aws-sdk-eks 1.95.0 → 1.97.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -388,23 +388,84 @@ module Aws::EKS
388
388
 
389
389
  # @!group API Operations
390
390
 
391
- # Associate encryption configuration to an existing cluster.
391
+ # Associates an access policy and its scope to an access entry. For more
392
+ # information about associating access policies, see [Associating and
393
+ # disassociating access policies to and from access entries][1] in the
394
+ # *Amazon EKS User Guide*.
392
395
  #
393
- # You can use this API to enable encryption on existing clusters which
394
- # do not have encryption already enabled. This allows you to implement a
396
+ #
397
+ #
398
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html
399
+ #
400
+ # @option params [required, String] :cluster_name
401
+ # The name of your cluster.
402
+ #
403
+ # @option params [required, String] :principal_arn
404
+ # The Amazon Resource Name (ARN) of the IAM user or role for the
405
+ # `AccessEntry` that you're associating the access policy to.
406
+ #
407
+ # @option params [required, String] :policy_arn
408
+ # The ARN of the `AccessPolicy` that you're associating. For a list of
409
+ # ARNs, use `ListAccessPolicies`.
410
+ #
411
+ # @option params [required, Types::AccessScope] :access_scope
412
+ # The scope for the `AccessPolicy`. You can scope access policies to an
413
+ # entire cluster or to specific Kubernetes namespaces.
414
+ #
415
+ # @return [Types::AssociateAccessPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
416
+ #
417
+ # * {Types::AssociateAccessPolicyResponse#cluster_name #cluster_name} => String
418
+ # * {Types::AssociateAccessPolicyResponse#principal_arn #principal_arn} => String
419
+ # * {Types::AssociateAccessPolicyResponse#associated_access_policy #associated_access_policy} => Types::AssociatedAccessPolicy
420
+ #
421
+ # @example Request syntax with placeholder values
422
+ #
423
+ # resp = client.associate_access_policy({
424
+ # cluster_name: "String", # required
425
+ # principal_arn: "String", # required
426
+ # policy_arn: "String", # required
427
+ # access_scope: { # required
428
+ # type: "cluster", # accepts cluster, namespace
429
+ # namespaces: ["String"],
430
+ # },
431
+ # })
432
+ #
433
+ # @example Response structure
434
+ #
435
+ # resp.cluster_name #=> String
436
+ # resp.principal_arn #=> String
437
+ # resp.associated_access_policy.policy_arn #=> String
438
+ # resp.associated_access_policy.access_scope.type #=> String, one of "cluster", "namespace"
439
+ # resp.associated_access_policy.access_scope.namespaces #=> Array
440
+ # resp.associated_access_policy.access_scope.namespaces[0] #=> String
441
+ # resp.associated_access_policy.associated_at #=> Time
442
+ # resp.associated_access_policy.modified_at #=> Time
443
+ #
444
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateAccessPolicy AWS API Documentation
445
+ #
446
+ # @overload associate_access_policy(params = {})
447
+ # @param [Hash] params ({})
448
+ def associate_access_policy(params = {}, options = {})
449
+ req = build_request(:associate_access_policy, params)
450
+ req.send_request(options)
451
+ end
452
+
453
+ # Associates an encryption configuration to an existing cluster.
454
+ #
455
+ # Use this API to enable encryption on existing clusters that don't
456
+ # already have encryption enabled. This allows you to implement a
395
457
  # defense-in-depth security strategy without migrating applications to
396
458
  # new Amazon EKS clusters.
397
459
  #
398
460
  # @option params [required, String] :cluster_name
399
- # The name of the cluster that you are associating with encryption
400
- # configuration.
461
+ # The name of your cluster.
401
462
  #
402
463
  # @option params [required, Array<Types::EncryptionConfig>] :encryption_config
403
464
  # The configuration you are using for encryption.
404
465
  #
405
466
  # @option params [String] :client_request_token
406
- # The client request token you are using with the encryption
407
- # configuration.
467
+ # A unique, case-sensitive identifier that you provide to ensure the
468
+ # idempotency of the request.
408
469
  #
409
470
  # **A suitable default value is auto-generated.** You should normally
410
471
  # not need to pass this option.**
@@ -432,9 +493,9 @@ module Aws::EKS
432
493
  #
433
494
  # resp.update.id #=> String
434
495
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
435
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
496
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
436
497
  # resp.update.params #=> Array
437
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
498
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
438
499
  # resp.update.params[0].value #=> String
439
500
  # resp.update.created_at #=> Time
440
501
  # resp.update.errors #=> Array
@@ -452,34 +513,34 @@ module Aws::EKS
452
513
  req.send_request(options)
453
514
  end
454
515
 
455
- # Associate an identity provider configuration to a cluster.
516
+ # Associates an identity provider configuration to a cluster.
456
517
  #
457
518
  # If you want to authenticate identities using an identity provider, you
458
519
  # can create an identity provider configuration and associate it to your
459
520
  # cluster. After configuring authentication to your cluster you can
460
- # create Kubernetes `roles` and `clusterroles` to assign permissions to
461
- # the roles, and then bind the roles to the identities using Kubernetes
462
- # `rolebindings` and `clusterrolebindings`. For more information see
463
- # [Using RBAC Authorization][1] in the Kubernetes documentation.
521
+ # create Kubernetes `Role` and `ClusterRole` objects, assign permissions
522
+ # to them, and then bind them to the identities using Kubernetes
523
+ # `RoleBinding` and `ClusterRoleBinding` objects. For more information
524
+ # see [Using RBAC Authorization][1] in the Kubernetes documentation.
464
525
  #
465
526
  #
466
527
  #
467
528
  # [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
468
529
  #
469
530
  # @option params [required, String] :cluster_name
470
- # The name of the cluster to associate the configuration to.
531
+ # The name of your cluster.
471
532
  #
472
533
  # @option params [required, Types::OidcIdentityProviderConfigRequest] :oidc
473
534
  # An object representing an OpenID Connect (OIDC) identity provider
474
535
  # configuration.
475
536
  #
476
537
  # @option params [Hash<String,String>] :tags
477
- # The metadata to apply to the configuration to assist with
478
- # categorization and organization. Each tag consists of a key and an
479
- # optional value. You define both.
538
+ # Metadata that assists with categorization and organization. Each tag
539
+ # consists of a key and an optional value. You define both. Tags don't
540
+ # propagate to any other cluster or Amazon Web Services resources.
480
541
  #
481
542
  # @option params [String] :client_request_token
482
- # Unique, case-sensitive identifier that you provide to ensure the
543
+ # A unique, case-sensitive identifier that you provide to ensure the
483
544
  # idempotency of the request.
484
545
  #
485
546
  # **A suitable default value is auto-generated.** You should normally
@@ -516,9 +577,9 @@ module Aws::EKS
516
577
  #
517
578
  # resp.update.id #=> String
518
579
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
519
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
580
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
520
581
  # resp.update.params #=> Array
521
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
582
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
522
583
  # resp.update.params[0].value #=> String
523
584
  # resp.update.created_at #=> Time
524
585
  # resp.update.errors #=> Array
@@ -538,6 +599,154 @@ module Aws::EKS
538
599
  req.send_request(options)
539
600
  end
540
601
 
602
+ # Creates an access entry.
603
+ #
604
+ # An access entry allows an IAM principal to access your cluster. Access
605
+ # entries can replace the need to maintain entries in the `aws-auth`
606
+ # `ConfigMap` for authentication. You have the following options for
607
+ # authorizing an IAM principal to access Kubernetes objects on your
608
+ # cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or
609
+ # both. Kubernetes RBAC authorization requires you to create and manage
610
+ # Kubernetes `Role`, `ClusterRole`, `RoleBinding`, and
611
+ # `ClusterRoleBinding` objects, in addition to managing access entries.
612
+ # If you use Amazon EKS authorization exclusively, you don't need to
613
+ # create and manage Kubernetes `Role`, `ClusterRole`, `RoleBinding`, and
614
+ # `ClusterRoleBinding` objects.
615
+ #
616
+ # For more information about access entries, see [Access entries][1] in
617
+ # the *Amazon EKS User Guide*.
618
+ #
619
+ #
620
+ #
621
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
622
+ #
623
+ # @option params [required, String] :cluster_name
624
+ # The name of your cluster.
625
+ #
626
+ # @option params [required, String] :principal_arn
627
+ # The ARN of the IAM principal for the `AccessEntry`. You can specify
628
+ # one ARN for each access entry. You can't specify the same ARN in more
629
+ # than one access entry. This value can't be changed after access entry
630
+ # creation.
631
+ #
632
+ # The valid principals differ depending on the type of the access entry
633
+ # in the `type` field. The only valid ARN is IAM roles for the types of
634
+ # access entries for nodes: ` . You can use every IAM principal type for
635
+ # STANDARD access entries. You can't use the STS session principal type
636
+ # with access entries because this is a temporary principal for each
637
+ # session and not a permanent identity that can be assigned
638
+ # permissions.</p> IAM best practices recommend using IAM roles with
639
+ # temporary credentials, rather than IAM users with long-term
640
+ # credentials.
641
+ # `
642
+ #
643
+ # @option params [Array<String>] :kubernetes_groups
644
+ # The value for `name` that you've specified for `kind: Group` as a
645
+ # `subject` in a Kubernetes `RoleBinding` or `ClusterRoleBinding`
646
+ # object. Amazon EKS doesn't confirm that the value for `name` exists
647
+ # in any bindings on your cluster. You can specify one or more names.
648
+ #
649
+ # Kubernetes authorizes the `principalArn` of the access entry to access
650
+ # any cluster objects that you've specified in a Kubernetes `Role` or
651
+ # `ClusterRole` object that is also specified in a binding's `roleRef`.
652
+ # For more information about creating Kubernetes `RoleBinding`,
653
+ # `ClusterRoleBinding`, `Role`, or `ClusterRole` objects, see [Using
654
+ # RBAC Authorization in the Kubernetes documentation][1].
655
+ #
656
+ # If you want Amazon EKS to authorize the `principalArn` (instead of, or
657
+ # in addition to Kubernetes authorizing the `principalArn`), you can
658
+ # associate one or more access policies to the access entry using
659
+ # `AssociateAccessPolicy`. If you associate any access policies, the
660
+ # `principalARN` has all permissions assigned in the associated access
661
+ # policies and all permissions in any Kubernetes `Role` or `ClusterRole`
662
+ # objects that the group names are bound to.
663
+ #
664
+ #
665
+ #
666
+ # [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
667
+ #
668
+ # @option params [Hash<String,String>] :tags
669
+ # Metadata that assists with categorization and organization. Each tag
670
+ # consists of a key and an optional value. You define both. Tags don't
671
+ # propagate to any other cluster or Amazon Web Services resources.
672
+ #
673
+ # @option params [String] :client_request_token
674
+ # A unique, case-sensitive identifier that you provide to ensure the
675
+ # idempotency of the request.
676
+ #
677
+ # **A suitable default value is auto-generated.** You should normally
678
+ # not need to pass this option.**
679
+ #
680
+ # @option params [String] :username
681
+ # The username to authenticate to Kubernetes with. We recommend not
682
+ # specifying a username and letting Amazon EKS specify it for you. For
683
+ # more information about the value Amazon EKS specifies for you, or
684
+ # constraints before specifying your own username, see [Creating access
685
+ # entries][1] in the *Amazon EKS User Guide*.
686
+ #
687
+ #
688
+ #
689
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries
690
+ #
691
+ # @option params [String] :type
692
+ # The type of the new access entry. Valid values are `Standard`,
693
+ # `FARGATE_LINUX`, `EC2_LINUX`, and `EC2_WINDOWS`.
694
+ #
695
+ # If the `principalArn` is for an IAM role that's used for self-managed
696
+ # Amazon EC2 nodes, specify `EC2_LINUX` or `EC2_WINDOWS`. Amazon EKS
697
+ # grants the necessary permissions to the node for you. If the
698
+ # `principalArn` is for any other purpose, specify `STANDARD`. If you
699
+ # don't specify a value, Amazon EKS sets the value to `STANDARD`. It's
700
+ # unnecessary to create access entries for IAM roles used with Fargate
701
+ # profiles or managed Amazon EC2 nodes, because Amazon EKS creates
702
+ # entries in the `aws-auth` `ConfigMap` for the roles. You can't change
703
+ # this value once you've created the access entry.
704
+ #
705
+ # If you set the value to `EC2_LINUX` or `EC2_WINDOWS`, you can't
706
+ # specify values for `kubernetesGroups`, or associate an `AccessPolicy`
707
+ # to the access entry.
708
+ #
709
+ # @return [Types::CreateAccessEntryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
710
+ #
711
+ # * {Types::CreateAccessEntryResponse#access_entry #access_entry} => Types::AccessEntry
712
+ #
713
+ # @example Request syntax with placeholder values
714
+ #
715
+ # resp = client.create_access_entry({
716
+ # cluster_name: "String", # required
717
+ # principal_arn: "String", # required
718
+ # kubernetes_groups: ["String"],
719
+ # tags: {
720
+ # "TagKey" => "TagValue",
721
+ # },
722
+ # client_request_token: "String",
723
+ # username: "String",
724
+ # type: "String",
725
+ # })
726
+ #
727
+ # @example Response structure
728
+ #
729
+ # resp.access_entry.cluster_name #=> String
730
+ # resp.access_entry.principal_arn #=> String
731
+ # resp.access_entry.kubernetes_groups #=> Array
732
+ # resp.access_entry.kubernetes_groups[0] #=> String
733
+ # resp.access_entry.access_entry_arn #=> String
734
+ # resp.access_entry.created_at #=> Time
735
+ # resp.access_entry.modified_at #=> Time
736
+ # resp.access_entry.tags #=> Hash
737
+ # resp.access_entry.tags["TagKey"] #=> String
738
+ # resp.access_entry.username #=> String
739
+ # resp.access_entry.type #=> String
740
+ #
741
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAccessEntry AWS API Documentation
742
+ #
743
+ # @overload create_access_entry(params = {})
744
+ # @param [Hash] params ({})
745
+ def create_access_entry(params = {}, options = {})
746
+ req = build_request(:create_access_entry, params)
747
+ req.send_request(options)
748
+ end
749
+
541
750
  # Creates an Amazon EKS add-on.
542
751
  #
543
752
  # Amazon EKS add-ons help to automate the provisioning and lifecycle
@@ -550,15 +759,11 @@ module Aws::EKS
550
759
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html
551
760
  #
552
761
  # @option params [required, String] :cluster_name
553
- # The name of the cluster to create the add-on for.
762
+ # The name of your cluster.
554
763
  #
555
764
  # @option params [required, String] :addon_name
556
- # The name of the add-on. The name must match one of the names that [
557
- # `DescribeAddonVersions` ][1] returns.
558
- #
559
- #
560
- #
561
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html
765
+ # The name of the add-on. The name must match one of the names returned
766
+ # by `DescribeAddonVersions`.
562
767
  #
563
768
  # @option params [String] :addon_version
564
769
  # The version of the add-on. The version must match one of the versions
@@ -625,18 +830,14 @@ module Aws::EKS
625
830
  # not need to pass this option.**
626
831
  #
627
832
  # @option params [Hash<String,String>] :tags
628
- # The metadata to apply to the cluster to assist with categorization and
629
- # organization. Each tag consists of a key and an optional value. You
630
- # define both.
833
+ # Metadata that assists with categorization and organization. Each tag
834
+ # consists of a key and an optional value. You define both. Tags don't
835
+ # propagate to any other cluster or Amazon Web Services resources.
631
836
  #
632
837
  # @option params [String] :configuration_values
633
838
  # The set of configuration values for the add-on that's created. The
634
- # values that you provide are validated against the schema in [
635
- # `DescribeAddonConfiguration` ][1].
636
- #
637
- #
638
- #
639
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html
839
+ # values that you provide are validated against the schema returned by
840
+ # `DescribeAddonConfiguration`.
640
841
  #
641
842
  # @return [Types::CreateAddonResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
642
843
  #
@@ -801,16 +1002,16 @@ module Aws::EKS
801
1002
  # [2]: http://aws.amazon.com/cloudwatch/pricing/
802
1003
  #
803
1004
  # @option params [String] :client_request_token
804
- # Unique, case-sensitive identifier that you provide to ensure the
1005
+ # A unique, case-sensitive identifier that you provide to ensure the
805
1006
  # idempotency of the request.
806
1007
  #
807
1008
  # **A suitable default value is auto-generated.** You should normally
808
1009
  # not need to pass this option.**
809
1010
  #
810
1011
  # @option params [Hash<String,String>] :tags
811
- # The metadata to apply to the cluster to assist with categorization and
812
- # organization. Each tag consists of a key and an optional value. You
813
- # define both.
1012
+ # Metadata that assists with categorization and organization. Each tag
1013
+ # consists of a key and an optional value. You define both. Tags don't
1014
+ # propagate to any other cluster or Amazon Web Services resources.
814
1015
  #
815
1016
  # @option params [Array<Types::EncryptionConfig>] :encryption_config
816
1017
  # The encryption configuration for the cluster.
@@ -827,6 +1028,9 @@ module Aws::EKS
827
1028
  #
828
1029
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-local-cluster-overview.html
829
1030
  #
1031
+ # @option params [Types::CreateAccessConfigRequest] :access_config
1032
+ # The access configuration for the cluster.
1033
+ #
830
1034
  # @return [Types::CreateClusterResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
831
1035
  #
832
1036
  # * {Types::CreateClusterResponse#cluster #cluster} => Types::Cluster
@@ -900,6 +1104,10 @@ module Aws::EKS
900
1104
  # group_name: "String",
901
1105
  # },
902
1106
  # },
1107
+ # access_config: {
1108
+ # bootstrap_cluster_creator_admin_permissions: false,
1109
+ # authentication_mode: "API", # accepts API, API_AND_CONFIG_MAP, CONFIG_MAP
1110
+ # },
903
1111
  # })
904
1112
  #
905
1113
  # @example Response structure
@@ -953,6 +1161,8 @@ module Aws::EKS
953
1161
  # resp.cluster.outpost_config.outpost_arns[0] #=> String
954
1162
  # resp.cluster.outpost_config.control_plane_instance_type #=> String
955
1163
  # resp.cluster.outpost_config.control_plane_placement.group_name #=> String
1164
+ # resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
1165
+ # resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"
956
1166
  #
957
1167
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateCluster AWS API Documentation
958
1168
  #
@@ -998,7 +1208,7 @@ module Aws::EKS
998
1208
  # of the term.
999
1209
  #
1000
1210
  # @option params [String] :client_request_token
1001
- # Unique, case-sensitive identifier that you provide to ensure the
1211
+ # A unique, case-sensitive identifier that you provide to ensure the
1002
1212
  # idempotency of the request.
1003
1213
  #
1004
1214
  # **A suitable default value is auto-generated.** You should normally
@@ -1090,7 +1300,7 @@ module Aws::EKS
1090
1300
  # must wait for that Fargate profile to finish deleting before you can
1091
1301
  # create any other profiles in that cluster.
1092
1302
  #
1093
- # For more information, see [Fargate Profile][3] in the *Amazon EKS User
1303
+ # For more information, see [Fargate profile][3] in the *Amazon EKS User
1094
1304
  # Guide*.
1095
1305
  #
1096
1306
  #
@@ -1103,45 +1313,42 @@ module Aws::EKS
1103
1313
  # The name of the Fargate profile.
1104
1314
  #
1105
1315
  # @option params [required, String] :cluster_name
1106
- # The name of the Amazon EKS cluster to apply the Fargate profile to.
1316
+ # The name of your cluster.
1107
1317
  #
1108
1318
  # @option params [required, String] :pod_execution_role_arn
1109
- # The Amazon Resource Name (ARN) of the pod execution role to use for
1110
- # pods that match the selectors in the Fargate profile. The pod
1319
+ # The Amazon Resource Name (ARN) of the `Pod` execution role to use for
1320
+ # a `Pod` that matches the selectors in the Fargate profile. The `Pod`
1111
1321
  # execution role allows Fargate infrastructure to register with your
1112
1322
  # cluster as a node, and it provides read access to Amazon ECR image
1113
- # repositories. For more information, see [Pod Execution Role][1] in the
1114
- # *Amazon EKS User Guide*.
1323
+ # repositories. For more information, see [ `Pod` execution role][1] in
1324
+ # the *Amazon EKS User Guide*.
1115
1325
  #
1116
1326
  #
1117
1327
  #
1118
1328
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html
1119
1329
  #
1120
1330
  # @option params [Array<String>] :subnets
1121
- # The IDs of subnets to launch your pods into. At this time, pods
1122
- # running on Fargate are not assigned public IP addresses, so only
1123
- # private subnets (with no direct route to an Internet Gateway) are
1124
- # accepted for this parameter.
1331
+ # The IDs of subnets to launch a `Pod` into. A `Pod` running on Fargate
1332
+ # isn't assigned a public IP address, so only private subnets (with no
1333
+ # direct route to an Internet Gateway) are accepted for this parameter.
1125
1334
  #
1126
1335
  # @option params [Array<Types::FargateProfileSelector>] :selectors
1127
- # The selectors to match for pods to use this Fargate profile. Each
1128
- # selector must have an associated namespace. Optionally, you can also
1129
- # specify labels for a namespace. You may specify up to five selectors
1130
- # in a Fargate profile.
1336
+ # The selectors to match for a `Pod` to use this Fargate profile. Each
1337
+ # selector must have an associated Kubernetes `namespace`. Optionally,
1338
+ # you can also specify `labels` for a `namespace`. You may specify up to
1339
+ # five selectors in a Fargate profile.
1131
1340
  #
1132
1341
  # @option params [String] :client_request_token
1133
- # Unique, case-sensitive identifier that you provide to ensure the
1342
+ # A unique, case-sensitive identifier that you provide to ensure the
1134
1343
  # idempotency of the request.
1135
1344
  #
1136
1345
  # **A suitable default value is auto-generated.** You should normally
1137
1346
  # not need to pass this option.**
1138
1347
  #
1139
1348
  # @option params [Hash<String,String>] :tags
1140
- # The metadata to apply to the Fargate profile to assist with
1141
- # categorization and organization. Each tag consists of a key and an
1142
- # optional value. You define both. Fargate profile tags do not propagate
1143
- # to any other resources associated with the Fargate profile, such as
1144
- # the pods that are scheduled with it.
1349
+ # Metadata that assists with categorization and organization. Each tag
1350
+ # consists of a key and an optional value. You define both. Tags don't
1351
+ # propagate to any other cluster or Amazon Web Services resources.
1145
1352
  #
1146
1353
  # @return [Types::CreateFargateProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1147
1354
  #
@@ -1194,26 +1401,32 @@ module Aws::EKS
1194
1401
  req.send_request(options)
1195
1402
  end
1196
1403
 
1197
- # Creates a managed node group for an Amazon EKS cluster. You can only
1198
- # create a node group for your cluster that is equal to the current
1199
- # Kubernetes version for the cluster.
1404
+ # Creates a managed node group for an Amazon EKS cluster.
1405
+ #
1406
+ # You can only create a node group for your cluster that is equal to the
1407
+ # current Kubernetes version for the cluster. All node groups are
1408
+ # created with the latest AMI release version for the respective minor
1409
+ # Kubernetes version of the cluster, unless you deploy a custom AMI
1410
+ # using a launch template. For more information about using launch
1411
+ # templates, see [Launch template support][1].
1200
1412
  #
1201
1413
  # An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group
1202
1414
  # and associated Amazon EC2 instances that are managed by Amazon Web
1203
1415
  # Services for an Amazon EKS cluster. For more information, see [Managed
1204
- # node groups][1] in the *Amazon EKS User Guide*.
1416
+ # node groups][2] in the *Amazon EKS User Guide*.
1205
1417
  #
1206
- # <note markdown="1"> Windows AMI types are only supported for commercial Regions that
1207
- # support Windows Amazon EKS.
1418
+ # <note markdown="1"> Windows AMI types are only supported for commercial Amazon Web
1419
+ # Services Regions that support Windows on Amazon EKS.
1208
1420
  #
1209
1421
  # </note>
1210
1422
  #
1211
1423
  #
1212
1424
  #
1213
- # [1]: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
1425
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1426
+ # [2]: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
1214
1427
  #
1215
1428
  # @option params [required, String] :cluster_name
1216
- # The name of the cluster to create the node group in.
1429
+ # The name of your cluster.
1217
1430
  #
1218
1431
  # @option params [required, String] :nodegroup_name
1219
1432
  # The unique name to give your node group.
@@ -1236,16 +1449,14 @@ module Aws::EKS
1236
1449
  #
1237
1450
  # @option params [required, Array<String>] :subnets
1238
1451
  # The subnets to use for the Auto Scaling group that is created for your
1239
- # node group. If you specify `launchTemplate`, then don't specify [
1240
- # `SubnetId` ][1] in your launch template, or the node group deployment
1241
- # will fail. For more information about using launch templates with
1242
- # Amazon EKS, see [Launch template support][2] in the *Amazon EKS User
1243
- # Guide*.
1452
+ # node group. If you specify `launchTemplate`, then don't specify `
1453
+ # SubnetId ` in your launch template, or the node group deployment will
1454
+ # fail. For more information about using launch templates with Amazon
1455
+ # EKS, see [Launch template support][1] in the *Amazon EKS User Guide*.
1244
1456
  #
1245
1457
  #
1246
1458
  #
1247
- # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html
1248
- # [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1459
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1249
1460
  #
1250
1461
  # @option params [Array<String>] :instance_types
1251
1462
  # Specify the instance types for a node group. If you specify a GPU
@@ -1301,20 +1512,19 @@ module Aws::EKS
1301
1512
  # cluster, you must create an IAM role for those nodes to use when they
1302
1513
  # are launched. For more information, see [Amazon EKS node IAM role][1]
1303
1514
  # in the <i> <i>Amazon EKS User Guide</i> </i>. If you specify
1304
- # `launchTemplate`, then don't specify [ `IamInstanceProfile` ][2] in
1305
- # your launch template, or the node group deployment will fail. For more
1515
+ # `launchTemplate`, then don't specify ` IamInstanceProfile ` in your
1516
+ # launch template, or the node group deployment will fail. For more
1306
1517
  # information about using launch templates with Amazon EKS, see [Launch
1307
- # template support][3] in the *Amazon EKS User Guide*.
1518
+ # template support][2] in the *Amazon EKS User Guide*.
1308
1519
  #
1309
1520
  #
1310
1521
  #
1311
1522
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html
1312
- # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html
1313
- # [3]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1523
+ # [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
1314
1524
  #
1315
1525
  # @option params [Hash<String,String>] :labels
1316
- # The Kubernetes labels to be applied to the nodes in the node group
1317
- # when they are created.
1526
+ # The Kubernetes `labels` to apply to the nodes in the node group when
1527
+ # they are created.
1318
1528
  #
1319
1529
  # @option params [Array<Types::Taint>] :taints
1320
1530
  # The Kubernetes taints to be applied to the nodes in the node group.
@@ -1325,14 +1535,12 @@ module Aws::EKS
1325
1535
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html
1326
1536
  #
1327
1537
  # @option params [Hash<String,String>] :tags
1328
- # The metadata to apply to the node group to assist with categorization
1329
- # and organization. Each tag consists of a key and an optional value.
1330
- # You define both. Node group tags do not propagate to any other
1331
- # resources associated with the node group, such as the Amazon EC2
1332
- # instances or subnets.
1538
+ # Metadata that assists with categorization and organization. Each tag
1539
+ # consists of a key and an optional value. You define both. Tags don't
1540
+ # propagate to any other cluster or Amazon Web Services resources.
1333
1541
  #
1334
1542
  # @option params [String] :client_request_token
1335
- # Unique, case-sensitive identifier that you provide to ensure the
1543
+ # A unique, case-sensitive identifier that you provide to ensure the
1336
1544
  # idempotency of the request.
1337
1545
  #
1338
1546
  # **A suitable default value is auto-generated.** You should normally
@@ -1497,7 +1705,7 @@ module Aws::EKS
1497
1705
  # credentials are rotated automatically.
1498
1706
  #
1499
1707
  # Amazon EKS Pod Identity associations provide the ability to manage
1500
- # credentials for your applications, similar to the way that 7EC2l
1708
+ # credentials for your applications, similar to the way that Amazon EC2
1501
1709
  # instance profiles provide credentials to Amazon EC2 instances.
1502
1710
  #
1503
1711
  # If a pod uses a service account that has an association, Amazon EKS
@@ -1530,16 +1738,16 @@ module Aws::EKS
1530
1738
  # use this service account.
1531
1739
  #
1532
1740
  # @option params [String] :client_request_token
1533
- # Unique, case-sensitive identifier that you provide to ensure the
1741
+ # A unique, case-sensitive identifier that you provide to ensure the
1534
1742
  # idempotency of the request.
1535
1743
  #
1536
1744
  # **A suitable default value is auto-generated.** You should normally
1537
1745
  # not need to pass this option.**
1538
1746
  #
1539
1747
  # @option params [Hash<String,String>] :tags
1540
- # The metadata that you apply to a resource to assist with
1541
- # categorization and organization. Each tag consists of a key and an
1542
- # optional value. You define both.
1748
+ # Metadata that assists with categorization and organization. Each tag
1749
+ # consists of a key and an optional value. You define both. Tags don't
1750
+ # propagate to any other cluster or Amazon Web Services resources.
1543
1751
  #
1544
1752
  # The following basic restrictions apply to tags:
1545
1753
  #
@@ -1605,14 +1813,44 @@ module Aws::EKS
1605
1813
  req.send_request(options)
1606
1814
  end
1607
1815
 
1608
- # Delete an Amazon EKS add-on.
1816
+ # Deletes an access entry.
1817
+ #
1818
+ # Deleting an access entry of a type other than `Standard` can cause
1819
+ # your cluster to function improperly. If you delete an access entry in
1820
+ # error, you can recreate it.
1821
+ #
1822
+ # @option params [required, String] :cluster_name
1823
+ # The name of your cluster.
1824
+ #
1825
+ # @option params [required, String] :principal_arn
1826
+ # The ARN of the IAM principal for the `AccessEntry`.
1827
+ #
1828
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1829
+ #
1830
+ # @example Request syntax with placeholder values
1831
+ #
1832
+ # resp = client.delete_access_entry({
1833
+ # cluster_name: "String", # required
1834
+ # principal_arn: "String", # required
1835
+ # })
1836
+ #
1837
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteAccessEntry AWS API Documentation
1838
+ #
1839
+ # @overload delete_access_entry(params = {})
1840
+ # @param [Hash] params ({})
1841
+ def delete_access_entry(params = {}, options = {})
1842
+ req = build_request(:delete_access_entry, params)
1843
+ req.send_request(options)
1844
+ end
1845
+
1846
+ # Deletes an Amazon EKS add-on.
1609
1847
  #
1610
- # When you remove the add-on, it will also be deleted from the cluster.
1611
- # You can always manually start an add-on on the cluster using the
1612
- # Kubernetes API.
1848
+ # When you remove an add-on, it's deleted from the cluster. You can
1849
+ # always manually start an add-on on the cluster using the Kubernetes
1850
+ # API.
1613
1851
  #
1614
1852
  # @option params [required, String] :cluster_name
1615
- # The name of the cluster to delete the add-on from.
1853
+ # The name of your cluster.
1616
1854
  #
1617
1855
  # @option params [required, String] :addon_name
1618
1856
  # The name of the add-on. The name must match one of the names returned
@@ -1671,18 +1909,18 @@ module Aws::EKS
1671
1909
  req.send_request(options)
1672
1910
  end
1673
1911
 
1674
- # Deletes the Amazon EKS cluster control plane.
1912
+ # Deletes an Amazon EKS cluster control plane.
1675
1913
  #
1676
1914
  # If you have active services in your cluster that are associated with a
1677
1915
  # load balancer, you must delete those services before deleting the
1678
1916
  # cluster so that the load balancers are deleted properly. Otherwise,
1679
1917
  # you can have orphaned resources in your VPC that prevent you from
1680
1918
  # being able to delete the VPC. For more information, see [Deleting a
1681
- # Cluster][1] in the *Amazon EKS User Guide*.
1919
+ # cluster][1] in the *Amazon EKS User Guide*.
1682
1920
  #
1683
1921
  # If you have managed node groups or Fargate profiles attached to the
1684
1922
  # cluster, you must delete them first. For more information, see
1685
- # DeleteNodegroup and DeleteFargateProfile.
1923
+ # `DeleteNodgroup` and `DeleteFargateProfile`.
1686
1924
  #
1687
1925
  #
1688
1926
  #
@@ -1765,6 +2003,8 @@ module Aws::EKS
1765
2003
  # resp.cluster.outpost_config.outpost_arns[0] #=> String
1766
2004
  # resp.cluster.outpost_config.control_plane_instance_type #=> String
1767
2005
  # resp.cluster.outpost_config.control_plane_placement.group_name #=> String
2006
+ # resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
2007
+ # resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"
1768
2008
  #
1769
2009
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteCluster AWS API Documentation
1770
2010
  #
@@ -1823,19 +2063,18 @@ module Aws::EKS
1823
2063
 
1824
2064
  # Deletes an Fargate profile.
1825
2065
  #
1826
- # When you delete a Fargate profile, any pods running on Fargate that
1827
- # were created with the profile are deleted. If those pods match another
1828
- # Fargate profile, then they are scheduled on Fargate with that profile.
1829
- # If they no longer match any Fargate profiles, then they are not
1830
- # scheduled on Fargate and they may remain in a pending state.
2066
+ # When you delete a Fargate profile, any `Pod` running on Fargate that
2067
+ # was created with the profile is deleted. If the `Pod` matches another
2068
+ # Fargate profile, then it is scheduled on Fargate with that profile. If
2069
+ # it no longer matches any Fargate profiles, then it's not scheduled on
2070
+ # Fargate and may remain in a pending state.
1831
2071
  #
1832
2072
  # Only one Fargate profile in a cluster can be in the `DELETING` status
1833
2073
  # at a time. You must wait for a Fargate profile to finish deleting
1834
2074
  # before you can delete any other profiles in that cluster.
1835
2075
  #
1836
2076
  # @option params [required, String] :cluster_name
1837
- # The name of the Amazon EKS cluster associated with the Fargate profile
1838
- # to delete.
2077
+ # The name of your cluster.
1839
2078
  #
1840
2079
  # @option params [required, String] :fargate_profile_name
1841
2080
  # The name of the Fargate profile to delete.
@@ -1877,11 +2116,10 @@ module Aws::EKS
1877
2116
  req.send_request(options)
1878
2117
  end
1879
2118
 
1880
- # Deletes an Amazon EKS node group for a cluster.
2119
+ # Deletes a managed node group.
1881
2120
  #
1882
2121
  # @option params [required, String] :cluster_name
1883
- # The name of the Amazon EKS cluster that is associated with your node
1884
- # group.
2122
+ # The name of your cluster.
1885
2123
  #
1886
2124
  # @option params [required, String] :nodegroup_name
1887
2125
  # The name of the node group to delete.
@@ -2001,6 +2239,13 @@ module Aws::EKS
2001
2239
  # Deregisters a connected cluster to remove it from the Amazon EKS
2002
2240
  # control plane.
2003
2241
  #
2242
+ # A connected cluster is a Kubernetes cluster that you've connected to
2243
+ # your control plane using the [Amazon EKS Connector][1].
2244
+ #
2245
+ #
2246
+ #
2247
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html
2248
+ #
2004
2249
  # @option params [required, String] :name
2005
2250
  # The name of the connected cluster to deregister.
2006
2251
  #
@@ -2065,6 +2310,8 @@ module Aws::EKS
2065
2310
  # resp.cluster.outpost_config.outpost_arns[0] #=> String
2066
2311
  # resp.cluster.outpost_config.control_plane_instance_type #=> String
2067
2312
  # resp.cluster.outpost_config.control_plane_placement.group_name #=> String
2313
+ # resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
2314
+ # resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"
2068
2315
  #
2069
2316
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeregisterCluster AWS API Documentation
2070
2317
  #
@@ -2075,10 +2322,52 @@ module Aws::EKS
2075
2322
  req.send_request(options)
2076
2323
  end
2077
2324
 
2325
+ # Describes an access entry.
2326
+ #
2327
+ # @option params [required, String] :cluster_name
2328
+ # The name of your cluster.
2329
+ #
2330
+ # @option params [required, String] :principal_arn
2331
+ # The ARN of the IAM principal for the `AccessEntry`.
2332
+ #
2333
+ # @return [Types::DescribeAccessEntryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2334
+ #
2335
+ # * {Types::DescribeAccessEntryResponse#access_entry #access_entry} => Types::AccessEntry
2336
+ #
2337
+ # @example Request syntax with placeholder values
2338
+ #
2339
+ # resp = client.describe_access_entry({
2340
+ # cluster_name: "String", # required
2341
+ # principal_arn: "String", # required
2342
+ # })
2343
+ #
2344
+ # @example Response structure
2345
+ #
2346
+ # resp.access_entry.cluster_name #=> String
2347
+ # resp.access_entry.principal_arn #=> String
2348
+ # resp.access_entry.kubernetes_groups #=> Array
2349
+ # resp.access_entry.kubernetes_groups[0] #=> String
2350
+ # resp.access_entry.access_entry_arn #=> String
2351
+ # resp.access_entry.created_at #=> Time
2352
+ # resp.access_entry.modified_at #=> Time
2353
+ # resp.access_entry.tags #=> Hash
2354
+ # resp.access_entry.tags["TagKey"] #=> String
2355
+ # resp.access_entry.username #=> String
2356
+ # resp.access_entry.type #=> String
2357
+ #
2358
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAccessEntry AWS API Documentation
2359
+ #
2360
+ # @overload describe_access_entry(params = {})
2361
+ # @param [Hash] params ({})
2362
+ def describe_access_entry(params = {}, options = {})
2363
+ req = build_request(:describe_access_entry, params)
2364
+ req.send_request(options)
2365
+ end
2366
+
2078
2367
  # Describes an Amazon EKS add-on.
2079
2368
  #
2080
2369
  # @option params [required, String] :cluster_name
2081
- # The name of the cluster.
2370
+ # The name of your cluster.
2082
2371
  #
2083
2372
  # @option params [required, String] :addon_name
2084
2373
  # The name of the add-on. The name must match one of the names returned
@@ -2140,12 +2429,8 @@ module Aws::EKS
2140
2429
  # Returns configuration options.
2141
2430
  #
2142
2431
  # @option params [required, String] :addon_name
2143
- # The name of the add-on. The name must match one of the names that [
2144
- # `DescribeAddonVersions` ][1] returns.
2145
- #
2146
- #
2147
- #
2148
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html
2432
+ # The name of the add-on. The name must match one of the names returned
2433
+ # by `DescribeAddonVersions`.
2149
2434
  #
2150
2435
  # @option params [required, String] :addon_version
2151
2436
  # The version of the add-on. The version must match one of the versions
@@ -2183,22 +2468,30 @@ module Aws::EKS
2183
2468
  req.send_request(options)
2184
2469
  end
2185
2470
 
2186
- # Describes the versions for an add-on. Information such as the
2187
- # Kubernetes versions that you can use the add-on with, the `owner`,
2188
- # `publisher`, and the `type` of the add-on are returned.
2471
+ # Describes the versions for an add-on.
2472
+ #
2473
+ # Information such as the Kubernetes versions that you can use the
2474
+ # add-on with, the `owner`, `publisher`, and the `type` of the add-on
2475
+ # are returned.
2189
2476
  #
2190
2477
  # @option params [String] :kubernetes_version
2191
2478
  # The Kubernetes versions that you can use the add-on with.
2192
2479
  #
2193
2480
  # @option params [Integer] :max_results
2194
- # The maximum number of results to return.
2481
+ # The maximum number of results, returned in paginated output. You
2482
+ # receive `maxResults` in a single page, along with a `nextToken`
2483
+ # response element. You can see the remaining results of the initial
2484
+ # request by sending another request with the returned `nextToken`
2485
+ # value. This value can be between 1 and 100. If you don't use this
2486
+ # parameter, 100 results and a `nextToken` value, if applicable, are
2487
+ # returned.
2195
2488
  #
2196
2489
  # @option params [String] :next_token
2197
- # The `nextToken` value returned from a previous paginated
2198
- # `DescribeAddonVersionsRequest` where `maxResults` was used and the
2199
- # results exceeded the value of that parameter. Pagination continues
2200
- # from the end of the previous results that returned the `nextToken`
2201
- # value.
2490
+ # The `nextToken` value returned from a previous paginated request,
2491
+ # where `maxResults` was used and the results exceeded the value of that
2492
+ # parameter. Pagination continues from the end of the previous results
2493
+ # that returned the `nextToken` value. This value is null when there are
2494
+ # no more results to return.
2202
2495
  #
2203
2496
  # <note markdown="1"> This token should be treated as an opaque identifier that is used only
2204
2497
  # to retrieve the next items in a list and not for other programmatic
@@ -2275,12 +2568,12 @@ module Aws::EKS
2275
2568
  req.send_request(options)
2276
2569
  end
2277
2570
 
2278
- # Returns descriptive information about an Amazon EKS cluster.
2571
+ # Describes an Amazon EKS cluster.
2279
2572
  #
2280
2573
  # The API server endpoint and certificate authority data returned by
2281
2574
  # this operation are required for `kubelet` and `kubectl` to communicate
2282
- # with your Kubernetes API server. For more information, see [Create a
2283
- # kubeconfig for Amazon EKS][1].
2575
+ # with your Kubernetes API server. For more information, see [Creating
2576
+ # or updating a `kubeconfig` file for an Amazon EKS cluster][1].
2284
2577
  #
2285
2578
  # <note markdown="1"> The API server endpoint and certificate authority data aren't
2286
2579
  # available until the cluster reaches the `ACTIVE` state.
@@ -2292,7 +2585,7 @@ module Aws::EKS
2292
2585
  # [1]: https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
2293
2586
  #
2294
2587
  # @option params [required, String] :name
2295
- # The name of the cluster to describe.
2588
+ # The name of your cluster.
2296
2589
  #
2297
2590
  # @return [Types::DescribeClusterResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2298
2591
  #
@@ -2390,6 +2683,8 @@ module Aws::EKS
2390
2683
  # resp.cluster.outpost_config.outpost_arns[0] #=> String
2391
2684
  # resp.cluster.outpost_config.control_plane_instance_type #=> String
2392
2685
  # resp.cluster.outpost_config.control_plane_placement.group_name #=> String
2686
+ # resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
2687
+ # resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"
2393
2688
  #
2394
2689
  #
2395
2690
  # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -2448,11 +2743,10 @@ module Aws::EKS
2448
2743
  req.send_request(options)
2449
2744
  end
2450
2745
 
2451
- # Returns descriptive information about an Fargate profile.
2746
+ # Describes an Fargate profile.
2452
2747
  #
2453
2748
  # @option params [required, String] :cluster_name
2454
- # The name of the Amazon EKS cluster associated with the Fargate
2455
- # profile.
2749
+ # The name of your cluster.
2456
2750
  #
2457
2751
  # @option params [required, String] :fargate_profile_name
2458
2752
  # The name of the Fargate profile to describe.
@@ -2500,12 +2794,10 @@ module Aws::EKS
2500
2794
  req.send_request(options)
2501
2795
  end
2502
2796
 
2503
- # Returns descriptive information about an identity provider
2504
- # configuration.
2797
+ # Describes an identity provider configuration.
2505
2798
  #
2506
2799
  # @option params [required, String] :cluster_name
2507
- # The cluster name that the identity provider configuration is
2508
- # associated to.
2800
+ # The name of your cluster.
2509
2801
  #
2510
2802
  # @option params [required, Types::IdentityProviderConfig] :identity_provider_config
2511
2803
  # An object representing an identity provider configuration.
@@ -2550,10 +2842,67 @@ module Aws::EKS
2550
2842
  req.send_request(options)
2551
2843
  end
2552
2844
 
2553
- # Returns descriptive information about an Amazon EKS node group.
2845
+ # Returns details about an insight that you specify using its ID.
2846
+ #
2847
+ # @option params [required, String] :cluster_name
2848
+ # The name of the cluster to describe the insight for.
2849
+ #
2850
+ # @option params [required, String] :id
2851
+ # The identity of the insight to describe.
2852
+ #
2853
+ # @return [Types::DescribeInsightResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2854
+ #
2855
+ # * {Types::DescribeInsightResponse#insight #insight} => Types::Insight
2856
+ #
2857
+ # @example Request syntax with placeholder values
2858
+ #
2859
+ # resp = client.describe_insight({
2860
+ # cluster_name: "String", # required
2861
+ # id: "String", # required
2862
+ # })
2863
+ #
2864
+ # @example Response structure
2865
+ #
2866
+ # resp.insight.id #=> String
2867
+ # resp.insight.name #=> String
2868
+ # resp.insight.category #=> String, one of "UPGRADE_READINESS"
2869
+ # resp.insight.kubernetes_version #=> String
2870
+ # resp.insight.last_refresh_time #=> Time
2871
+ # resp.insight.last_transition_time #=> Time
2872
+ # resp.insight.description #=> String
2873
+ # resp.insight.insight_status.status #=> String, one of "PASSING", "WARNING", "ERROR", "UNKNOWN"
2874
+ # resp.insight.insight_status.reason #=> String
2875
+ # resp.insight.recommendation #=> String
2876
+ # resp.insight.additional_info #=> Hash
2877
+ # resp.insight.additional_info["String"] #=> String
2878
+ # resp.insight.resources #=> Array
2879
+ # resp.insight.resources[0].insight_status.status #=> String, one of "PASSING", "WARNING", "ERROR", "UNKNOWN"
2880
+ # resp.insight.resources[0].insight_status.reason #=> String
2881
+ # resp.insight.resources[0].kubernetes_resource_uri #=> String
2882
+ # resp.insight.resources[0].arn #=> String
2883
+ # resp.insight.category_specific_summary.deprecation_details #=> Array
2884
+ # resp.insight.category_specific_summary.deprecation_details[0].usage #=> String
2885
+ # resp.insight.category_specific_summary.deprecation_details[0].replaced_with #=> String
2886
+ # resp.insight.category_specific_summary.deprecation_details[0].stop_serving_version #=> String
2887
+ # resp.insight.category_specific_summary.deprecation_details[0].start_serving_replacement_version #=> String
2888
+ # resp.insight.category_specific_summary.deprecation_details[0].client_stats #=> Array
2889
+ # resp.insight.category_specific_summary.deprecation_details[0].client_stats[0].user_agent #=> String
2890
+ # resp.insight.category_specific_summary.deprecation_details[0].client_stats[0].number_of_requests_last_30_days #=> Integer
2891
+ # resp.insight.category_specific_summary.deprecation_details[0].client_stats[0].last_request_time #=> Time
2892
+ #
2893
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeInsight AWS API Documentation
2894
+ #
2895
+ # @overload describe_insight(params = {})
2896
+ # @param [Hash] params ({})
2897
+ def describe_insight(params = {}, options = {})
2898
+ req = build_request(:describe_insight, params)
2899
+ req.send_request(options)
2900
+ end
2901
+
2902
+ # Describes a managed node group.
2554
2903
  #
2555
2904
  # @option params [required, String] :cluster_name
2556
- # The name of the Amazon EKS cluster associated with the node group.
2905
+ # The name of your cluster.
2557
2906
  #
2558
2907
  # @option params [required, String] :nodegroup_name
2559
2908
  # The name of the node group to describe.
@@ -2677,8 +3026,7 @@ module Aws::EKS
2677
3026
  req.send_request(options)
2678
3027
  end
2679
3028
 
2680
- # Returns descriptive information about an update against your Amazon
2681
- # EKS cluster or associated managed node group or Amazon EKS add-on.
3029
+ # Describes an update to an Amazon EKS resource.
2682
3030
  #
2683
3031
  # When the status of the update is `Succeeded`, the update is complete.
2684
3032
  # If an update fails, the status is `Failed`, and an error detail
@@ -2720,9 +3068,9 @@ module Aws::EKS
2720
3068
  #
2721
3069
  # resp.update.id #=> String
2722
3070
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
2723
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
3071
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
2724
3072
  # resp.update.params #=> Array
2725
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
3073
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
2726
3074
  # resp.update.params[0].value #=> String
2727
3075
  # resp.update.created_at #=> Time
2728
3076
  # resp.update.errors #=> Array
@@ -2740,17 +3088,45 @@ module Aws::EKS
2740
3088
  req.send_request(options)
2741
3089
  end
2742
3090
 
2743
- # Disassociates an identity provider configuration from a cluster. If
2744
- # you disassociate an identity provider from your cluster, users
2745
- # included in the provider can no longer access the cluster. However,
2746
- # you can still access the cluster with [IAM principals][1].
3091
+ # Disassociates an access policy from an access entry.
3092
+ #
3093
+ # @option params [required, String] :cluster_name
3094
+ # The name of your cluster.
3095
+ #
3096
+ # @option params [required, String] :principal_arn
3097
+ # The ARN of the IAM principal for the `AccessEntry`.
3098
+ #
3099
+ # @option params [required, String] :policy_arn
3100
+ # The ARN of the policy to disassociate from the access entry. For a
3101
+ # list of associated policies ARNs, use `ListAssociatedAccessPolicies`.
2747
3102
  #
3103
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2748
3104
  #
3105
+ # @example Request syntax with placeholder values
2749
3106
  #
2750
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html
3107
+ # resp = client.disassociate_access_policy({
3108
+ # cluster_name: "String", # required
3109
+ # principal_arn: "String", # required
3110
+ # policy_arn: "String", # required
3111
+ # })
3112
+ #
3113
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateAccessPolicy AWS API Documentation
3114
+ #
3115
+ # @overload disassociate_access_policy(params = {})
3116
+ # @param [Hash] params ({})
3117
+ def disassociate_access_policy(params = {}, options = {})
3118
+ req = build_request(:disassociate_access_policy, params)
3119
+ req.send_request(options)
3120
+ end
3121
+
3122
+ # Disassociates an identity provider configuration from a cluster.
3123
+ #
3124
+ # If you disassociate an identity provider from your cluster, users
3125
+ # included in the provider can no longer access the cluster. However,
3126
+ # you can still access the cluster with IAM principals.
2751
3127
  #
2752
3128
  # @option params [required, String] :cluster_name
2753
- # The name of the cluster to disassociate an identity provider from.
3129
+ # The name of your cluster.
2754
3130
  #
2755
3131
  # @option params [required, Types::IdentityProviderConfig] :identity_provider_config
2756
3132
  # An object representing an identity provider configuration.
@@ -2781,9 +3157,9 @@ module Aws::EKS
2781
3157
  #
2782
3158
  # resp.update.id #=> String
2783
3159
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
2784
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
3160
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
2785
3161
  # resp.update.params #=> Array
2786
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
3162
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
2787
3163
  # resp.update.params[0].value #=> String
2788
3164
  # resp.update.created_at #=> Time
2789
3165
  # resp.update.errors #=> Array
@@ -2801,26 +3177,143 @@ module Aws::EKS
2801
3177
  req.send_request(options)
2802
3178
  end
2803
3179
 
3180
+ # Lists the access entries for your cluster.
3181
+ #
3182
+ # @option params [required, String] :cluster_name
3183
+ # The name of your cluster.
3184
+ #
3185
+ # @option params [String] :associated_policy_arn
3186
+ # The ARN of an `AccessPolicy`. When you specify an access policy ARN,
3187
+ # only the access entries associated to that access policy are returned.
3188
+ # For a list of available policy ARNs, use `ListAccessPolicies`.
3189
+ #
3190
+ # @option params [Integer] :max_results
3191
+ # The maximum number of results, returned in paginated output. You
3192
+ # receive `maxResults` in a single page, along with a `nextToken`
3193
+ # response element. You can see the remaining results of the initial
3194
+ # request by sending another request with the returned `nextToken`
3195
+ # value. This value can be between 1 and 100. If you don't use this
3196
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3197
+ # returned.
3198
+ #
3199
+ # @option params [String] :next_token
3200
+ # The `nextToken` value returned from a previous paginated request,
3201
+ # where `maxResults` was used and the results exceeded the value of that
3202
+ # parameter. Pagination continues from the end of the previous results
3203
+ # that returned the `nextToken` value. This value is null when there are
3204
+ # no more results to return.
3205
+ #
3206
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3207
+ # to retrieve the next items in a list and not for other programmatic
3208
+ # purposes.
3209
+ #
3210
+ # </note>
3211
+ #
3212
+ # @return [Types::ListAccessEntriesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3213
+ #
3214
+ # * {Types::ListAccessEntriesResponse#access_entries #access_entries} => Array&lt;String&gt;
3215
+ # * {Types::ListAccessEntriesResponse#next_token #next_token} => String
3216
+ #
3217
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
3218
+ #
3219
+ # @example Request syntax with placeholder values
3220
+ #
3221
+ # resp = client.list_access_entries({
3222
+ # cluster_name: "String", # required
3223
+ # associated_policy_arn: "String",
3224
+ # max_results: 1,
3225
+ # next_token: "String",
3226
+ # })
3227
+ #
3228
+ # @example Response structure
3229
+ #
3230
+ # resp.access_entries #=> Array
3231
+ # resp.access_entries[0] #=> String
3232
+ # resp.next_token #=> String
3233
+ #
3234
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessEntries AWS API Documentation
3235
+ #
3236
+ # @overload list_access_entries(params = {})
3237
+ # @param [Hash] params ({})
3238
+ def list_access_entries(params = {}, options = {})
3239
+ req = build_request(:list_access_entries, params)
3240
+ req.send_request(options)
3241
+ end
3242
+
3243
+ # Lists the available access policies.
3244
+ #
3245
+ # @option params [Integer] :max_results
3246
+ # The maximum number of results, returned in paginated output. You
3247
+ # receive `maxResults` in a single page, along with a `nextToken`
3248
+ # response element. You can see the remaining results of the initial
3249
+ # request by sending another request with the returned `nextToken`
3250
+ # value. This value can be between 1 and 100. If you don't use this
3251
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3252
+ # returned.
3253
+ #
3254
+ # @option params [String] :next_token
3255
+ # The `nextToken` value returned from a previous paginated request,
3256
+ # where `maxResults` was used and the results exceeded the value of that
3257
+ # parameter. Pagination continues from the end of the previous results
3258
+ # that returned the `nextToken` value. This value is null when there are
3259
+ # no more results to return.
3260
+ #
3261
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3262
+ # to retrieve the next items in a list and not for other programmatic
3263
+ # purposes.
3264
+ #
3265
+ # </note>
3266
+ #
3267
+ # @return [Types::ListAccessPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3268
+ #
3269
+ # * {Types::ListAccessPoliciesResponse#access_policies #access_policies} => Array&lt;Types::AccessPolicy&gt;
3270
+ # * {Types::ListAccessPoliciesResponse#next_token #next_token} => String
3271
+ #
3272
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
3273
+ #
3274
+ # @example Request syntax with placeholder values
3275
+ #
3276
+ # resp = client.list_access_policies({
3277
+ # max_results: 1,
3278
+ # next_token: "String",
3279
+ # })
3280
+ #
3281
+ # @example Response structure
3282
+ #
3283
+ # resp.access_policies #=> Array
3284
+ # resp.access_policies[0].name #=> String
3285
+ # resp.access_policies[0].arn #=> String
3286
+ # resp.next_token #=> String
3287
+ #
3288
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessPolicies AWS API Documentation
3289
+ #
3290
+ # @overload list_access_policies(params = {})
3291
+ # @param [Hash] params ({})
3292
+ def list_access_policies(params = {}, options = {})
3293
+ req = build_request(:list_access_policies, params)
3294
+ req.send_request(options)
3295
+ end
3296
+
2804
3297
  # Lists the installed add-ons.
2805
3298
  #
2806
3299
  # @option params [required, String] :cluster_name
2807
- # The name of the cluster.
3300
+ # The name of your cluster.
2808
3301
  #
2809
3302
  # @option params [Integer] :max_results
2810
- # The maximum number of add-on results returned by `ListAddonsRequest`
2811
- # in paginated output. When you use this parameter, `ListAddonsRequest`
2812
- # returns only `maxResults` results in a single page along with a
2813
- # `nextToken` response element. You can see the remaining results of the
2814
- # initial request by sending another `ListAddonsRequest` request with
2815
- # the returned `nextToken` value. This value can be between 1 and 100.
2816
- # If you don't use this parameter, `ListAddonsRequest` returns up to
2817
- # 100 results and a `nextToken` value, if applicable.
3303
+ # The maximum number of results, returned in paginated output. You
3304
+ # receive `maxResults` in a single page, along with a `nextToken`
3305
+ # response element. You can see the remaining results of the initial
3306
+ # request by sending another request with the returned `nextToken`
3307
+ # value. This value can be between 1 and 100. If you don't use this
3308
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3309
+ # returned.
2818
3310
  #
2819
3311
  # @option params [String] :next_token
2820
- # The `nextToken` value returned from a previous paginated
2821
- # `ListAddonsRequest` where `maxResults` was used and the results
2822
- # exceeded the value of that parameter. Pagination continues from the
2823
- # end of the previous results that returned the `nextToken` value.
3312
+ # The `nextToken` value returned from a previous paginated request,
3313
+ # where `maxResults` was used and the results exceeded the value of that
3314
+ # parameter. Pagination continues from the end of the previous results
3315
+ # that returned the `nextToken` value. This value is null when there are
3316
+ # no more results to return.
2824
3317
  #
2825
3318
  # <note markdown="1"> This token should be treated as an opaque identifier that is used only
2826
3319
  # to retrieve the next items in a list and not for other programmatic
@@ -2858,24 +3351,94 @@ module Aws::EKS
2858
3351
  req.send_request(options)
2859
3352
  end
2860
3353
 
3354
+ # Lists the access policies associated with an access entry.
3355
+ #
3356
+ # @option params [required, String] :cluster_name
3357
+ # The name of your cluster.
3358
+ #
3359
+ # @option params [required, String] :principal_arn
3360
+ # The ARN of the IAM principal for the `AccessEntry`.
3361
+ #
3362
+ # @option params [Integer] :max_results
3363
+ # The maximum number of results, returned in paginated output. You
3364
+ # receive `maxResults` in a single page, along with a `nextToken`
3365
+ # response element. You can see the remaining results of the initial
3366
+ # request by sending another request with the returned `nextToken`
3367
+ # value. This value can be between 1 and 100. If you don't use this
3368
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3369
+ # returned.
3370
+ #
3371
+ # @option params [String] :next_token
3372
+ # The `nextToken` value returned from a previous paginated request,
3373
+ # where `maxResults` was used and the results exceeded the value of that
3374
+ # parameter. Pagination continues from the end of the previous results
3375
+ # that returned the `nextToken` value. This value is null when there are
3376
+ # no more results to return.
3377
+ #
3378
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3379
+ # to retrieve the next items in a list and not for other programmatic
3380
+ # purposes.
3381
+ #
3382
+ # </note>
3383
+ #
3384
+ # @return [Types::ListAssociatedAccessPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3385
+ #
3386
+ # * {Types::ListAssociatedAccessPoliciesResponse#cluster_name #cluster_name} => String
3387
+ # * {Types::ListAssociatedAccessPoliciesResponse#principal_arn #principal_arn} => String
3388
+ # * {Types::ListAssociatedAccessPoliciesResponse#next_token #next_token} => String
3389
+ # * {Types::ListAssociatedAccessPoliciesResponse#associated_access_policies #associated_access_policies} => Array&lt;Types::AssociatedAccessPolicy&gt;
3390
+ #
3391
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
3392
+ #
3393
+ # @example Request syntax with placeholder values
3394
+ #
3395
+ # resp = client.list_associated_access_policies({
3396
+ # cluster_name: "String", # required
3397
+ # principal_arn: "String", # required
3398
+ # max_results: 1,
3399
+ # next_token: "String",
3400
+ # })
3401
+ #
3402
+ # @example Response structure
3403
+ #
3404
+ # resp.cluster_name #=> String
3405
+ # resp.principal_arn #=> String
3406
+ # resp.next_token #=> String
3407
+ # resp.associated_access_policies #=> Array
3408
+ # resp.associated_access_policies[0].policy_arn #=> String
3409
+ # resp.associated_access_policies[0].access_scope.type #=> String, one of "cluster", "namespace"
3410
+ # resp.associated_access_policies[0].access_scope.namespaces #=> Array
3411
+ # resp.associated_access_policies[0].access_scope.namespaces[0] #=> String
3412
+ # resp.associated_access_policies[0].associated_at #=> Time
3413
+ # resp.associated_access_policies[0].modified_at #=> Time
3414
+ #
3415
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAssociatedAccessPolicies AWS API Documentation
3416
+ #
3417
+ # @overload list_associated_access_policies(params = {})
3418
+ # @param [Hash] params ({})
3419
+ def list_associated_access_policies(params = {}, options = {})
3420
+ req = build_request(:list_associated_access_policies, params)
3421
+ req.send_request(options)
3422
+ end
3423
+
2861
3424
  # Lists the Amazon EKS clusters in your Amazon Web Services account in
2862
- # the specified Region.
3425
+ # the specified Amazon Web Services Region.
2863
3426
  #
2864
3427
  # @option params [Integer] :max_results
2865
- # The maximum number of cluster results returned by `ListClusters` in
2866
- # paginated output. When you use this parameter, `ListClusters` returns
2867
- # only `maxResults` results in a single page along with a `nextToken`
3428
+ # The maximum number of results, returned in paginated output. You
3429
+ # receive `maxResults` in a single page, along with a `nextToken`
2868
3430
  # response element. You can see the remaining results of the initial
2869
- # request by sending another `ListClusters` request with the returned
2870
- # `nextToken` value. This value can be between 1 and 100. If you don't
2871
- # use this parameter, `ListClusters` returns up to 100 results and a
2872
- # `nextToken` value if applicable.
3431
+ # request by sending another request with the returned `nextToken`
3432
+ # value. This value can be between 1 and 100. If you don't use this
3433
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3434
+ # returned.
2873
3435
  #
2874
3436
  # @option params [String] :next_token
2875
- # The `nextToken` value returned from a previous paginated
2876
- # `ListClusters` request where `maxResults` was used and the results
2877
- # exceeded the value of that parameter. Pagination continues from the
2878
- # end of the previous results that returned the `nextToken` value.
3437
+ # The `nextToken` value returned from a previous paginated request,
3438
+ # where `maxResults` was used and the results exceeded the value of that
3439
+ # parameter. Pagination continues from the end of the previous results
3440
+ # that returned the `nextToken` value. This value is null when there are
3441
+ # no more results to return.
2879
3442
  #
2880
3443
  # <note markdown="1"> This token should be treated as an opaque identifier that is used only
2881
3444
  # to retrieve the next items in a list and not for other programmatic
@@ -2885,9 +3448,14 @@ module Aws::EKS
2885
3448
  #
2886
3449
  # @option params [Array<String>] :include
2887
3450
  # Indicates whether external clusters are included in the returned list.
2888
- # Use '`all`' to return connected clusters, or blank to return only
2889
- # Amazon EKS clusters. '`all`' must be in lowercase otherwise an error
2890
- # occurs.
3451
+ # Use '`all`' to return
3452
+ # [https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html][1]connected
3453
+ # clusters, or blank to return only Amazon EKS clusters. '`all`' must
3454
+ # be in lowercase otherwise an error occurs.
3455
+ #
3456
+ #
3457
+ #
3458
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html
2891
3459
  #
2892
3460
  # @return [Types::ListClustersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2893
3461
  #
@@ -3003,29 +3571,33 @@ module Aws::EKS
3003
3571
  end
3004
3572
 
3005
3573
  # Lists the Fargate profiles associated with the specified cluster in
3006
- # your Amazon Web Services account in the specified Region.
3574
+ # your Amazon Web Services account in the specified Amazon Web Services
3575
+ # Region.
3007
3576
  #
3008
3577
  # @option params [required, String] :cluster_name
3009
- # The name of the Amazon EKS cluster that you would like to list Fargate
3010
- # profiles in.
3578
+ # The name of your cluster.
3011
3579
  #
3012
3580
  # @option params [Integer] :max_results
3013
- # The maximum number of Fargate profile results returned by
3014
- # `ListFargateProfiles` in paginated output. When you use this
3015
- # parameter, `ListFargateProfiles` returns only `maxResults` results in
3016
- # a single page along with a `nextToken` response element. You can see
3017
- # the remaining results of the initial request by sending another
3018
- # `ListFargateProfiles` request with the returned `nextToken` value.
3019
- # This value can be between 1 and 100. If you don't use this parameter,
3020
- # `ListFargateProfiles` returns up to 100 results and a `nextToken`
3021
- # value if applicable.
3581
+ # The maximum number of results, returned in paginated output. You
3582
+ # receive `maxResults` in a single page, along with a `nextToken`
3583
+ # response element. You can see the remaining results of the initial
3584
+ # request by sending another request with the returned `nextToken`
3585
+ # value. This value can be between 1 and 100. If you don't use this
3586
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3587
+ # returned.
3022
3588
  #
3023
3589
  # @option params [String] :next_token
3024
- # The `nextToken` value returned from a previous paginated
3025
- # `ListFargateProfiles` request where `maxResults` was used and the
3026
- # results exceeded the value of that parameter. Pagination continues
3027
- # from the end of the previous results that returned the `nextToken`
3028
- # value.
3590
+ # The `nextToken` value returned from a previous paginated request,
3591
+ # where `maxResults` was used and the results exceeded the value of that
3592
+ # parameter. Pagination continues from the end of the previous results
3593
+ # that returned the `nextToken` value. This value is null when there are
3594
+ # no more results to return.
3595
+ #
3596
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3597
+ # to retrieve the next items in a list and not for other programmatic
3598
+ # purposes.
3599
+ #
3600
+ # </note>
3029
3601
  #
3030
3602
  # @return [Types::ListFargateProfilesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3031
3603
  #
@@ -3057,29 +3629,32 @@ module Aws::EKS
3057
3629
  req.send_request(options)
3058
3630
  end
3059
3631
 
3060
- # A list of identity provider configurations.
3632
+ # Lists the identity provider configurations for your cluster.
3061
3633
  #
3062
3634
  # @option params [required, String] :cluster_name
3063
- # The cluster name that you want to list identity provider
3064
- # configurations for.
3635
+ # The name of your cluster.
3065
3636
  #
3066
3637
  # @option params [Integer] :max_results
3067
- # The maximum number of identity provider configurations returned by
3068
- # `ListIdentityProviderConfigs` in paginated output. When you use this
3069
- # parameter, `ListIdentityProviderConfigs` returns only `maxResults`
3070
- # results in a single page along with a `nextToken` response element.
3071
- # You can see the remaining results of the initial request by sending
3072
- # another `ListIdentityProviderConfigs` request with the returned
3073
- # `nextToken` value. This value can be between 1 and 100. If you don't
3074
- # use this parameter, `ListIdentityProviderConfigs` returns up to 100
3075
- # results and a `nextToken` value, if applicable.
3638
+ # The maximum number of results, returned in paginated output. You
3639
+ # receive `maxResults` in a single page, along with a `nextToken`
3640
+ # response element. You can see the remaining results of the initial
3641
+ # request by sending another request with the returned `nextToken`
3642
+ # value. This value can be between 1 and 100. If you don't use this
3643
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3644
+ # returned.
3076
3645
  #
3077
3646
  # @option params [String] :next_token
3078
- # The `nextToken` value returned from a previous paginated
3079
- # `IdentityProviderConfigsRequest` where `maxResults` was used and the
3080
- # results exceeded the value of that parameter. Pagination continues
3081
- # from the end of the previous results that returned the `nextToken`
3082
- # value.
3647
+ # The `nextToken` value returned from a previous paginated request,
3648
+ # where `maxResults` was used and the results exceeded the value of that
3649
+ # parameter. Pagination continues from the end of the previous results
3650
+ # that returned the `nextToken` value. This value is null when there are
3651
+ # no more results to return.
3652
+ #
3653
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3654
+ # to retrieve the next items in a list and not for other programmatic
3655
+ # purposes.
3656
+ #
3657
+ # </note>
3083
3658
  #
3084
3659
  # @return [Types::ListIdentityProviderConfigsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3085
3660
  #
@@ -3112,29 +3687,106 @@ module Aws::EKS
3112
3687
  req.send_request(options)
3113
3688
  end
3114
3689
 
3115
- # Lists the Amazon EKS managed node groups associated with the specified
3116
- # cluster in your Amazon Web Services account in the specified Region.
3117
- # Self-managed node groups are not listed.
3690
+ # Returns a list of all insights checked for against the specified
3691
+ # cluster. You can filter which insights are returned by category,
3692
+ # associated Kubernetes version, and status.
3118
3693
  #
3119
3694
  # @option params [required, String] :cluster_name
3120
- # The name of the Amazon EKS cluster that you would like to list node
3121
- # groups in.
3695
+ # The name of the Amazon EKS cluster associated with the insights.
3696
+ #
3697
+ # @option params [Types::InsightsFilter] :filter
3698
+ # The criteria to filter your list of insights for your cluster. You can
3699
+ # filter which insights are returned by category, associated Kubernetes
3700
+ # version, and status.
3122
3701
  #
3123
3702
  # @option params [Integer] :max_results
3124
- # The maximum number of node group results returned by `ListNodegroups`
3125
- # in paginated output. When you use this parameter, `ListNodegroups`
3126
- # returns only `maxResults` results in a single page along with a
3127
- # `nextToken` response element. You can see the remaining results of the
3128
- # initial request by sending another `ListNodegroups` request with the
3129
- # returned `nextToken` value. This value can be between 1 and 100. If
3130
- # you don't use this parameter, `ListNodegroups` returns up to 100
3131
- # results and a `nextToken` value if applicable.
3703
+ # The maximum number of identity provider configurations returned by
3704
+ # `ListInsights` in paginated output. When you use this parameter,
3705
+ # `ListInsights` returns only `maxResults` results in a single page
3706
+ # along with a `nextToken` response element. You can see the remaining
3707
+ # results of the initial request by sending another `ListInsights`
3708
+ # request with the returned `nextToken` value. This value can be between
3709
+ # 1 and 100. If you don't use this parameter, `ListInsights` returns up
3710
+ # to 100 results and a `nextToken` value, if applicable.
3132
3711
  #
3133
3712
  # @option params [String] :next_token
3134
3713
  # The `nextToken` value returned from a previous paginated
3135
- # `ListNodegroups` request where `maxResults` was used and the results
3136
- # exceeded the value of that parameter. Pagination continues from the
3137
- # end of the previous results that returned the `nextToken` value.
3714
+ # `ListInsights` request. When the results of a `ListInsights` request
3715
+ # exceed `maxResults`, you can use this value to retrieve the next page
3716
+ # of results. This value is `null` when there are no more results to
3717
+ # return.
3718
+ #
3719
+ # @return [Types::ListInsightsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3720
+ #
3721
+ # * {Types::ListInsightsResponse#insights #insights} => Array&lt;Types::InsightSummary&gt;
3722
+ # * {Types::ListInsightsResponse#next_token #next_token} => String
3723
+ #
3724
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
3725
+ #
3726
+ # @example Request syntax with placeholder values
3727
+ #
3728
+ # resp = client.list_insights({
3729
+ # cluster_name: "String", # required
3730
+ # filter: {
3731
+ # categories: ["UPGRADE_READINESS"], # accepts UPGRADE_READINESS
3732
+ # kubernetes_versions: ["String"],
3733
+ # statuses: ["PASSING"], # accepts PASSING, WARNING, ERROR, UNKNOWN
3734
+ # },
3735
+ # max_results: 1,
3736
+ # next_token: "String",
3737
+ # })
3738
+ #
3739
+ # @example Response structure
3740
+ #
3741
+ # resp.insights #=> Array
3742
+ # resp.insights[0].id #=> String
3743
+ # resp.insights[0].name #=> String
3744
+ # resp.insights[0].category #=> String, one of "UPGRADE_READINESS"
3745
+ # resp.insights[0].kubernetes_version #=> String
3746
+ # resp.insights[0].last_refresh_time #=> Time
3747
+ # resp.insights[0].last_transition_time #=> Time
3748
+ # resp.insights[0].description #=> String
3749
+ # resp.insights[0].insight_status.status #=> String, one of "PASSING", "WARNING", "ERROR", "UNKNOWN"
3750
+ # resp.insights[0].insight_status.reason #=> String
3751
+ # resp.next_token #=> String
3752
+ #
3753
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListInsights AWS API Documentation
3754
+ #
3755
+ # @overload list_insights(params = {})
3756
+ # @param [Hash] params ({})
3757
+ def list_insights(params = {}, options = {})
3758
+ req = build_request(:list_insights, params)
3759
+ req.send_request(options)
3760
+ end
3761
+
3762
+ # Lists the managed node groups associated with the specified cluster in
3763
+ # your Amazon Web Services account in the specified Amazon Web Services
3764
+ # Region. Self-managed node groups aren't listed.
3765
+ #
3766
+ # @option params [required, String] :cluster_name
3767
+ # The name of your cluster.
3768
+ #
3769
+ # @option params [Integer] :max_results
3770
+ # The maximum number of results, returned in paginated output. You
3771
+ # receive `maxResults` in a single page, along with a `nextToken`
3772
+ # response element. You can see the remaining results of the initial
3773
+ # request by sending another request with the returned `nextToken`
3774
+ # value. This value can be between 1 and 100. If you don't use this
3775
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3776
+ # returned.
3777
+ #
3778
+ # @option params [String] :next_token
3779
+ # The `nextToken` value returned from a previous paginated request,
3780
+ # where `maxResults` was used and the results exceeded the value of that
3781
+ # parameter. Pagination continues from the end of the previous results
3782
+ # that returned the `nextToken` value. This value is null when there are
3783
+ # no more results to return.
3784
+ #
3785
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3786
+ # to retrieve the next items in a list and not for other programmatic
3787
+ # purposes.
3788
+ #
3789
+ # </note>
3138
3790
  #
3139
3791
  # @return [Types::ListNodegroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3140
3792
  #
@@ -3242,9 +3894,8 @@ module Aws::EKS
3242
3894
  # List the tags for an Amazon EKS resource.
3243
3895
  #
3244
3896
  # @option params [required, String] :resource_arn
3245
- # The Amazon Resource Name (ARN) that identifies the resource for which
3246
- # to list the tags. Currently, the supported resources are Amazon EKS
3247
- # clusters and managed node groups.
3897
+ # The Amazon Resource Name (ARN) that identifies the resource to list
3898
+ # tags for.
3248
3899
  #
3249
3900
  # @return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3250
3901
  #
@@ -3286,8 +3937,8 @@ module Aws::EKS
3286
3937
  req.send_request(options)
3287
3938
  end
3288
3939
 
3289
- # Lists the updates associated with an Amazon EKS cluster or managed
3290
- # node group in your Amazon Web Services account, in the specified
3940
+ # Lists the updates associated with an Amazon EKS resource in your
3941
+ # Amazon Web Services account, in the specified Amazon Web Services
3291
3942
  # Region.
3292
3943
  #
3293
3944
  # @option params [required, String] :name
@@ -3300,20 +3951,26 @@ module Aws::EKS
3300
3951
  # The names of the installed add-ons that have available updates.
3301
3952
  #
3302
3953
  # @option params [String] :next_token
3303
- # The `nextToken` value returned from a previous paginated `ListUpdates`
3304
- # request where `maxResults` was used and the results exceeded the value
3305
- # of that parameter. Pagination continues from the end of the previous
3306
- # results that returned the `nextToken` value.
3954
+ # The `nextToken` value returned from a previous paginated request,
3955
+ # where `maxResults` was used and the results exceeded the value of that
3956
+ # parameter. Pagination continues from the end of the previous results
3957
+ # that returned the `nextToken` value. This value is null when there are
3958
+ # no more results to return.
3959
+ #
3960
+ # <note markdown="1"> This token should be treated as an opaque identifier that is used only
3961
+ # to retrieve the next items in a list and not for other programmatic
3962
+ # purposes.
3963
+ #
3964
+ # </note>
3307
3965
  #
3308
3966
  # @option params [Integer] :max_results
3309
- # The maximum number of update results returned by `ListUpdates` in
3310
- # paginated output. When you use this parameter, `ListUpdates` returns
3311
- # only `maxResults` results in a single page along with a `nextToken`
3967
+ # The maximum number of results, returned in paginated output. You
3968
+ # receive `maxResults` in a single page, along with a `nextToken`
3312
3969
  # response element. You can see the remaining results of the initial
3313
- # request by sending another `ListUpdates` request with the returned
3314
- # `nextToken` value. This value can be between 1 and 100. If you don't
3315
- # use this parameter, `ListUpdates` returns up to 100 results and a
3316
- # `nextToken` value if applicable.
3970
+ # request by sending another request with the returned `nextToken`
3971
+ # value. This value can be between 1 and 100. If you don't use this
3972
+ # parameter, 100 results and a `nextToken` value, if applicable, are
3973
+ # returned.
3317
3974
  #
3318
3975
  # @return [Types::ListUpdatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3319
3976
  #
@@ -3359,34 +4016,33 @@ module Aws::EKS
3359
4016
  # `activationCode` must be applied to the Kubernetes cluster through
3360
4017
  # it's native provider to provide visibility.
3361
4018
  #
3362
- # After the Manifest is updated and applied, then the connected cluster
3363
- # is visible to the Amazon EKS control plane. If the Manifest is not
3364
- # applied within three days, then the connected cluster will no longer
3365
- # be visible and must be deregistered. See DeregisterCluster.
4019
+ # After the manifest is updated and applied, the connected cluster is
4020
+ # visible to the Amazon EKS control plane. If the manifest isn't
4021
+ # applied within three days, the connected cluster will no longer be
4022
+ # visible and must be deregistered using `DeregisterCluster`.
3366
4023
  #
3367
4024
  #
3368
4025
  #
3369
4026
  # [1]: https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml
3370
4027
  #
3371
4028
  # @option params [required, String] :name
3372
- # Define a unique name for this cluster for your Region.
4029
+ # A unique name for this cluster in your Amazon Web Services Region.
3373
4030
  #
3374
4031
  # @option params [required, Types::ConnectorConfigRequest] :connector_config
3375
4032
  # The configuration settings required to connect the Kubernetes cluster
3376
4033
  # to the Amazon EKS control plane.
3377
4034
  #
3378
4035
  # @option params [String] :client_request_token
3379
- # Unique, case-sensitive identifier that you provide to ensure the
4036
+ # A unique, case-sensitive identifier that you provide to ensure the
3380
4037
  # idempotency of the request.
3381
4038
  #
3382
4039
  # **A suitable default value is auto-generated.** You should normally
3383
4040
  # not need to pass this option.**
3384
4041
  #
3385
4042
  # @option params [Hash<String,String>] :tags
3386
- # The metadata that you apply to the cluster to assist with
3387
- # categorization and organization. Each tag consists of a key and an
3388
- # optional value, both of which you define. Cluster tags do not
3389
- # propagate to any other resources associated with the cluster.
4043
+ # Metadata that assists with categorization and organization. Each tag
4044
+ # consists of a key and an optional value. You define both. Tags don't
4045
+ # propagate to any other cluster or Amazon Web Services resources.
3390
4046
  #
3391
4047
  # @return [Types::RegisterClusterResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3392
4048
  #
@@ -3457,6 +4113,8 @@ module Aws::EKS
3457
4113
  # resp.cluster.outpost_config.outpost_arns[0] #=> String
3458
4114
  # resp.cluster.outpost_config.control_plane_instance_type #=> String
3459
4115
  # resp.cluster.outpost_config.control_plane_placement.group_name #=> String
4116
+ # resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
4117
+ # resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"
3460
4118
  #
3461
4119
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/RegisterCluster AWS API Documentation
3462
4120
  #
@@ -3467,22 +4125,23 @@ module Aws::EKS
3467
4125
  req.send_request(options)
3468
4126
  end
3469
4127
 
3470
- # Associates the specified tags to a resource with the specified
3471
- # `resourceArn`. If existing tags on a resource are not specified in the
3472
- # request parameters, they are not changed. When a resource is deleted,
3473
- # the tags associated with that resource are deleted as well. Tags that
3474
- # you create for Amazon EKS resources do not propagate to any other
3475
- # resources associated with the cluster. For example, if you tag a
3476
- # cluster with this operation, that tag does not automatically propagate
3477
- # to the subnets and nodes associated with the cluster.
4128
+ # Associates the specified tags to an Amazon EKS resource with the
4129
+ # specified `resourceArn`. If existing tags on a resource are not
4130
+ # specified in the request parameters, they aren't changed. When a
4131
+ # resource is deleted, the tags associated with that resource are also
4132
+ # deleted. Tags that you create for Amazon EKS resources don't
4133
+ # propagate to any other resources associated with the cluster. For
4134
+ # example, if you tag a cluster with this operation, that tag doesn't
4135
+ # automatically propagate to the subnets and nodes associated with the
4136
+ # cluster.
3478
4137
  #
3479
4138
  # @option params [required, String] :resource_arn
3480
- # The Amazon Resource Name (ARN) of the resource to which to add tags.
3481
- # Currently, the supported resources are Amazon EKS clusters and managed
3482
- # node groups.
4139
+ # The Amazon Resource Name (ARN) of the resource to add tags to.
3483
4140
  #
3484
4141
  # @option params [required, Hash<String,String>] :tags
3485
- # The tags to add to the resource. A tag is an array of key-value pairs.
4142
+ # Metadata that assists with categorization and organization. Each tag
4143
+ # consists of a key and an optional value. You define both. Tags don't
4144
+ # propagate to any other cluster or Amazon Web Services resources.
3486
4145
  #
3487
4146
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3488
4147
  #
@@ -3504,15 +4163,13 @@ module Aws::EKS
3504
4163
  req.send_request(options)
3505
4164
  end
3506
4165
 
3507
- # Deletes specified tags from a resource.
4166
+ # Deletes specified tags from an Amazon EKS resource.
3508
4167
  #
3509
4168
  # @option params [required, String] :resource_arn
3510
- # The Amazon Resource Name (ARN) of the resource from which to delete
3511
- # tags. Currently, the supported resources are Amazon EKS clusters and
3512
- # managed node groups.
4169
+ # The Amazon Resource Name (ARN) of the resource to delete tags from.
3513
4170
  #
3514
4171
  # @option params [required, Array<String>] :tag_keys
3515
- # The keys of the tags to be removed.
4172
+ # The keys of the tags to remove.
3516
4173
  #
3517
4174
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3518
4175
  #
@@ -3532,10 +4189,98 @@ module Aws::EKS
3532
4189
  req.send_request(options)
3533
4190
  end
3534
4191
 
4192
+ # Updates an access entry.
4193
+ #
4194
+ # @option params [required, String] :cluster_name
4195
+ # The name of your cluster.
4196
+ #
4197
+ # @option params [required, String] :principal_arn
4198
+ # The ARN of the IAM principal for the `AccessEntry`.
4199
+ #
4200
+ # @option params [Array<String>] :kubernetes_groups
4201
+ # The value for `name` that you've specified for `kind: Group` as a
4202
+ # `subject` in a Kubernetes `RoleBinding` or `ClusterRoleBinding`
4203
+ # object. Amazon EKS doesn't confirm that the value for `name` exists
4204
+ # in any bindings on your cluster. You can specify one or more names.
4205
+ #
4206
+ # Kubernetes authorizes the `principalArn` of the access entry to access
4207
+ # any cluster objects that you've specified in a Kubernetes `Role` or
4208
+ # `ClusterRole` object that is also specified in a binding's `roleRef`.
4209
+ # For more information about creating Kubernetes `RoleBinding`,
4210
+ # `ClusterRoleBinding`, `Role`, or `ClusterRole` objects, see [Using
4211
+ # RBAC Authorization in the Kubernetes documentation][1].
4212
+ #
4213
+ # If you want Amazon EKS to authorize the `principalArn` (instead of, or
4214
+ # in addition to Kubernetes authorizing the `principalArn`), you can
4215
+ # associate one or more access policies to the access entry using
4216
+ # `AssociateAccessPolicy`. If you associate any access policies, the
4217
+ # `principalARN` has all permissions assigned in the associated access
4218
+ # policies and all permissions in any Kubernetes `Role` or `ClusterRole`
4219
+ # objects that the group names are bound to.
4220
+ #
4221
+ #
4222
+ #
4223
+ # [1]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
4224
+ #
4225
+ # @option params [String] :client_request_token
4226
+ # A unique, case-sensitive identifier that you provide to ensure the
4227
+ # idempotency of the request.
4228
+ #
4229
+ # **A suitable default value is auto-generated.** You should normally
4230
+ # not need to pass this option.**
4231
+ #
4232
+ # @option params [String] :username
4233
+ # The username to authenticate to Kubernetes with. We recommend not
4234
+ # specifying a username and letting Amazon EKS specify it for you. For
4235
+ # more information about the value Amazon EKS specifies for you, or
4236
+ # constraints before specifying your own username, see [Creating access
4237
+ # entries][1] in the *Amazon EKS User Guide*.
4238
+ #
4239
+ #
4240
+ #
4241
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries
4242
+ #
4243
+ # @return [Types::UpdateAccessEntryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4244
+ #
4245
+ # * {Types::UpdateAccessEntryResponse#access_entry #access_entry} => Types::AccessEntry
4246
+ #
4247
+ # @example Request syntax with placeholder values
4248
+ #
4249
+ # resp = client.update_access_entry({
4250
+ # cluster_name: "String", # required
4251
+ # principal_arn: "String", # required
4252
+ # kubernetes_groups: ["String"],
4253
+ # client_request_token: "String",
4254
+ # username: "String",
4255
+ # })
4256
+ #
4257
+ # @example Response structure
4258
+ #
4259
+ # resp.access_entry.cluster_name #=> String
4260
+ # resp.access_entry.principal_arn #=> String
4261
+ # resp.access_entry.kubernetes_groups #=> Array
4262
+ # resp.access_entry.kubernetes_groups[0] #=> String
4263
+ # resp.access_entry.access_entry_arn #=> String
4264
+ # resp.access_entry.created_at #=> Time
4265
+ # resp.access_entry.modified_at #=> Time
4266
+ # resp.access_entry.tags #=> Hash
4267
+ # resp.access_entry.tags["TagKey"] #=> String
4268
+ # resp.access_entry.username #=> String
4269
+ # resp.access_entry.type #=> String
4270
+ #
4271
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAccessEntry AWS API Documentation
4272
+ #
4273
+ # @overload update_access_entry(params = {})
4274
+ # @param [Hash] params ({})
4275
+ def update_access_entry(params = {}, options = {})
4276
+ req = build_request(:update_access_entry, params)
4277
+ req.send_request(options)
4278
+ end
4279
+
3535
4280
  # Updates an Amazon EKS add-on.
3536
4281
  #
3537
4282
  # @option params [required, String] :cluster_name
3538
- # The name of the cluster.
4283
+ # The name of your cluster.
3539
4284
  #
3540
4285
  # @option params [required, String] :addon_name
3541
4286
  # The name of the add-on. The name must match one of the names returned
@@ -3590,7 +4335,7 @@ module Aws::EKS
3590
4335
  # cluster.
3591
4336
  #
3592
4337
  # @option params [String] :client_request_token
3593
- # Unique, case-sensitive identifier that you provide to ensure the
4338
+ # A unique, case-sensitive identifier that you provide to ensure the
3594
4339
  # idempotency of the request.
3595
4340
  #
3596
4341
  # **A suitable default value is auto-generated.** You should normally
@@ -3598,12 +4343,8 @@ module Aws::EKS
3598
4343
  #
3599
4344
  # @option params [String] :configuration_values
3600
4345
  # The set of configuration values for the add-on that's created. The
3601
- # values that you provide are validated against the schema in
3602
- # [DescribeAddonConfiguration][1].
3603
- #
3604
- #
3605
- #
3606
- # [1]: https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html
4346
+ # values that you provide are validated against the schema returned by
4347
+ # `DescribeAddonConfiguration`.
3607
4348
  #
3608
4349
  # @return [Types::UpdateAddonResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3609
4350
  #
@@ -3625,9 +4366,9 @@ module Aws::EKS
3625
4366
  #
3626
4367
  # resp.update.id #=> String
3627
4368
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
3628
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
4369
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
3629
4370
  # resp.update.params #=> Array
3630
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
4371
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
3631
4372
  # resp.update.params[0].value #=> String
3632
4373
  # resp.update.created_at #=> Time
3633
4374
  # resp.update.errors #=> Array
@@ -3647,14 +4388,14 @@ module Aws::EKS
3647
4388
 
3648
4389
  # Updates an Amazon EKS cluster configuration. Your cluster continues to
3649
4390
  # function during the update. The response output includes an update ID
3650
- # that you can use to track the status of your cluster update with the
3651
- # DescribeUpdate API operation.
4391
+ # that you can use to track the status of your cluster update with
4392
+ # `DescribeUpdate`"/&gt;.
3652
4393
  #
3653
4394
  # You can use this API operation to enable or disable exporting the
3654
4395
  # Kubernetes control plane logs for your cluster to CloudWatch Logs. By
3655
4396
  # default, cluster control plane logs aren't exported to CloudWatch
3656
- # Logs. For more information, see [Amazon EKS Cluster Control Plane
3657
- # Logs][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
4397
+ # Logs. For more information, see [Amazon EKS Cluster control plane
4398
+ # logs][1] in the <i> <i>Amazon EKS User Guide</i> </i>.
3658
4399
  #
3659
4400
  # <note markdown="1"> CloudWatch Logs ingestion, archive storage, and data scanning rates
3660
4401
  # apply to exported control plane logs. For more information, see
@@ -3716,12 +4457,15 @@ module Aws::EKS
3716
4457
  # [2]: http://aws.amazon.com/cloudwatch/pricing/
3717
4458
  #
3718
4459
  # @option params [String] :client_request_token
3719
- # Unique, case-sensitive identifier that you provide to ensure the
4460
+ # A unique, case-sensitive identifier that you provide to ensure the
3720
4461
  # idempotency of the request.
3721
4462
  #
3722
4463
  # **A suitable default value is auto-generated.** You should normally
3723
4464
  # not need to pass this option.**
3724
4465
  #
4466
+ # @option params [Types::UpdateAccessConfigRequest] :access_config
4467
+ # The access configuration for the cluster.
4468
+ #
3725
4469
  # @return [Types::UpdateClusterConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3726
4470
  #
3727
4471
  # * {Types::UpdateClusterConfigResponse#update #update} => Types::Update
@@ -3746,15 +4490,18 @@ module Aws::EKS
3746
4490
  # ],
3747
4491
  # },
3748
4492
  # client_request_token: "String",
4493
+ # access_config: {
4494
+ # authentication_mode: "API", # accepts API, API_AND_CONFIG_MAP, CONFIG_MAP
4495
+ # },
3749
4496
  # })
3750
4497
  #
3751
4498
  # @example Response structure
3752
4499
  #
3753
4500
  # resp.update.id #=> String
3754
4501
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
3755
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
4502
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
3756
4503
  # resp.update.params #=> Array
3757
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
4504
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
3758
4505
  # resp.update.params[0].value #=> String
3759
4506
  # resp.update.created_at #=> Time
3760
4507
  # resp.update.errors #=> Array
@@ -3794,7 +4541,7 @@ module Aws::EKS
3794
4541
  # The desired Kubernetes version following a successful update.
3795
4542
  #
3796
4543
  # @option params [String] :client_request_token
3797
- # Unique, case-sensitive identifier that you provide to ensure the
4544
+ # A unique, case-sensitive identifier that you provide to ensure the
3798
4545
  # idempotency of the request.
3799
4546
  #
3800
4547
  # **A suitable default value is auto-generated.** You should normally
@@ -3816,9 +4563,9 @@ module Aws::EKS
3816
4563
  #
3817
4564
  # resp.update.id #=> String
3818
4565
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
3819
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
4566
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
3820
4567
  # resp.update.params #=> Array
3821
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
4568
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
3822
4569
  # resp.update.params[0].value #=> String
3823
4570
  # resp.update.created_at #=> Time
3824
4571
  # resp.update.errors #=> Array
@@ -3900,15 +4647,14 @@ module Aws::EKS
3900
4647
  # configuration.
3901
4648
  #
3902
4649
  # @option params [required, String] :cluster_name
3903
- # The name of the Amazon EKS cluster that the managed node group resides
3904
- # in.
4650
+ # The name of your cluster.
3905
4651
  #
3906
4652
  # @option params [required, String] :nodegroup_name
3907
4653
  # The name of the managed node group to update.
3908
4654
  #
3909
4655
  # @option params [Types::UpdateLabelsPayload] :labels
3910
- # The Kubernetes labels to be applied to the nodes in the node group
3911
- # after the update.
4656
+ # The Kubernetes `labels` to apply to the nodes in the node group after
4657
+ # the update.
3912
4658
  #
3913
4659
  # @option params [Types::UpdateTaintsPayload] :taints
3914
4660
  # The Kubernetes taints to be applied to the nodes in the node group
@@ -3927,7 +4673,7 @@ module Aws::EKS
3927
4673
  # The node group update configuration.
3928
4674
  #
3929
4675
  # @option params [String] :client_request_token
3930
- # Unique, case-sensitive identifier that you provide to ensure the
4676
+ # A unique, case-sensitive identifier that you provide to ensure the
3931
4677
  # idempotency of the request.
3932
4678
  #
3933
4679
  # **A suitable default value is auto-generated.** You should normally
@@ -3980,9 +4726,9 @@ module Aws::EKS
3980
4726
  #
3981
4727
  # resp.update.id #=> String
3982
4728
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
3983
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
4729
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
3984
4730
  # resp.update.params #=> Array
3985
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
4731
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
3986
4732
  # resp.update.params[0].value #=> String
3987
4733
  # resp.update.created_at #=> Time
3988
4734
  # resp.update.errors #=> Array
@@ -4024,10 +4770,10 @@ module Aws::EKS
4024
4770
  # AMI version.
4025
4771
  #
4026
4772
  # When a node in a managed node group is terminated due to a scaling
4027
- # action or update, the pods in that node are drained first. Amazon EKS
4028
- # attempts to drain the nodes gracefully and will fail if it is unable
4029
- # to do so. You can `force` the update if Amazon EKS is unable to drain
4030
- # the nodes as a result of a pod disruption budget issue.
4773
+ # action or update, every `Pod` on that node is drained first. Amazon
4774
+ # EKS attempts to drain the nodes gracefully and will fail if it is
4775
+ # unable to do so. You can `force` the update if Amazon EKS is unable to
4776
+ # drain the nodes as a result of a `Pod` disruption budget issue.
4031
4777
  #
4032
4778
  #
4033
4779
  #
@@ -4035,8 +4781,7 @@ module Aws::EKS
4035
4781
  # [2]: https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-versions-windows.html
4036
4782
  #
4037
4783
  # @option params [required, String] :cluster_name
4038
- # The name of the Amazon EKS cluster that is associated with the managed
4039
- # node group to update.
4784
+ # The name of your cluster.
4040
4785
  #
4041
4786
  # @option params [required, String] :nodegroup_name
4042
4787
  # The name of the managed node group to update.
@@ -4083,14 +4828,14 @@ module Aws::EKS
4083
4828
  # group was originally deployed with a launch template.
4084
4829
  #
4085
4830
  # @option params [Boolean] :force
4086
- # Force the update if the existing node group's pods are unable to be
4087
- # drained due to a pod disruption budget issue. If an update fails
4088
- # because pods could not be drained, you can force the update after it
4089
- # fails to terminate the old node whether or not any pods are running on
4831
+ # Force the update if any `Pod` on the existing node group can't be
4832
+ # drained due to a `Pod` disruption budget issue. If an update fails
4833
+ # because all Pods can't be drained, you can force the update after it
4834
+ # fails to terminate the old node whether or not any `Pod` is running on
4090
4835
  # the node.
4091
4836
  #
4092
4837
  # @option params [String] :client_request_token
4093
- # Unique, case-sensitive identifier that you provide to ensure the
4838
+ # A unique, case-sensitive identifier that you provide to ensure the
4094
4839
  # idempotency of the request.
4095
4840
  #
4096
4841
  # **A suitable default value is auto-generated.** You should normally
@@ -4120,9 +4865,9 @@ module Aws::EKS
4120
4865
  #
4121
4866
  # resp.update.id #=> String
4122
4867
  # resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
4123
- # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate"
4868
+ # resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
4124
4869
  # resp.update.params #=> Array
4125
- # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets"
4870
+ # resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
4126
4871
  # resp.update.params[0].value #=> String
4127
4872
  # resp.update.created_at #=> Time
4128
4873
  # resp.update.errors #=> Array
@@ -4143,7 +4888,7 @@ module Aws::EKS
4143
4888
  # Updates a EKS Pod Identity association. Only the IAM role can be
4144
4889
  # changed; an association can't be moved between clusters, namespaces,
4145
4890
  # or service accounts. If you need to edit the namespace or service
4146
- # account, you need to remove the association and then create a new
4891
+ # account, you need to delete the association and then create a new
4147
4892
  # association with your desired settings.
4148
4893
  #
4149
4894
  # @option params [required, String] :cluster_name
@@ -4156,7 +4901,7 @@ module Aws::EKS
4156
4901
  # The new IAM role to change the
4157
4902
  #
4158
4903
  # @option params [String] :client_request_token
4159
- # Unique, case-sensitive identifier that you provide to ensure the
4904
+ # A unique, case-sensitive identifier that you provide to ensure the
4160
4905
  # idempotency of the request.
4161
4906
  #
4162
4907
  # **A suitable default value is auto-generated.** You should normally
@@ -4210,7 +4955,7 @@ module Aws::EKS
4210
4955
  params: params,
4211
4956
  config: config)
4212
4957
  context[:gem_name] = 'aws-sdk-eks'
4213
- context[:gem_version] = '1.95.0'
4958
+ context[:gem_version] = '1.97.0'
4214
4959
  Seahorse::Client::Request.new(handlers, context)
4215
4960
  end
4216
4961