster.
2363
+ # The name of your cluster.
2082
2364
  #
2083
2365
  # @option params [required, String] :addon_name
2084
2366
  # The name of the add-on. The name must match one of the names returned
@@ -2140,12 +2422,8 @@ module Aws::EKS
2140
2422
  # Returns configuration options.
2141
2423
  #
2142
2424
  # @option params [required, String] :addon_name
2143
- # The name of the add-on. The name must match one of the names that [
2144
- # `DescribeAddonVersions` ][1] returns.
2145
- #
2146
- #
2147
- #
2148
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html
2425
+ # The name of the add-on. The name must match one of the names returned
2426
+ # by `DescribeAddonVersions`.
2149
2427
  #
2150
2428
  # @option params [required, String] :addon_version
2151
2429
  # The version of the add-on. The version must match one of the versions
@@ -2183,22 +2461,30 @@ module Aws::EKS
2183
2461
  req.send_request(options)
2184
2462
  end
2185
2463
 
2186
- # Describes the versions for an add-on. Information such as the
2187
- # Kubernetes versions that you can use the add-on with, the `owner`,
2188
- # `publisher`, and the `type` of the add-on are returned.
2464
+ # Describes the versions for an add-on.
2465
+ #
2466
+ # Information such as the Kubernetes versions that you can use the
2467
+ # add-on with, the `owner`, `publisher`, and the `type` of the add-on
2468
+ # are returned.
2189
2469
  #
2190
2470
  # @option params [String] :kubernetes_version
2191
2471
  # The Kubernetes versions that you can use the add-on with.
2192
2472
  #
2193
2473
  # @option params [Integer] :max_results
2194
- # The maximum number of results to return.
2474
+ # The maximum number of results, returned in paginated output. You
2475
+ # receive `maxResults` in a single page, along with a `nextToken`
2476
+ # response element. You can see the remaining results of the initial
2477
+ # request by sending another request with the returned `nextToken`
2478
+ # value. This value can be between 1 and 100. If you don't use this
2479
+ # parameter, 100 results and a `nextToken` value, if applicable, are
2480
+ # returned.
2195
2481
  #
2196
2482
  # @option params [String] :next_token
2197
- # The `nextToken` value returned from a previous paginated
2198
- # `DescribeAddonVersionsRequest` where `maxResults` was used and the
2199
- # results exceeded the value of that parameter. Pagination continues
2200
- # from the end of the previous results that returned the `nextToken`
2201
- # value.
2483
+ # The `nextToken` value returned from a previous paginated request,
2484
+ # where `maxResults` was used and the results exceeded the value of that
2485
+ # parameter. Pagination continues from the end of the previous results
2486
+ # that returned the `nextToken` value. This value is null when there are
2487
+ # no more results to return.
2202
2488
  #
2203
2489
  # <note markdown="1"> This token should be treated as an opaque identifier that is used only
2204
2490
  # to retrieve the next items in a list and not for other programmatic
@@ -2275,12 +2561,12 @@ module Aws::EKS
2275
2561
  req.send_request(options)
2276
2562
  end
2277
2563
 
2278
- # Returns descriptive information about an Amazon EKS cluster.
2564
+ # Describes an Amazon EKS cluster.
2279
2565
  #
2280
2566
  # The API server endpoint and certificate authority data returned by
2281
2567
  # this operation are required for `kubelet` and `kubectl` to communicate
2282
- # with your Kubernetes API server. For more information, see [Create a
2283
- # kubeconfig for Amazon EKS][1].
2568
+ # with your Kubernetes API server. For more information, see [Creating
2569
+ # or updating a `kubeconfig` file for an Amazon EKS cluster][1].
2284
2570
  #
2285
2571
  # <note markdown="1"> The API server endpoint and certificate authority data aren't
2286
2572
  # available until the cluster reaches the `ACTIVE` state.
@@ -2292,7 +2578,7 @@ module Aws::EKS
2292
2578
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
2293
2579
  #
2294
2580
  # @option params [required, String] :name
2295
- # The name of the cluster to describe.
2581
+ # The name of your cluster.
2296
2582
  #
2297
2583
  # @return [Types::DescribeClusterResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2298
2584
  #
@@ -2390,6 +2676,8 @@ module Aws::EKS
2390
2676
  # resp.cluster.outpost_config.outpost_arns[0] #=> String
2391
2677
  # resp.cluster.outpost_config.control_plane_instance_type #=> String
2392
2678
  # resp.cluster.outpost_config.control_plane_placement.group_name #=> String
2679
+ # resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
2680
+ # resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"
2393
2681
  #
2394
2682
  #
2395
2683
  # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -2448,11 +2736,10 @@ module Aws::EKS
2448
2736
  req.send_request(options)
2449
2737
  end
2450
2738
 
2451
- # Returns descriptive information about an Fargate profile.
2739
+ # Describes an Fargate profile.
2452
2740
  #
2453
2741
  # @option params [required, String] :cluster_name
2454
- # The name of the Amazon EKS cluster associated with the Fargate
2455
- # profile.
2742
+ # The name of your cluster.
2456
2743
  #
2457
2744
  # @option params [required, String] :fargate_profile_name
2458
2745
  # The name of the Fargate profile to describe.
@@ -2500,12 +2787,10 @@ module Aws::EKS
2500
2787
  req.send_request(options)
2501
2788
  end
2502
2789
 
2503
- # Returns descriptive information about an identity provider
2504
- # configuration.
2790
+ # Describes an identity provider configuration.
2505
2791
  #
2506
2792
  # @option params [required, String] :cluster_name
2507
- # The cluster name that the identity provider configuration is
2508
- # associated to.
2793
+ # The name of your cluster.
2509
2794
  #
2510
2795
  # @option params [required, Types::IdentityProviderConfig] :identity_provider_config
2511
2796
  # An object representing an identity provider configuration.
@@ -2550,10 +2835,10 @@ module Aws::EKS
2550
2835
  req.send_request(options)
2551
2836
  end
2552
2837
 
2553
- # Returns descriptive information about an Amazon EKS node group.
2838
+ # Describes a managed node group.
2554
2839
  #
2555
2840
  # @option params [required, String] :cluster_name
2556
- # The name of the Amazon EKS cluster associated with the node group.
2841
+ # The name of your cluster.
2557
2842
  #
2558
2843
  # @option params [required, String] :nodegroup_name
2559
2844
  # The name of the node group to describe.
@@ -2677,8 +2962,7 @@ module Aws::EKS
2677
2962
  req.send_request(options)
2678
2963
  end
2679
2964
 
2680
- # Returns descriptive information about an update against your Amazon
2681
- # EKS cluster or associated managed node group or Amazon EKS add-on.
2965
+ # Describes an update to an Amazon EKS resource.
2682
2966
  #
2683
2967
  # When the status of the update is `Succeeded`, the update is complete.
2684
2968
  # If an update fails, the status is `Failed`, and an error detail
@@ -2720,9 +3004,9 @@ module Aws::EKS
2720
3004
  #
2721
3005
  # resp.update.id #=> String
2722
3006
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
2723
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
3007
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
2724
3008
  # resp.update.params #=> Array
2725
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
3009
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
2726
3010
  # resp.update.params[0].value #=> String
2727
3011
  # resp.update.created_at #=> Time
2728
3012
  # resp.update.errors #=> Array
@@ -2740,17 +3024,45 @@ module Aws::EKS
2740
3024
  req.send_request(options)
2741
3025
  end
2742
3026
 
2743
- # Disassociates an identity provider configuration from a cluster. If
2744
- # you disassociate an identity provider from your cluster, users
2745
- # included in the provider can no longer access the cluster. However,
2746
- # you can still access the cluster with [IAM principals][1].
3027
+ # Disassociates an access policy from an access entry.
3028
+ #
3029
+ # @option params [required, String] :cluster_name
3030
+ # The name of your cluster.
3031
+ #
3032
+ # @option params [required, String] :principal_arn
3033
+ # The ARN of the IAM principal for the `AccessEntry`.
3034
+ #
3035
+ # @option params [required, String] :policy_arn
3036
+ # The ARN of the policy to disassociate from the access entry. For a
3037
+ # list of associated policies ARNs, use `ListAssociatedAccessPolicies`.
3038
+ #
3039
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3040
+ #
3041
+ # @example Request syntax with placeholder values
3042
+ #
3043
+ # resp = client.disassociate_access_policy({
3044
+ # cluster_name: "String", # required
3045
+ # principal_arn: "String", # required
3046
+ # policy_arn: "String", # required
3047
+ # })
2747
3048
  #
3049
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateAccessPolicy AWS API Documentation
2748
3050
  #
3051
+ # @overload disassociate_access_policy(params = {})
3052
+ # @param [Hash] params ({})
3053
+ def disassociate_access_policy(params = {}, options = {})
3054
+ req = build_request(:disassociate_access_policy, params)
3055
+ req.send_request(options)
3056
+ end
3057
+
3058
+ # Disassociates an identity provider configuration from a cluster.
2749
3059
  #
2750
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html
3060
+ # If you disassociate an identity provider from your cluster, users
3061
+ # included in the provider can no longer access the cluster. However,
3062
+ # you can still access the cluster with IAM principals.
2751
3063
  #
2752
3064
  # @option params [required, String] :cluster_name
2753
- # The name of the cluster to disassociate an identity provider from.
3065
+ # The name of your cluster.
2754
3066
  #
2755
3067
  # @option params [required, Types::IdentityProviderConfig] :identity_provider_config
2756
3068
  # An object representing an identity provider configuration.
@@ -2781,9 +3093,9 @@ module Aws::EKS
2781
3093
  #
2782
3094
  # resp.update.id #=> String
2783
3095
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
2784
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
3096
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
2785
3097
  # resp.update.params #=> Array
2786
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
3098
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
2787
3099
  # resp.update.params[0].value #=> String
2788
3100
  # resp.update.created_at #=> Time
2789
3101
  # resp.update.errors #=> Array
@@ -2801,26 +3113,143 @@ module Aws::EKS
2801
3113
  req.send_request(options)
2802
3114
  end
2803
3115
 
3116
+ # Lists the access entries for your cluster.
3117
+ #
3118
+ # @option params [required, String] :cluster_name
3119
+ # The name of your cluster.
3120
+ #
3121
+ # @option params [String] :associated_policy_arn
3122
+ # The ARN of an `AccessPolicy`. When you specify an access policy ARN,
3123
+ # only the access entries associated to that access policy are returned.
3124
+ # For a list of available policy ARNs, use `ListAccessPolicies`.
3125
+ #
3126
+ # @option params [Integer] :max_results
3127
+ # The maximum number of results, returned in paginated output. You
3128
+ # receive `maxResults` in a single page, along with a `nextToken`
3129
+ # response element. You can see the remaining results of the initial
3130
+ # request by sending another request with the returned `nextToken`
3131
+ # value. This value can be between 1 and 100. If you don't use this
3132
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3133
+ # returned.
3134
+ #
3135
+ # @option params [String] :next_token
3136
+ # The `nextToken` value returned from a previous paginated request,
3137
+ # where `maxResults` was used and the results exceeded the value of that
3138
+ # parameter. Pagination continues from the end of the previous results
3139
+ # that returned the `nextToken` value. This value is null when there are
3140
+ # no more results to return.
3141
+ #
3142
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3143
+ # to retrieve the next items in a list and not for other programmatic
3144
+ # purposes.
3145
+ #
3146
+ # </note>
3147
+ #
3148
+ # @return [Types::ListAccessEntriesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3149
+ #
3150
+ # * {Types::ListAccessEntriesResponse#access_entries #access_entries} => Array&lt;String&gt;
3151
+ # * {Types::ListAccessEntriesResponse#next_token #next_token} => String
3152
+ #
3153
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
3154
+ #
3155
+ # @example Request syntax with placeholder values
3156
+ #
3157
+ # resp = client.list_access_entries({
3158
+ # cluster_name: "String", # required
3159
+ # associated_policy_arn: "String",
3160
+ # max_results: 1,
3161
+ # next_token: "String",
3162
+ # })
3163
+ #
3164
+ # @example Response structure
3165
+ #
3166
+ # resp.access_entries #=> Array
3167
+ # resp.access_entries[0] #=> String
3168
+ # resp.next_token #=> String
3169
+ #
3170
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessEntries AWS API Documentation
3171
+ #
3172
+ # @overload list_access_entries(params = {})
3173
+ # @param [Hash] params ({})
3174
+ def list_access_entries(params = {}, options = {})
3175
+ req = build_request(:list_access_entries, params)
3176
+ req.send_request(options)
3177
+ end
3178
+
3179
+ # Lists the available access policies.
3180
+ #
3181
+ # @option params [Integer] :max_results
3182
+ # The maximum number of results, returned in paginated output. You
3183
+ # receive `maxResults` in a single page, along with a `nextToken`
3184
+ # response element. You can see the remaining results of the initial
3185
+ # request by sending another request with the returned `nextToken`
3186
+ # value. This value can be between 1 and 100. If you don't use this
3187
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3188
+ # returned.
3189
+ #
3190
+ # @option params [String] :next_token
3191
+ # The `nextToken` value returned from a previous paginated request,
3192
+ # where `maxResults` was used and the results exceeded the value of that
3193
+ # parameter. Pagination continues from the end of the previous results
3194
+ # that returned the `nextToken` value. This value is null when there are
3195
+ # no more results to return.
3196
+ #
3197
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3198
+ # to retrieve the next items in a list and not for other programmatic
3199
+ # purposes.
3200
+ #
3201
+ # </note>
3202
+ #
3203
+ # @return [Types::ListAccessPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3204
+ #
3205
+ # * {Types::ListAccessPoliciesResponse#access_policies #access_policies} => Array&lt;Types::AccessPolicy&gt;
3206
+ # * {Types::ListAccessPoliciesResponse#next_token #next_token} => String
3207
+ #
3208
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
3209
+ #
3210
+ # @example Request syntax with placeholder values
3211
+ #
3212
+ # resp = client.list_access_policies({
3213
+ # max_results: 1,
3214
+ # next_token: "String",
3215
+ # })
3216
+ #
3217
+ # @example Response structure
3218
+ #
3219
+ # resp.access_policies #=> Array
3220
+ # resp.access_policies[0].name #=> String
3221
+ # resp.access_policies[0].arn #=> String
3222
+ # resp.next_token #=> String
3223
+ #
3224
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessPolicies AWS API Documentation
3225
+ #
3226
+ # @overload list_access_policies(params = {})
3227
+ # @param [Hash] params ({})
3228
+ def list_access_policies(params = {}, options = {})
3229
+ req = build_request(:list_access_policies, params)
3230
+ req.send_request(options)
3231
+ end
3232
+
2804
3233
  # Lists the installed add-ons.
2805
3234
  #
2806
3235
  # @option params [required, String] :cluster_name
2807
- # The name of the cluster.
3236
+ # The name of your cluster.
2808
3237
  #
2809
3238
  # @option params [Integer] :max_results
2810
- # The maximum number of add-on results returned by `ListAddonsRequest`
2811
- # in paginated output. When you use this parameter, `ListAddonsRequest`
2812
- # returns only `maxResults` results in a single page along with a
2813
- # `nextToken` response element. You can see the remaining results of the
2814
- # initial request by sending another `ListAddonsRequest` request with
2815
- # the returned `nextToken` value. This value can be between 1 and 100.
2816
- # If you don't use this parameter, `ListAddonsRequest` returns up to
2817
- # 100 results and a `nextToken` value, if applicable.
3239
+ # The maximum number of results, returned in paginated output. You
3240
+ # receive `maxResults` in a single page, along with a `nextToken`
3241
+ # response element. You can see the remaining results of the initial
3242
+ # request by sending another request with the returned `nextToken`
3243
+ # value. This value can be between 1 and 100. If you don't use this
3244
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3245
+ # returned.
2818
3246
  #
2819
3247
  # @option params [String] :next_token
2820
- # The `nextToken` value returned from a previous paginated
2821
- # `ListAddonsRequest` where `maxResults` was used and the results
2822
- # exceeded the value of that parameter. Pagination continues from the
2823
- # end of the previous results that returned the `nextToken` value.
3248
+ # The `nextToken` value returned from a previous paginated request,
3249
+ # where `maxResults` was used and the results exceeded the value of that
3250
+ # parameter. Pagination continues from the end of the previous results
3251
+ # that returned the `nextToken` value. This value is null when there are
3252
+ # no more results to return.
2824
3253
  #
2825
3254
  # <note markdown="1"> This token should be treated as an opaque identifier that is used only
2826
3255
  # to retrieve the next items in a list and not for other programmatic
@@ -2858,24 +3287,94 @@ module Aws::EKS
2858
3287
  req.send_request(options)
2859
3288
  end
2860
3289
 
3290
+ # Lists the access policies associated with an access entry.
3291
+ #
3292
+ # @option params [required, String] :cluster_name
3293
+ # The name of your cluster.
3294
+ #
3295
+ # @option params [required, String] :principal_arn
3296
+ # The ARN of the IAM principal for the `AccessEntry`.
3297
+ #
3298
+ # @option params [Integer] :max_results
3299
+ # The maximum number of results, returned in paginated output. You
3300
+ # receive `maxResults` in a single page, along with a `nextToken`
3301
+ # response element. You can see the remaining results of the initial
3302
+ # request by sending another request with the returned `nextToken`
3303
+ # value. This value can be between 1 and 100. If you don't use this
3304
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3305
+ # returned.
3306
+ #
3307
+ # @option params [String] :next_token
3308
+ # The `nextToken` value returned from a previous paginated request,
3309
+ # where `maxResults` was used and the results exceeded the value of that
3310
+ # parameter. Pagination continues from the end of the previous results
3311
+ # that returned the `nextToken` value. This value is null when there are
3312
+ # no more results to return.
3313
+ #
3314
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3315
+ # to retrieve the next items in a list and not for other programmatic
3316
+ # purposes.
3317
+ #
3318
+ # </note>
3319
+ #
3320
+ # @return [Types::ListAssociatedAccessPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3321
+ #
3322
+ # * {Types::ListAssociatedAccessPoliciesResponse#cluster_name #cluster_name} => String
3323
+ # * {Types::ListAssociatedAccessPoliciesResponse#principal_arn #principal_arn} => String
3324
+ # * {Types::ListAssociatedAccessPoliciesResponse#next_token #next_token} => String
3325
+ # * {Types::ListAssociatedAccessPoliciesResponse#associated_access_policies #associated_access_policies} => Array&lt;Types::AssociatedAccessPolicy&gt;
3326
+ #
3327
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
3328
+ #
3329
+ # @example Request syntax with placeholder values
3330
+ #
3331
+ # resp = client.list_associated_access_policies({
3332
+ # cluster_name: "String", # required
3333
+ # principal_arn: "String", # required
3334
+ # max_results: 1,
3335
+ # next_token: "String",
3336
+ # })
3337
+ #
3338
+ # @example Response structure
3339
+ #
3340
+ # resp.cluster_name #=> String
3341
+ # resp.principal_arn #=> String
3342
+ # resp.next_token #=> String
3343
+ # resp.associated_access_policies #=> Array
3344
+ # resp.associated_access_policies[0].policy_arn #=> String
3345
+ # resp.associated_access_policies[0].access_scope.type #=> String, one of "cluster", "namespace"
3346
+ # resp.associated_access_policies[0].access_scope.namespaces #=> Array
3347
+ # resp.associated_access_policies[0].access_scope.namespaces[0] #=> String
3348
+ # resp.associated_access_policies[0].associated_at #=> Time
3349
+ # resp.associated_access_policies[0].modified_at #=> Time
3350
+ #
3351
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAssociatedAccessPolicies AWS API Documentation
3352
+ #
3353
+ # @overload list_associated_access_policies(params = {})
3354
+ # @param [Hash] params ({})
3355
+ def list_associated_access_policies(params = {}, options = {})
3356
+ req = build_request(:list_associated_access_policies, params)
3357
+ req.send_request(options)
3358
+ end
3359
+
2861
3360
  # Lists the Amazon EKS clusters in your Amazon Web Services account in
2862
- # the specified Region.
3361
+ # the specified Amazon Web Services Region.
2863
3362
  #
2864
3363
  # @option params [Integer] :max_results
2865
- # The maximum number of cluster results returned by `ListClusters` in
2866
- # paginated output. When you use this parameter, `ListClusters` returns
2867
- # only `maxResults` results in a single page along with a `nextToken`
3364
+ # The maximum number of results, returned in paginated output. You
3365
+ # receive `maxResults` in a single page, along with a `nextToken`
2868
3366
  # response element. You can see the remaining results of the initial
2869
- # request by sending another `ListClusters` request with the returned
2870
- # `nextToken` value. This value can be between 1 and 100. If you don't
2871
- # use this parameter, `ListClusters` returns up to 100 results and a
2872
- # `nextToken` value if applicable.
3367
+ # request by sending another request with the returned `nextToken`
3368
+ # value. This value can be between 1 and 100. If you don't use this
3369
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3370
+ # returned.
2873
3371
  #
2874
3372
  # @option params [String] :next_token
2875
- # The `nextToken` value returned from a previous paginated
2876
- # `ListClusters` request where `maxResults` was used and the results
2877
- # exceeded the value of that parameter. Pagination continues from the
2878
- # end of the previous results that returned the `nextToken` value.
3373
+ # The `nextToken` value returned from a previous paginated request,
3374
+ # where `maxResults` was used and the results exceeded the value of that
3375
+ # parameter. Pagination continues from the end of the previous results
3376
+ # that returned the `nextToken` value. This value is null when there are
3377
+ # no more results to return.
2879
3378
  #
2880
3379
  # <note markdown="1"> This token should be treated as an opaque identifier that is used only
2881
3380
  # to retrieve the next items in a list and not for other programmatic
@@ -2885,9 +3384,14 @@ module Aws::EKS
2885
3384
  #
2886
3385
  # @option params [Array<String>] :include
2887
3386
  # Indicates whether external clusters are included in the returned list.
2888
- # Use '`all`' to return connected clusters, or blank to return only
2889
- # Amazon EKS clusters. '`all`' must be in lowercase otherwise an error
2890
- # occurs.
3387
+ # Use '`all`' to return
3388
+ # [https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html][1]connected
3389
+ # clusters, or blank to return only Amazon EKS clusters. '`all`' must
3390
+ # be in lowercase otherwise an error occurs.
3391
+ #
3392
+ #
3393
+ #
3394
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html
2891
3395
  #
2892
3396
  # @return [Types::ListClustersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2893
3397
  #
@@ -3003,29 +3507,33 @@ module Aws::EKS
3003
3507
  end
3004
3508
 
3005
3509
  # Lists the Fargate profiles associated with the specified cluster in
3006
- # your Amazon Web Services account in the specified Region.
3510
+ # your Amazon Web Services account in the specified Amazon Web Services
3511
+ # Region.
3007
3512
  #
3008
3513
  # @option params [required, String] :cluster_name
3009
- # The name of the Amazon EKS cluster that you would like to list Fargate
3010
- # profiles in.
3514
+ # The name of your cluster.
3011
3515
  #
3012
3516
  # @option params [Integer] :max_results
3013
- # The maximum number of Fargate profile results returned by
3014
- # `ListFargateProfiles` in paginated output. When you use this
3015
- # parameter, `ListFargateProfiles` returns only `maxResults` results in
3016
- # a single page along with a `nextToken` response element. You can see
3017
- # the remaining results of the initial request by sending another
3018
- # `ListFargateProfiles` request with the returned `nextToken` value.
3019
- # This value can be between 1 and 100. If you don't use this parameter,
3020
- # `ListFargateProfiles` returns up to 100 results and a `nextToken`
3021
- # value if applicable.
3517
+ # The maximum number of results, returned in paginated output. You
3518
+ # receive `maxResults` in a single page, along with a `nextToken`
3519
+ # response element. You can see the remaining results of the initial
3520
+ # request by sending another request with the returned `nextToken`
3521
+ # value. This value can be between 1 and 100. If you don't use this
3522
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3523
+ # returned.
3022
3524
  #
3023
3525
  # @option params [String] :next_token
3024
- # The `nextToken` value returned from a previous paginated
3025
- # `ListFargateProfiles` request where `maxResults` was used and the
3026
- # results exceeded the value of that parameter. Pagination continues
3027
- # from the end of the previous results that returned the `nextToken`
3028
- # value.
3526
+ # The `nextToken` value returned from a previous paginated request,
3527
+ # where `maxResults` was used and the results exceeded the value of that
3528
+ # parameter. Pagination continues from the end of the previous results
3529
+ # that returned the `nextToken` value. This value is null when there are
3530
+ # no more results to return.
3531
+ #
3532
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3533
+ # to retrieve the next items in a list and not for other programmatic
3534
+ # purposes.
3535
+ #
3536
+ # </note>
3029
3537
  #
3030
3538
  # @return [Types::ListFargateProfilesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3031
3539
  #
@@ -3057,29 +3565,32 @@ module Aws::EKS
3057
3565
  req.send_request(options)
3058
3566
  end
3059
3567
 
3060
- # A list of identity provider configurations.
3568
+ # Lists the identity provider configurations for your cluster.
3061
3569
  #
3062
3570
  # @option params [required, String] :cluster_name
3063
- # The cluster name that you want to list identity provider
3064
- # configurations for.
3571
+ # The name of your cluster.
3065
3572
  #
3066
3573
  # @option params [Integer] :max_results
3067
- # The maximum number of identity provider configurations returned by
3068
- # `ListIdentityProviderConfigs` in paginated output. When you use this
3069
- # parameter, `ListIdentityProviderConfigs` returns only `maxResults`
3070
- # results in a single page along with a `nextToken` response element.
3071
- # You can see the remaining results of the initial request by sending
3072
- # another `ListIdentityProviderConfigs` request with the returned
3073
- # `nextToken` value. This value can be between 1 and 100. If you don't
3074
- # use this parameter, `ListIdentityProviderConfigs` returns up to 100
3075
- # results and a `nextToken` value, if applicable.
3574
+ # The maximum number of results, returned in paginated output. You
3575
+ # receive `maxResults` in a single page, along with a `nextToken`
3576
+ # response element. You can see the remaining results of the initial
3577
+ # request by sending another request with the returned `nextToken`
3578
+ # value. This value can be between 1 and 100. If you don't use this
3579
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3580
+ # returned.
3076
3581
  #
3077
3582
  # @option params [String] :next_token
3078
- # The `nextToken` value returned from a previous paginated
3079
- # `IdentityProviderConfigsRequest` where `maxResults` was used and the
3080
- # results exceeded the value of that parameter. Pagination continues
3081
- # from the end of the previous results that returned the `nextToken`
3082
- # value.
3583
+ # The `nextToken` value returned from a previous paginated request,
3584
+ # where `maxResults` was used and the results exceeded the value of that
3585
+ # parameter. Pagination continues from the end of the previous results
3586
+ # that returned the `nextToken` value. This value is null when there are
3587
+ # no more results to return.
3588
+ #
3589
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3590
+ # to retrieve the next items in a list and not for other programmatic
3591
+ # purposes.
3592
+ #
3593
+ # </note>
3083
3594
  #
3084
3595
  # @return [Types::ListIdentityProviderConfigsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3085
3596
  #
@@ -3112,29 +3623,34 @@ module Aws::EKS
3112
3623
  req.send_request(options)
3113
3624
  end
3114
3625
 
3115
- # Lists the Amazon EKS managed node groups associated with the specified
3116
- # cluster in your Amazon Web Services account in the specified Region.
3117
- # Self-managed node groups are not listed.
3626
+ # Lists the managed node groups associated with the specified cluster in
3627
+ # your Amazon Web Services account in the specified Amazon Web Services
3628
+ # Region. Self-managed node groups aren't listed.
3118
3629
  #
3119
3630
  # @option params [required, String] :cluster_name
3120
- # The name of the Amazon EKS cluster that you would like to list node
3121
- # groups in.
3631
+ # The name of your cluster.
3122
3632
  #
3123
3633
  # @option params [Integer] :max_results
3124
- # The maximum number of node group results returned by `ListNodegroups`
3125
- # in paginated output. When you use this parameter, `ListNodegroups`
3126
- # returns only `maxResults` results in a single page along with a
3127
- # `nextToken` response element. You can see the remaining results of the
3128
- # initial request by sending another `ListNodegroups` request with the
3129
- # returned `nextToken` value. This value can be between 1 and 100. If
3130
- # you don't use this parameter, `ListNodegroups` returns up to 100
3131
- # results and a `nextToken` value if applicable.
3634
+ # The maximum number of results, returned in paginated output. You
3635
+ # receive `maxResults` in a single page, along with a `nextToken`
3636
+ # response element. You can see the remaining results of the initial
3637
+ # request by sending another request with the returned `nextToken`
3638
+ # value. This value can be between 1 and 100. If you don't use this
3639
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3640
+ # returned.
3132
3641
  #
3133
3642
  # @option params [String] :next_token
3134
- # The `nextToken` value returned from a previous paginated
3135
- # `ListNodegroups` request where `maxResults` was used and the results
3136
- # exceeded the value of that parameter. Pagination continues from the
3137
- # end of the previous results that returned the `nextToken` value.
3643
+ # The `nextToken` value returned from a previous paginated request,
3644
+ # where `maxResults` was used and the results exceeded the value of that
3645
+ # parameter. Pagination continues from the end of the previous results
3646
+ # that returned the `nextToken` value. This value is null when there are
3647
+ # no more results to return.
3648
+ #
3649
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3650
+ # to retrieve the next items in a list and not for other programmatic
3651
+ # purposes.
3652
+ #
3653
+ # </note>
3138
3654
  #
3139
3655
  # @return [Types::ListNodegroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3140
3656
  #
@@ -3242,9 +3758,8 @@ module Aws::EKS
3242
3758
  # List the tags for an Amazon EKS resource.
3243
3759
  #
3244
3760
  # @option params [required, String] :resource_arn
3245
- # The Amazon Resource Name (ARN) that identifies the resource for which
3246
- # to list the tags. Currently, the supported resources are Amazon EKS
3247
- # clusters and managed node groups.
3761
+ # The Amazon Resource Name (ARN) that identifies the resource to list
3762
+ # tags for.
3248
3763
  #
3249
3764
  # @return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3250
3765
  #
@@ -3286,8 +3801,8 @@ module Aws::EKS
3286
3801
  req.send_request(options)
3287
3802
  end
3288
3803
 
3289
- # Lists the updates associated with an Amazon EKS cluster or managed
3290
- # node group in your Amazon Web Services account, in the specified
3804
+ # Lists the updates associated with an Amazon EKS resource in your
3805
+ # Amazon Web Services account, in the specified Amazon Web Services
3291
3806
  # Region.
3292
3807
  #
3293
3808
  # @option params [required, String] :name
@@ -3300,20 +3815,26 @@ module Aws::EKS
3300
3815
  # The names of the installed add-ons that have available updates.
3301
3816
  #
3302
3817
  # @option params [String] :next_token
3303
- # The `nextToken` value returned from a previous paginated `ListUpdates`
3304
- # request where `maxResults` was used and the results exceeded the value
3305
- # of that parameter. Pagination continues from the end of the previous
3306
- # results that returned the `nextToken` value.
3818
+ # The `nextToken` value returned from a previous paginated request,
3819
+ # where `maxResults` was used and the results exceeded the value of that
3820
+ # parameter. Pagination continues from the end of the previous results
3821
+ # that returned the `nextToken` value. This value is null when there are
3822
+ # no more results to return.
3823
+ #
3824
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3825
+ # to retrieve the next items in a list and not for other programmatic
3826
+ # purposes.
3827
+ #
3828
+ # </note>
3307
3829
  #
3308
3830
  # @option params [Integer] :max_results
3309
- # The maximum number of update results returned by `ListUpdates` in
3310
- # paginated output. When you use this parameter, `ListUpdates` returns
3311
- # only `maxResults` results in a single page along with a `nextToken`
3831
+ # The maximum number of results, returned in paginated output. You
3832
+ # receive `maxResults` in a single page, along with a `nextToken`
3312
3833
  # response element. You can see the remaining results of the initial
3313
- # request by sending another `ListUpdates` request with the returned
3314
- # `nextToken` value. This value can be between 1 and 100. If you don't
3315
- # use this parameter, `ListUpdates` returns up to 100 results and a
3316
- # `nextToken` value if applicable.
3834
+ # request by sending another request with the returned `nextToken`
3835
+ # value. This value can be between 1 and 100. If you don't use this
3836
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3837
+ # returned.
3317
3838
  #
3318
3839
  # @return [Types::ListUpdatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3319
3840
  #
@@ -3359,34 +3880,33 @@ module Aws::EKS
3359
3880
  # `activationCode` must be applied to the Kubernetes cluster through
3360
3881
  # it's native provider to provide visibility.
3361
3882
  #
3362
- # After the Manifest is updated and applied, then the connected cluster
3363
- # is visible to the Amazon EKS control plane. If the Manifest is not
3364
- # applied within three days, then the connected cluster will no longer
3365
- # be visible and must be deregistered. See DeregisterCluster.
3883
+ # After the manifest is updated and applied, the connected cluster is
3884
+ # visible to the Amazon EKS control plane. If the manifest isn't
3885
+ # applied within three days, the connected cluster will no longer be
3886
+ # visible and must be deregistered using `DeregisterCluster`.
3366
3887
  #
3367
3888
  #
3368
3889
  #
3369
3890
  # [1]: https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml
3370
3891
  #
3371
3892
  # @option params [required, String] :name
3372
- # Define a unique name for this cluster for your Region.
3893
+ # A unique name for this cluster in your Amazon Web Services Region.
3373
3894
  #
3374
3895
  # @option params [required, Types::ConnectorConfigRequest] :connector_config
3375
3896
  # The configuration settings required to connect the Kubernetes cluster
3376
3897
  # to the Amazon EKS control plane.
3377
3898
  #
3378
3899
  # @option params [String] :client_request_token
3379
- # Unique, case-sensitive identifier that you provide to ensure the
3900
+ # A unique, case-sensitive identifier that you provide to ensure the
3380
3901
  # idempotency of the request.
3381
3902
  #
3382
3903
  # **A suitable default value is auto-generated.** You should normally
3383
3904
  # not need to pass this option.**
3384
3905
  #
3385
3906
  # @option params [Hash<String,String>] :tags
3386
- # The metadata that you apply to the cluster to assist with
3387
- # categorization and organization. Each tag consists of a key and an
3388
- # optional value, both of which you define. Cluster tags do not
3389
- # propagate to any other resources associated with the cluster.
3907
+ # Metadata that assists with categorization and organization. Each tag
3908
+ # consists of a key and an optional value. You define both. Tags don't
3909
+ # propagate to any other cluster or Amazon Web Services resources.
3390
3910
  #
3391
3911
  # @return [Types::RegisterClusterResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3392
3912
  #
@@ -3457,6 +3977,8 @@ module Aws::EKS
3457
3977
  # resp.cluster.outpost_config.outpost_arns[0] #=> String
3458
3978
  # resp.cluster.outpost_config.control_plane_instance_type #=> String
3459
3979
  # resp.cluster.outpost_config.control_plane_placement.group_name #=> String
3980
+ # resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
3981
+ # resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"
3460
3982
  #
3461
3983
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/RegisterCluster AWS API Documentation
3462
3984
  #
@@ -3467,22 +3989,23 @@ module Aws::EKS
3467
3989
  req.send_request(options)
3468
3990
  end
3469
3991
 
3470
- # Associates the specified tags to a resource with the specified
3471
- # `resourceArn`. If existing tags on a resource are not specified in the
3472
- # request parameters, they are not changed. When a resource is deleted,
3473
- # the tags associated with that resource are deleted as well. Tags that
3474
- # you create for Amazon EKS resources do not propagate to any other
3475
- # resources associated with the cluster. For example, if you tag a
3476
- # cluster with this operation, that tag does not automatically propagate
3477
- # to the subnets and nodes associated with the cluster.
3992
+ # Associates the specified tags to an Amazon EKS resource with the
3993
+ # specified `resourceArn`. If existing tags on a resource are not
3994
+ # specified in the request parameters, they aren't changed. When a
3995
+ # resource is deleted, the tags associated with that resource are also
3996
+ # deleted. Tags that you create for Amazon EKS resources don't
3997
+ # propagate to any other resources associated with the cluster. For
3998
+ # example, if you tag a cluster with this operation, that tag doesn't
3999
+ # automatically propagate to the subnets and nodes associated with the
4000
+ # cluster.
3478
4001
  #
3479
4002
  # @option params [required, String] :resource_arn
3480
- # The Amazon Resource Name (ARN) of the resource to which to add tags.
3481
- # Currently, the supported resources are Amazon EKS clusters and managed
3482
- # node groups.
4003
+ # The Amazon Resource Name (ARN) of the resource to add tags to.
3483
4004
  #
3484
4005
  # @option params [required, Hash<String,String>] :tags
3485
- # The tags to add to the resource. A tag is an array of key-value pairs.
4006
+ # Metadata that assists with categorization and organization. Each tag
4007
+ # consists of a key and an optional value. You define both. Tags don't
4008
+ # propagate to any other cluster or Amazon Web Services resources.
3486
4009
  #
3487
4010
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3488
4011
  #
@@ -3504,15 +4027,13 @@ module Aws::EKS
3504
4027
  req.send_request(options)
3505
4028
  end
3506
4029
 
3507
- # Deletes specified tags from a resource.
4030
+ # Deletes specified tags from an Amazon EKS resource.
3508
4031
  #
3509
4032
  # @option params [required, String] :resource_arn
3510
- # The Amazon Resource Name (ARN) of the resource from which to delete
3511
- # tags. Currently, the supported resources are Amazon EKS clusters and
3512
- # managed node groups.
4033
+ # The Amazon Resource Name (ARN) of the resource to delete tags from.
3513
4034
  #
3514
4035
  # @option params [required, Array<String>] :tag_keys
3515
- # The keys of the tags to be removed.
4036
+ # The keys of the tags to remove.
3516
4037
  #
3517
4038
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3518
4039
  #
@@ -3532,10 +4053,98 @@ module Aws::EKS
3532
4053
  req.send_request(options)
3533
4054
  end
3534
4055
 
4056
+ # Updates an access entry.
4057
+ #
4058
+ # @option params [required, String] :cluster_name
4059
+ # The name of your cluster.
4060
+ #
4061
+ # @option params [required, String] :principal_arn
4062
+ # The ARN of the IAM principal for the `AccessEntry`.
4063
+ #
4064
+ # @option params [Array<String>] :kubernetes_groups
4065
+ # The value for `name` that you've specified for `kind: Group` as a
4066
+ # `subject` in a Kubernetes `RoleBinding` or `ClusterRoleBinding`
4067
+ # object. Amazon EKS doesn't confirm that the value for `name` exists
4068
+ # in any bindings on your cluster. You can specify one or more names.
4069
+ #
4070
+ # Kubernetes authorizes the `principalArn` of the access entry to access
4071
+ # any cluster objects that you've specified in a Kubernetes `Role` or
4072
+ # `ClusterRole` object that is also specified in a binding's `roleRef`.
4073
+ # For more information about creating Kubernetes `RoleBinding`,
4074
+ # `ClusterRoleBinding`, `Role`, or `ClusterRole` objects, see [Using
4075
+ # RBAC Authorization in the Kubernetes documentation][1].
4076
+ #
4077
+ # If you want Amazon EKS to authorize the `principalArn` (instead of, or
4078
+ # in addition to Kubernetes authorizing the `principalArn`), you can
4079
+ # associate one or more access policies to the access entry using
4080
+ # `AssociateAccessPolicy`. If you associate any access policies, the
4081
+ # `principalARN` has all permissions assigned in the associated access
4082
+ # policies and all permissions in any Kubernetes `Role` or `ClusterRole`
4083
+ # objects that the group names are bound to.
4084
+ #
4085
+ #
4086
+ #
4087
+ # [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
4088
+ #
4089
+ # @option params [String] :client_request_token
4090
+ # A unique, case-sensitive identifier that you provide to ensure the
4091
+ # idempotency of the request.
4092
+ #
4093
+ # **A suitable default value is auto-generated.** You should normally
4094
+ # not need to pass this option.**
4095
+ #
4096
+ # @option params [String] :username
4097
+ # The username to authenticate to Kubernetes with. We recommend not
4098
+ # specifying a username and letting Amazon EKS specify it for you. For
4099
+ # more information about the value Amazon EKS specifies for you, or
4100
+ # constraints before specifying your own username, see [Creating access
4101
+ # entries][1] in the *Amazon EKS User Guide*.
4102
+ #
4103
+ #
4104
+ #
4105
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries
4106
+ #
4107
+ # @return [Types::UpdateAccessEntryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4108
+ #
4109
+ # * {Types::UpdateAccessEntryResponse#access_entry #access_entry} => Types::AccessEntry
4110
+ #
4111
+ # @example Request syntax with placeholder values
4112
+ #
4113
+ # resp = client.update_access_entry({
4114
+ # cluster_name: "String", # required
4115
+ # principal_arn: "String", # required
4116
+ # kubernetes_groups: ["String"],
4117
+ # client_request_token: "String",
4118
+ # username: "String",
4119
+ # })
4120
+ #
4121
+ # @example Response structure
4122
+ #
4123
+ # resp.access_entry.cluster_name #=> String
4124
+ # resp.access_entry.principal_arn #=> String
4125
+ # resp.access_entry.kubernetes_groups #=> Array
4126
+ # resp.access_entry.kubernetes_groups[0] #=> String
4127
+ # resp.access_entry.access_entry_arn #=> String
4128
+ # resp.access_entry.created_at #=> Time
4129
+ # resp.access_entry.modified_at #=> Time
4130
+ # resp.access_entry.tags #=> Hash
4131
+ # resp.access_entry.tags["TagKey"] #=> String
4132
+ # resp.access_entry.username #=> String
4133
+ # resp.access_entry.type #=> String
4134
+ #
4135
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAccessEntry AWS API Documentation
4136
+ #
4137
+ # @overload update_access_entry(params = {})
4138
+ # @param [Hash] params ({})
4139
+ def update_access_entry(params = {}, options = {})
4140
+ req = build_request(:update_access_entry, params)
4141
+ req.send_request(options)
4142
+ end
4143
+
3535
4144
  # Updates an Amazon EKS add-on.
3536
4145
  #
3537
4146
  # @option params [required, String] :cluster_name
3538
- # The name of the cluster.
4147
+ # The name of your cluster.
3539
4148
  #
3540
4149
  # @option params [required, String] :addon_name
3541
4150
  # The name of the add-on. The name must match one of the names returned
@@ -3590,7 +4199,7 @@ module Aws::EKS
3590
4199
  # cluster.
3591
4200
  #
3592
4201
  # @option params [String] :client_request_token
3593
- # Unique, case-sensitive identifier that you provide to ensure the
4202
+ # A unique, case-sensitive identifier that you provide to ensure the
3594
4203
  # idempotency of the request.
3595
4204
  #
3596
4205
  # **A suitable default value is auto-generated.** You should normally
@@ -3598,12 +4207,8 @@ module Aws::EKS
3598
4207
  #
3599
4208
  # @option params [String] :configuration_values
3600
4209
  # The set of configuration values for the add-on that's created. The
3601
- # values that you provide are validated against the schema in
3602
- # [DescribeAddonConfiguration][1].
3603
- #
3604
- #
3605
- #
3606
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html
4210
+ # values that you provide are validated against the schema returned by
4211
+ # `DescribeAddonConfiguration`.
3607
4212
  #
3608
4213
  # @return [Types::UpdateAddonResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3609
4214
  #
@@ -3625,9 +4230,9 @@ module Aws::EKS
3625
4230
  #
3626
4231
  # resp.update.id #=> String
3627
4232
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
3628
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
4233
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
3629
4234
  # resp.update.params #=> Array
3630
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
4235
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
3631
4236
  # resp.update.params[0].value #=> String
3632
4237
  # resp.update.created_at #=> Time
3633
4238
  # resp.update.errors #=> Array
@@ -3647,14 +4252,14 @@ module Aws::EKS
3647
4252
 
3648
4253
  # Updates an Amazon EKS cluster configuration. Your cluster continues to
3649
4254
  # function during the update. The response output includes an update ID
3650
- # that you can use to track the status of your cluster update with the
3651
- # DescribeUpdate API operation.
4255
+ # that you can use to track the status of your cluster update with
4256
+ # `DescribeUpdate`"/&gt;.
3652
4257
  #
3653
4258
  # You can use this API operation to enable or disable exporting the
3654
4259
  # Kubernetes control plane logs for your cluster to CloudWatch Logs. By
3655
4260
  # default, cluster control plane logs aren't exported to CloudWatch
3656
- # Logs. For more information, see [Amazon EKS Cluster Control Plane
3657
- # Logs][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
4261
+ # Logs. For more information, see [Amazon EKS Cluster control plane
4262
+ # logs][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
3658
4263
  #
3659
4264
  # <note markdown="1"> CloudWatch Logs ingestion, archive storage, and data scanning rates
3660
4265
  # apply to exported control plane logs. For more information, see
@@ -3716,12 +4321,15 @@ module Aws::EKS
3716
4321
  # [2]: http://aws.amazon.com/cloudwatch/pricing/
3717
4322
  #
3718
4323
  # @option params [String] :client_request_token
3719
- # Unique, case-sensitive identifier that you provide to ensure the
4324
+ # A unique, case-sensitive identifier that you provide to ensure the
3720
4325
  # idempotency of the request.
3721
4326
  #
3722
4327
  # **A suitable default value is auto-generated.** You should normally
3723
4328
  # not need to pass this option.**
3724
4329
  #
4330
+ # @option params [Types::UpdateAccessConfigRequest] :access_config
4331
+ # The access configuration for the cluster.
4332
+ #
3725
4333
  # @return [Types::UpdateClusterConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3726
4334
  #
3727
4335
  # * {Types::UpdateClusterConfigResponse#update #update} => Types::Update
@@ -3746,15 +4354,18 @@ module Aws::EKS
3746
4354
  # ],
3747
4355
  # },
3748
4356
  # client_request_token: "String",
4357
+ # access_config: {
4358
+ # authentication_mode: "API", # accepts API, API_AND_CONFIG_MAP, CONFIG_MAP
4359
+ # },
3749
4360
  # })
3750
4361
  #
3751
4362
  # @example Response structure
3752
4363
  #
3753
4364
  # resp.update.id #=> String
3754
4365
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
3755
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
4366
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
3756
4367
  # resp.update.params #=> Array
3757
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
4368
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
3758
4369
  # resp.update.params[0].value #=> String
3759
4370
  # resp.update.created_at #=> Time
3760
4371
  # resp.update.errors #=> Array
@@ -3794,7 +4405,7 @@ module Aws::EKS
3794
4405
  # The desired Kubernetes version following a successful update.
3795
4406
  #
3796
4407
  # @option params [String] :client_request_token
3797
- # Unique, case-sensitive identifier that you provide to ensure the
4408
+ # A unique, case-sensitive identifier that you provide to ensure the
3798
4409
  # idempotency of the request.
3799
4410
  #
3800
4411
  # **A suitable default value is auto-generated.** You should normally
@@ -3816,9 +4427,9 @@ module Aws::EKS
3816
4427
  #
3817
4428
  # resp.update.id #=> String
3818
4429
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
3819
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
4430
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
3820
4431
  # resp.update.params #=> Array
3821
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
4432
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
3822
4433
  # resp.update.params[0].value #=> String
3823
4434
  # resp.update.created_at #=> Time
3824
4435
  # resp.update.errors #=> Array
@@ -3900,15 +4511,14 @@ module Aws::EKS
3900
4511
  # configuration.
3901
4512
  #
3902
4513
  # @option params [required, String] :cluster_name
3903
- # The name of the Amazon EKS cluster that the managed node group resides
3904
- # in.
4514
+ # The name of your cluster.
3905
4515
  #
3906
4516
  # @option params [required, String] :nodegroup_name
3907
4517
  # The name of the managed node group to update.
3908
4518
  #
3909
4519
  # @option params [Types::UpdateLabelsPayload] :labels
3910
- # The Kubernetes labels to be applied to the nodes in the node group
3911
- # after the update.
4520
+ # The Kubernetes `labels` to apply to the nodes in the node group after
4521
+ # the update.
3912
4522
  #
3913
4523
  # @option params [Types::UpdateTaintsPayload] :taints
3914
4524
  # The Kubernetes taints to be applied to the nodes in the node group
@@ -3927,7 +4537,7 @@ module Aws::EKS
3927
4537
  # The node group update configuration.
3928
4538
  #
3929
4539
  # @option params [String] :client_request_token
3930
- # Unique, case-sensitive identifier that you provide to ensure the
4540
+ # A unique, case-sensitive identifier that you provide to ensure the
3931
4541
  # idempotency of the request.
3932
4542
  #
3933
4543
  # **A suitable default value is auto-generated.** You should normally
@@ -3980,9 +4590,9 @@ module Aws::EKS
3980
4590
  #
3981
4591
  # resp.update.id #=> String
3982
4592
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
3983
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
4593
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
3984
4594
  # resp.update.params #=> Array
3985
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
4595
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
3986
4596
  # resp.update.params[0].value #=> String
3987
4597
  # resp.update.created_at #=> Time
3988
4598
  # resp.update.errors #=> Array
@@ -4024,10 +4634,10 @@ module Aws::EKS
4024
4634
  # AMI version.
4025
4635
  #
4026
4636
  # When a node in a managed node group is terminated due to a scaling
4027
- # action or update, the pods in that node are drained first. Amazon EKS
4028
- # attempts to drain the nodes gracefully and will fail if it is unable
4029
- # to do so. You can `force` the update if Amazon EKS is unable to drain
4030
- # the nodes as a result of a pod disruption budget issue.
4637
+ # action or update, every `Pod` on that node is drained first. Amazon
4638
+ # EKS attempts to drain the nodes gracefully and will fail if it is
4639
+ # unable to do so. You can `force` the update if Amazon EKS is unable to
4640
+ # drain the nodes as a result of a `Pod` disruption budget issue.
4031
4641
  #
4032
4642
  #
4033
4643
  #
@@ -4035,8 +4645,7 @@ module Aws::EKS
4035
4645
  # [2]: https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-versions-windows.html
4036
4646
  #
4037
4647
  # @option params [required, String] :cluster_name
4038
- # The name of the Amazon EKS cluster that is associated with the managed
4039
- # node group to update.
4648
+ # The name of your cluster.
4040
4649
  #
4041
4650
  # @option params [required, String] :nodegroup_name
4042
4651
  # The name of the managed node group to update.
@@ -4083,14 +4692,14 @@ module Aws::EKS
4083
4692
  # group was originally deployed with a launch template.
4084
4693
  #
4085
4694
  # @option params [Boolean] :force
4086
- # Force the update if the existing node group's pods are unable to be
4087
- # drained due to a pod disruption budget issue. If an update fails
4088
- # because pods could not be drained, you can force the update after it
4089
- # fails to terminate the old node whether or not any pods are running on
4695
+ # Force the update if any `Pod` on the existing node group can't be
4696
+ # drained due to a `Pod` disruption budget issue. If an update fails
4697
+ # because all Pods can't be drained, you can force the update after it
4698
+ # fails to terminate the old node whether or not any `Pod` is running on
4090
4699
  # the node.
4091
4700
  #
4092
4701
  # @option params [String] :client_request_token
4093
- # Unique, case-sensitive identifier that you provide to ensure the
4702
+ # A unique, case-sensitive identifier that you provide to ensure the
4094
4703
  # idempotency of the request.
4095
4704
  #
4096
4705
  # **A suitable default value is auto-generated.** You should normally
@@ -4120,9 +4729,9 @@ module Aws::EKS
4120
4729
  #
4121
4730
  # resp.update.id #=> String
4122
4731
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
4123
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
4732
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
4124
4733
  # resp.update.params #=> Array
4125
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
4734
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
4126
4735
  # resp.update.params[0].value #=> String
4127
4736
  # resp.update.created_at #=> Time
4128
4737
  # resp.update.errors #=> Array
@@ -4143,7 +4752,7 @@ module Aws::EKS
4143
4752
  # Updates a EKS Pod Identity association. Only the IAM role can be
4144
4753
  # changed; an association can't be moved between clusters, namespaces,
4145
4754
  # or service accounts. If you need to edit the namespace or service
4146
- # account, you need to remove the association and then create a new
4755
+ # account, you need to delete the association and then create a new
4147
4756
  # association with your desired settings.
4148
4757
  #
4149
4758
  # @option params [required, String] :cluster_name
@@ -4156,7 +4765,7 @@ module Aws::EKS
4156
4765
  # The new IAM role to change the
4157
4766
  #
4158
4767
  # @option params [String] :client_request_token
4159
- # Unique, case-sensitive identifier that you provide to ensure the
4768
+ # A unique, case-sensitive identifier that you provide to ensure the
4160
4769
  # idempotency of the request.
4161
4770
  #
4162
4771
  # **A suitable default value is auto-generated.** You should normally
@@ -4210,7 +4819,7 @@ module Aws::EKS
4210
4819
  params: params,
4211
4820
  config: config)
4212
4821
  context[:gem_name] = 'aws-sdk-eks'
4213
- context[:gem_version] = '1.95.0'
4822
+ context[:gem_version] = '1.96.0'
4214
4823
  Seahorse::Client::Request.new(handlers, context)
4215
4824
  end
4216
4825