pulumi-eks 4.3.0a1768463252__py3-none-any.whl

pulumi_eks/cluster.py

@@ -0,0 +1,1879 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-gen-eks. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from . import _utilities
+from . import outputs
+from ._enums import *
+from ._inputs import *
+from .vpc_cni_addon import VpcCniAddon
+import pulumi_aws
+import pulumi_kubernetes
+
+__all__ = ['ClusterArgs', 'Cluster']
+
+@pulumi.input_type
+class ClusterArgs:
+    def __init__(__self__, *,
+                 access_entries: Optional[Mapping[str, 'AccessEntryArgs']] = None,
+                 authentication_mode: Optional['AuthenticationMode'] = None,
+                 auto_mode: Optional['AutoModeOptionsArgs'] = None,
+                 bootstrap_self_managed_addons: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cluster_security_group: Optional[pulumi.Input['pulumi_aws.ec2.SecurityGroup']] = None,
+                 cluster_security_group_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 cluster_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 coredns_addon_options: Optional['CoreDnsAddonOptionsArgs'] = None,
+                 create_instance_role: Optional[_builtins.bool] = None,
+                 create_oidc_provider: Optional[pulumi.Input[_builtins.bool]] = None,
+                 creation_role_provider: Optional['CreationRoleProviderArgs'] = None,
+                 deletion_protection: Optional[pulumi.Input[_builtins.bool]] = None,
+                 desired_capacity: Optional[pulumi.Input[_builtins.int]] = None,
+                 enable_config_map_mutable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enabled_cluster_log_types: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 encryption_config_key_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 endpoint_private_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 endpoint_public_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 fargate: Optional[pulumi.Input[Union[_builtins.bool, 'FargateProfileArgs']]] = None,
+                 gpu: Optional[pulumi.Input[_builtins.bool]] = None,
+                 instance_profile_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 instance_role: Optional[pulumi.Input['pulumi_aws.iam.Role']] = None,
+                 instance_roles: Optional[pulumi.Input[Sequence[pulumi.Input['pulumi_aws.iam.Role']]]] = None,
+                 instance_type: Optional[pulumi.Input[_builtins.str]] = None,
+                 ip_family: Optional[pulumi.Input[_builtins.str]] = None,
+                 kube_proxy_addon_options: Optional['KubeProxyAddonOptionsArgs'] = None,
+                 kubernetes_service_ip_address_range: Optional[pulumi.Input[_builtins.str]] = None,
+                 max_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_ami_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_associate_public_ip_address: Optional[_builtins.bool] = None,
+                 node_group_options: Optional['ClusterNodeGroupOptionsArgs'] = None,
+                 node_public_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_root_volume_encrypted: Optional[pulumi.Input[_builtins.bool]] = None,
+                 node_root_volume_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 node_security_group_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 node_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 node_user_data: Optional[pulumi.Input[_builtins.str]] = None,
+                 private_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 provider_credential_opts: Optional[pulumi.Input['KubeconfigOptionsArgs']] = None,
+                 proxy: Optional[_builtins.str] = None,
+                 public_access_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 public_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 role_mappings: Optional[pulumi.Input[Sequence[pulumi.Input['RoleMappingArgs']]]] = None,
+                 service_role: Optional[pulumi.Input['pulumi_aws.iam.Role']] = None,
+                 skip_default_node_group: Optional[_builtins.bool] = None,
+                 skip_default_security_groups: Optional[_builtins.bool] = None,
+                 storage_classes: Optional[Union[_builtins.str, Mapping[str, 'StorageClassArgs']]] = None,
+                 subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 upgrade_policy: Optional[pulumi.Input['pulumi_aws.eks.ClusterUpgradePolicyArgs']] = None,
+                 use_default_vpc_cni: Optional[_builtins.bool] = None,
+                 user_mappings: Optional[pulumi.Input[Sequence[pulumi.Input['UserMappingArgs']]]] = None,
+                 version: Optional[pulumi.Input[_builtins.str]] = None,
+                 vpc_cni_options: Optional['VpcCniOptionsArgs'] = None,
+                 vpc_id: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        The set of arguments for constructing a Cluster resource.
+        :param Mapping[str, 'AccessEntryArgs'] access_entries: Access entries to add to the EKS cluster. They can be used to allow IAM principals to access the cluster. Access entries are only supported with authentication mode `API` or `API_AND_CONFIG_MAP`.
+               
+               See for more details:
+               https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
+        :param 'AuthenticationMode' authentication_mode: The authentication mode of the cluster. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP`.
+               
+               See for more details:
+               https://docs.aws.amazon.com/eks/latest/userguide/grant-k8s-access.html#set-cam
+        :param 'AutoModeOptionsArgs' auto_mode: Configuration Options for EKS Auto Mode. If EKS Auto Mode is enabled, AWS will manage cluster infrastructure on your behalf.
+               
+               For more information, see: https://docs.aws.amazon.com/eks/latest/userguide/automode.html
+        :param pulumi.Input[_builtins.bool] bootstrap_self_managed_addons: Install default unmanaged add-ons, such as `aws-cni`, `kube-proxy`, and CoreDNS during cluster creation. If `false`, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults to `true`
+        :param pulumi.Input['pulumi_aws.ec2.SecurityGroup'] cluster_security_group: The security group to use for the cluster API endpoint. If not provided, a new security group will be created with full internet egress and ingress from node groups.
+               
+               Note: The security group resource should not contain any inline ingress or egress rules.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] cluster_security_group_tags: The tags to apply to the cluster security group.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] cluster_tags: The tags to apply to the EKS cluster.
+        :param 'CoreDnsAddonOptionsArgs' coredns_addon_options: Options for managing the `coredns` addon.
+        :param _builtins.bool create_instance_role: Whether to create the instance role for the EKS cluster. Defaults to true when using the default node group, false otherwise.
+               If set to false when using the default node group, an instance role or instance profile must be provided.n
+               Note: this option has no effect if a custom instance role is provided with `instanceRole` or `instanceRoles`.
+        :param pulumi.Input[_builtins.bool] create_oidc_provider: Indicates whether an IAM OIDC Provider is created for the EKS cluster.
+               
+               The OIDC provider is used in the cluster in combination with k8s Service Account annotations to provide IAM roles at the k8s Pod level.
+               
+               See for more details:
+                - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
+                - https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
+                - https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
+                - https://www.pulumi.com/registry/packages/aws/api-docs/eks/cluster/#enabling-iam-roles-for-service-accounts
+        :param 'CreationRoleProviderArgs' creation_role_provider: The IAM Role Provider used to create & authenticate against the EKS cluster. This role is given `[system:masters]` permission in K8S, See: https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
+               
+               Note: This option is only supported with Pulumi nodejs programs. Please use `ProviderCredentialOpts` as an alternative instead.
+        :param pulumi.Input[_builtins.bool] deletion_protection: Whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled. Default: `false`.
+        :param pulumi.Input[_builtins.int] desired_capacity: The number of worker nodes that should be running in the cluster. Defaults to 2.
+        :param pulumi.Input[_builtins.bool] enable_config_map_mutable: Sets the 'enableConfigMapMutable' option on the cluster kubernetes provider.
+               
+               Applies updates to the aws-auth ConfigMap in place over a replace operation if set to true.
+               https://www.pulumi.com/registry/packages/kubernetes/api-docs/provider/#enableconfigmapmutable_nodejs
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] enabled_cluster_log_types: Enable EKS control plane logging. This sends logs to cloudwatch. Possible list of values are: ["api", "audit", "authenticator", "controllerManager", "scheduler"]. By default it is off.
+        :param pulumi.Input[_builtins.str] encryption_config_key_arn: KMS Key ARN to use with the encryption configuration for the cluster.
+               
+               Only available on Kubernetes 1.13+ clusters created after March 6, 2020.
+               See for more details:
+               - https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/
+        :param pulumi.Input[_builtins.bool] endpoint_private_access: Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is `false`.
+        :param pulumi.Input[_builtins.bool] endpoint_public_access: Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is `true`.
+        :param pulumi.Input[Union[_builtins.bool, 'FargateProfileArgs']] fargate: Add support for launching pods in Fargate. Defaults to launching pods in the `default` namespace.  If specified, the default node group is skipped as though `skipDefaultNodeGroup: true` had been passed.
+        :param pulumi.Input[_builtins.bool] gpu: Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
+               
+               Defaults to false.
+               
+               Note: `gpu` and `nodeAmiId` are mutually exclusive.
+               
+               See for more details:
+               - https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
+               - https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
+        :param pulumi.Input[_builtins.str] instance_profile_name: The default IAM InstanceProfile to use on the Worker NodeGroups, if one is not already set in the NodeGroup.
+        :param pulumi.Input['pulumi_aws.iam.Role'] instance_role: This enables the simple case of only registering a *single* IAM instance role with the cluster, that is required to be shared by *all* node groups in their instance profiles.
+               
+               Note: options `instanceRole` and `instanceRoles` are mutually exclusive.
+        :param pulumi.Input[Sequence[pulumi.Input['pulumi_aws.iam.Role']]] instance_roles: This enables the advanced case of registering *many* IAM instance roles with the cluster for per node group IAM, instead of the simpler, shared case of `instanceRole`.
+               
+               Note: options `instanceRole` and `instanceRoles` are mutually exclusive.
+        :param pulumi.Input[_builtins.str] instance_type: The instance type to use for the cluster's nodes. Defaults to "t3.medium".
+        :param pulumi.Input[_builtins.str] ip_family: The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`.
+               You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created.
+        :param 'KubeProxyAddonOptionsArgs' kube_proxy_addon_options: Options for managing the `kube-proxy` addon.
+        :param pulumi.Input[_builtins.str] kubernetes_service_ip_address_range: The CIDR block to assign Kubernetes service IP addresses from. If you don't
+               specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or
+               172.20.0.0/16 CIDR blocks. This setting only applies to IPv4 clusters. We recommend that you specify a block
+               that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify
+               a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created.
+               
+               The block must meet the following requirements:
+               - Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0.0/12, or 192.168.0.0/16.
+               - Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
+               - Between /24 and /12.
+        :param pulumi.Input[_builtins.int] max_size: The maximum number of worker nodes running in the cluster. Defaults to 2.
+        :param pulumi.Input[_builtins.int] min_size: The minimum number of worker nodes running in the cluster. Defaults to 1.
+        :param pulumi.Input[_builtins.str] name: The cluster's physical resource name.
+               
+               If not specified, the default is to use auto-naming for the cluster's name, resulting in a physical name with the format `${name}-eksCluster-0123abcd`.
+               
+               See for more details: https://www.pulumi.com/docs/intro/concepts/programming-model/#autonaming
+        :param pulumi.Input[_builtins.str] node_ami_id: The AMI ID to use for the worker nodes.
+               
+               Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
+               
+               Note: `nodeAmiId` and `gpu` are mutually exclusive.
+               
+               See for more details:
+               - https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
+        :param _builtins.bool node_associate_public_ip_address: Whether or not to auto-assign the EKS worker nodes public IP addresses. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
+        :param 'ClusterNodeGroupOptionsArgs' node_group_options: The common configuration settings for NodeGroups.
+        :param pulumi.Input[_builtins.str] node_public_key: Public key material for SSH access to worker nodes. See allowed formats at:
+               https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
+               If not provided, no SSH access is enabled on VMs.
+        :param pulumi.Input[_builtins.bool] node_root_volume_encrypted: Encrypt the root block device of the nodes in the node group.
+        :param pulumi.Input[_builtins.int] node_root_volume_size: The size in GiB of a cluster node's root volume. Defaults to 20.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] node_security_group_tags: The tags to apply to the default `nodeSecurityGroup` created by the cluster.
+               
+               Note: The `nodeSecurityGroupTags` option and the node group option `nodeSecurityGroup` are mutually exclusive.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] node_subnet_ids: The subnets to use for worker nodes. Defaults to the value of subnetIds.
+        :param pulumi.Input[_builtins.str] node_user_data: Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a `#!`).
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] private_subnet_ids: The set of private subnets to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.
+               
+               If `vpcId` is not set, the cluster will use the AWS account's default VPC subnets.
+               
+               Worker network architecture options:
+                - Private-only: Only set `privateSubnetIds`.
+                  - Default workers to run in a private subnet. In this setting, Kubernetes cannot create public, internet-facing load balancers for your pods.
+                - Public-only: Only set `publicSubnetIds`.
+                  - Default workers to run in a public subnet.
+                - Mixed (recommended): Set both `privateSubnetIds` and `publicSubnetIds`.
+                  - Default all worker nodes to run in private subnets, and use the public subnets for internet-facing load balancers.
+               
+               See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.Note: The use of `subnetIds`, along with `publicSubnetIds` and/or `privateSubnetIds` is mutually exclusive. The use of `publicSubnetIds` and `privateSubnetIds` is encouraged.
+               
+               Also consider setting `nodeAssociatePublicIpAddress: false` for fully private workers.
+        :param pulumi.Input['KubeconfigOptionsArgs'] provider_credential_opts: The AWS provider credential options to scope the cluster's kubeconfig authentication when using a non-default credential chain.
+               
+               This is required for certain auth scenarios. For example:
+               - Creating and using a new AWS provider instance, or
+               - Setting the AWS_PROFILE environment variable, or
+               - Using a named profile configured on the AWS provider via:
+               `pulumi config set aws:profile <profileName>`
+               
+               See for more details:
+               - https://www.pulumi.com/registry/packages/aws/api-docs/provider/
+               - https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/
+               - https://www.pulumi.com/docs/intro/cloud-providers/aws/#configuration
+               - https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
+        :param _builtins.str proxy: The HTTP(S) proxy to use within a proxied environment.
+               
+                The proxy is used during cluster creation, and OIDC configuration.
+               
+               This is an alternative option to setting the proxy environment variables: HTTP(S)_PROXY and/or http(s)_proxy.
+               
+               This option is required iff the proxy environment variables are not set.
+               
+               Format:      <protocol>://<host>:<port>
+               Auth Format: <protocol>://<username>:<password>@<host>:<port>
+               
+               Ex:
+                 - "http://proxy.example.com:3128"
+                 - "https://proxy.example.com"
+                 - "http://username:password@proxy.example.com:3128"
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] public_access_cidrs: Indicates which CIDR blocks can access the Amazon EKS public API server endpoint.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] public_subnet_ids: The set of public subnets to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.
+               
+               If `vpcId` is not set, the cluster will use the AWS account's default VPC subnets.
+               
+               Worker network architecture options:
+                - Private-only: Only set `privateSubnetIds`.
+                  - Default workers to run in a private subnet. In this setting, Kubernetes cannot create public, internet-facing load balancers for your pods.
+                - Public-only: Only set `publicSubnetIds`.
+                  - Default workers to run in a public subnet.
+                - Mixed (recommended): Set both `privateSubnetIds` and `publicSubnetIds`.
+                  - Default all worker nodes to run in private subnets, and use the public subnets for internet-facing load balancers.
+               
+               See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.Note: The use of `subnetIds`, along with `publicSubnetIds` and/or `privateSubnetIds` is mutually exclusive. The use of `publicSubnetIds` and `privateSubnetIds` is encouraged.
+        :param pulumi.Input[Sequence[pulumi.Input['RoleMappingArgs']]] role_mappings: Optional mappings from AWS IAM roles to Kubernetes users and groups. Only supported with authentication mode `CONFIG_MAP` or `API_AND_CONFIG_MAP`
+        :param pulumi.Input['pulumi_aws.iam.Role'] service_role: IAM Service Role for EKS to use to manage the cluster.
+        :param _builtins.bool skip_default_node_group: If this toggle is set to true, the EKS cluster will be created without node group attached. Defaults to false, unless `fargate` or `autoMode` is enabled.
+        :param _builtins.bool skip_default_security_groups: If this toggle is set to true, the EKS cluster will be created without the default node and cluster security groups. Defaults to false, unless `autoMode` is enabled.
+               
+               See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
+        :param Union[_builtins.str, Mapping[str, 'StorageClassArgs']] storage_classes: An optional set of StorageClasses to enable for the cluster. If this is a single volume type rather than a map, a single StorageClass will be created for that volume type.
+               
+               Note: As of Kubernetes v1.11+ on EKS, a default `gp2` storage class will always be created automatically for the cluster by the EKS service. See https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] subnet_ids: The set of all subnets, public and private, to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.
+               
+               If `vpcId` is not set, the cluster will use the AWS account's default VPC subnets.
+               
+               If the list of subnets includes both public and private subnets, the worker nodes will only be attached to the private subnets, and the public subnets will be used for internet-facing load balancers.
+               
+               See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.
+               
+               Note: The use of `subnetIds`, along with `publicSubnetIds` and/or `privateSubnetIds` is mutually exclusive. The use of `publicSubnetIds` and `privateSubnetIds` is encouraged.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] tags: Key-value mapping of tags that are automatically applied to all AWS resources directly under management with this cluster, which support tagging.
+        :param pulumi.Input['pulumi_aws.eks.ClusterUpgradePolicyArgs'] upgrade_policy: The cluster's upgrade policy. Valid support types are "STANDARD" and "EXTENDED". Defaults to "EXTENDED".
+        :param _builtins.bool use_default_vpc_cni: Use the default VPC CNI instead of creating a custom one. Should not be used in conjunction with `vpcCniOptions`.
+               Defaults to true, unless `autoMode` is enabled.
+        :param pulumi.Input[Sequence[pulumi.Input['UserMappingArgs']]] user_mappings: Optional mappings from AWS IAM users to Kubernetes users and groups. Only supported with authentication mode `CONFIG_MAP` or `API_AND_CONFIG_MAP`.
+        :param pulumi.Input[_builtins.str] version: Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
+        :param 'VpcCniOptionsArgs' vpc_cni_options: The configuration of the Amazon VPC CNI plugin for this instance. Defaults are described in the documentation for the VpcCniOptions type.
+        :param pulumi.Input[_builtins.str] vpc_id: The VPC in which to create the cluster and its worker nodes. If unset, the cluster will be created in the default VPC.
+        """
+        if access_entries is not None:
+            pulumi.set(__self__, "access_entries", access_entries)
+        if authentication_mode is not None:
+            pulumi.set(__self__, "authentication_mode", authentication_mode)
+        if auto_mode is not None:
+            pulumi.set(__self__, "auto_mode", auto_mode)
+        if bootstrap_self_managed_addons is not None:
+            pulumi.set(__self__, "bootstrap_self_managed_addons", bootstrap_self_managed_addons)
+        if cluster_security_group is not None:
+            pulumi.set(__self__, "cluster_security_group", cluster_security_group)
+        if cluster_security_group_tags is not None:
+            pulumi.set(__self__, "cluster_security_group_tags", cluster_security_group_tags)
+        if cluster_tags is not None:
+            pulumi.set(__self__, "cluster_tags", cluster_tags)
+        if coredns_addon_options is not None:
+            pulumi.set(__self__, "coredns_addon_options", coredns_addon_options)
+        if create_instance_role is not None:
+            pulumi.set(__self__, "create_instance_role", create_instance_role)
+        if create_oidc_provider is not None:
+            pulumi.set(__self__, "create_oidc_provider", create_oidc_provider)
+        if creation_role_provider is not None:
+            pulumi.set(__self__, "creation_role_provider", creation_role_provider)
+        if deletion_protection is not None:
+            pulumi.set(__self__, "deletion_protection", deletion_protection)
+        if desired_capacity is not None:
+            pulumi.set(__self__, "desired_capacity", desired_capacity)
+        if enable_config_map_mutable is not None:
+            pulumi.set(__self__, "enable_config_map_mutable", enable_config_map_mutable)
+        if enabled_cluster_log_types is not None:
+            pulumi.set(__self__, "enabled_cluster_log_types", enabled_cluster_log_types)
+        if encryption_config_key_arn is not None:
+            pulumi.set(__self__, "encryption_config_key_arn", encryption_config_key_arn)
+        if endpoint_private_access is not None:
+            pulumi.set(__self__, "endpoint_private_access", endpoint_private_access)
+        if endpoint_public_access is not None:
+            pulumi.set(__self__, "endpoint_public_access", endpoint_public_access)
+        if fargate is not None:
+            pulumi.set(__self__, "fargate", fargate)
+        if gpu is not None:
+            pulumi.set(__self__, "gpu", gpu)
+        if instance_profile_name is not None:
+            pulumi.set(__self__, "instance_profile_name", instance_profile_name)
+        if instance_role is not None:
+            pulumi.set(__self__, "instance_role", instance_role)
+        if instance_roles is not None:
+            pulumi.set(__self__, "instance_roles", instance_roles)
+        if instance_type is not None:
+            pulumi.set(__self__, "instance_type", instance_type)
+        if ip_family is not None:
+            pulumi.set(__self__, "ip_family", ip_family)
+        if kube_proxy_addon_options is not None:
+            pulumi.set(__self__, "kube_proxy_addon_options", kube_proxy_addon_options)
+        if kubernetes_service_ip_address_range is not None:
+            pulumi.set(__self__, "kubernetes_service_ip_address_range", kubernetes_service_ip_address_range)
+        if max_size is not None:
+            pulumi.set(__self__, "max_size", max_size)
+        if min_size is not None:
+            pulumi.set(__self__, "min_size", min_size)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if node_ami_id is not None:
+            pulumi.set(__self__, "node_ami_id", node_ami_id)
+        if node_associate_public_ip_address is not None:
+            pulumi.set(__self__, "node_associate_public_ip_address", node_associate_public_ip_address)
+        if node_group_options is not None:
+            pulumi.set(__self__, "node_group_options", node_group_options)
+        if node_public_key is not None:
+            pulumi.set(__self__, "node_public_key", node_public_key)
+        if node_root_volume_encrypted is not None:
+            pulumi.set(__self__, "node_root_volume_encrypted", node_root_volume_encrypted)
+        if node_root_volume_size is not None:
+            pulumi.set(__self__, "node_root_volume_size", node_root_volume_size)
+        if node_security_group_tags is not None:
+            pulumi.set(__self__, "node_security_group_tags", node_security_group_tags)
+        if node_subnet_ids is not None:
+            pulumi.set(__self__, "node_subnet_ids", node_subnet_ids)
+        if node_user_data is not None:
+            pulumi.set(__self__, "node_user_data", node_user_data)
+        if private_subnet_ids is not None:
+            pulumi.set(__self__, "private_subnet_ids", private_subnet_ids)
+        if provider_credential_opts is not None:
+            pulumi.set(__self__, "provider_credential_opts", provider_credential_opts)
+        if proxy is not None:
+            pulumi.set(__self__, "proxy", proxy)
+        if public_access_cidrs is not None:
+            pulumi.set(__self__, "public_access_cidrs", public_access_cidrs)
+        if public_subnet_ids is not None:
+            pulumi.set(__self__, "public_subnet_ids", public_subnet_ids)
+        if role_mappings is not None:
+            pulumi.set(__self__, "role_mappings", role_mappings)
+        if service_role is not None:
+            pulumi.set(__self__, "service_role", service_role)
+        if skip_default_node_group is not None:
+            pulumi.set(__self__, "skip_default_node_group", skip_default_node_group)
+        if skip_default_security_groups is not None:
+            pulumi.set(__self__, "skip_default_security_groups", skip_default_security_groups)
+        if storage_classes is not None:
+            pulumi.set(__self__, "storage_classes", storage_classes)
+        if subnet_ids is not None:
+            pulumi.set(__self__, "subnet_ids", subnet_ids)
+        if tags is not None:
+            pulumi.set(__self__, "tags", tags)
+        if upgrade_policy is not None:
+            pulumi.set(__self__, "upgrade_policy", upgrade_policy)
+        if use_default_vpc_cni is not None:
+            pulumi.set(__self__, "use_default_vpc_cni", use_default_vpc_cni)
+        if user_mappings is not None:
+            pulumi.set(__self__, "user_mappings", user_mappings)
+        if version is not None:
+            pulumi.set(__self__, "version", version)
+        if vpc_cni_options is not None:
+            pulumi.set(__self__, "vpc_cni_options", vpc_cni_options)
+        if vpc_id is not None:
+            pulumi.set(__self__, "vpc_id", vpc_id)
+
+    @_builtins.property
+    @pulumi.getter(name="accessEntries")
+    def access_entries(self) -> Optional[Mapping[str, 'AccessEntryArgs']]:
+        """
+        Access entries to add to the EKS cluster. They can be used to allow IAM principals to access the cluster. Access entries are only supported with authentication mode `API` or `API_AND_CONFIG_MAP`.
+
+        See for more details:
+        https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
+        """
+        return pulumi.get(self, "access_entries")
+
+    @access_entries.setter
+    def access_entries(self, value: Optional[Mapping[str, 'AccessEntryArgs']]):
+        pulumi.set(self, "access_entries", value)
+
+    @_builtins.property
+    @pulumi.getter(name="authenticationMode")
+    def authentication_mode(self) -> Optional['AuthenticationMode']:
+        """
+        The authentication mode of the cluster. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP`.
+
+        See for more details:
+        https://docs.aws.amazon.com/eks/latest/userguide/grant-k8s-access.html#set-cam
+        """
+        return pulumi.get(self, "authentication_mode")
+
+    @authentication_mode.setter
+    def authentication_mode(self, value: Optional['AuthenticationMode']):
+        pulumi.set(self, "authentication_mode", value)
+
+    @_builtins.property
+    @pulumi.getter(name="autoMode")
+    def auto_mode(self) -> Optional['AutoModeOptionsArgs']:
+        """
+        Configuration Options for EKS Auto Mode. If EKS Auto Mode is enabled, AWS will manage cluster infrastructure on your behalf.
+
+        For more information, see: https://docs.aws.amazon.com/eks/latest/userguide/automode.html
+        """
+        return pulumi.get(self, "auto_mode")
+
+    @auto_mode.setter
+    def auto_mode(self, value: Optional['AutoModeOptionsArgs']):
+        pulumi.set(self, "auto_mode", value)
+
+    @_builtins.property
+    @pulumi.getter(name="bootstrapSelfManagedAddons")
+    def bootstrap_self_managed_addons(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Install default unmanaged add-ons, such as `aws-cni`, `kube-proxy`, and CoreDNS during cluster creation. If `false`, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults to `true`
+        """
+        return pulumi.get(self, "bootstrap_self_managed_addons")
+
+    @bootstrap_self_managed_addons.setter
+    def bootstrap_self_managed_addons(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "bootstrap_self_managed_addons", value)
+
+    @_builtins.property
+    @pulumi.getter(name="clusterSecurityGroup")
+    def cluster_security_group(self) -> Optional[pulumi.Input['pulumi_aws.ec2.SecurityGroup']]:
+        """
+        The security group to use for the cluster API endpoint. If not provided, a new security group will be created with full internet egress and ingress from node groups.
+
+        Note: The security group resource should not contain any inline ingress or egress rules.
+        """
+        return pulumi.get(self, "cluster_security_group")
+
+    @cluster_security_group.setter
+    def cluster_security_group(self, value: Optional[pulumi.Input['pulumi_aws.ec2.SecurityGroup']]):
+        pulumi.set(self, "cluster_security_group", value)
+
+    @_builtins.property
+    @pulumi.getter(name="clusterSecurityGroupTags")
+    def cluster_security_group_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
+        """
+        The tags to apply to the cluster security group.
+        """
+        return pulumi.get(self, "cluster_security_group_tags")
+
+    @cluster_security_group_tags.setter
+    def cluster_security_group_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "cluster_security_group_tags", value)
+
+    @_builtins.property
+    @pulumi.getter(name="clusterTags")
+    def cluster_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
+        """
+        The tags to apply to the EKS cluster.
+        """
+        return pulumi.get(self, "cluster_tags")
+
+    @cluster_tags.setter
+    def cluster_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "cluster_tags", value)
+
+    @_builtins.property
+    @pulumi.getter(name="corednsAddonOptions")
+    def coredns_addon_options(self) -> Optional['CoreDnsAddonOptionsArgs']:
+        """
+        Options for managing the `coredns` addon.
+        """
+        return pulumi.get(self, "coredns_addon_options")
+
+    @coredns_addon_options.setter
+    def coredns_addon_options(self, value: Optional['CoreDnsAddonOptionsArgs']):
+        pulumi.set(self, "coredns_addon_options", value)
+
+    @_builtins.property
+    @pulumi.getter(name="createInstanceRole")
+    def create_instance_role(self) -> Optional[_builtins.bool]:
+        """
+        Whether to create the instance role for the EKS cluster. Defaults to true when using the default node group, false otherwise.
+        If set to false when using the default node group, an instance role or instance profile must be provided.n
+        Note: this option has no effect if a custom instance role is provided with `instanceRole` or `instanceRoles`.
+        """
+        return pulumi.get(self, "create_instance_role")
+
+    @create_instance_role.setter
+    def create_instance_role(self, value: Optional[_builtins.bool]):
+        pulumi.set(self, "create_instance_role", value)
+
+    @_builtins.property
+    @pulumi.getter(name="createOidcProvider")
+    def create_oidc_provider(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Indicates whether an IAM OIDC Provider is created for the EKS cluster.
+
+        The OIDC provider is used in the cluster in combination with k8s Service Account annotations to provide IAM roles at the k8s Pod level.
+
+        See for more details:
+         - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
+         - https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
+         - https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
+         - https://www.pulumi.com/registry/packages/aws/api-docs/eks/cluster/#enabling-iam-roles-for-service-accounts
+        """
+        return pulumi.get(self, "create_oidc_provider")
+
+    @create_oidc_provider.setter
+    def create_oidc_provider(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "create_oidc_provider", value)
+
+    @_builtins.property
+    @pulumi.getter(name="creationRoleProvider")
+    def creation_role_provider(self) -> Optional['CreationRoleProviderArgs']:
+        """
+        The IAM Role Provider used to create & authenticate against the EKS cluster. This role is given `[system:masters]` permission in K8S, See: https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
+
+        Note: This option is only supported with Pulumi nodejs programs. Please use `ProviderCredentialOpts` as an alternative instead.
+        """
+        return pulumi.get(self, "creation_role_provider")
+
+    @creation_role_provider.setter
+    def creation_role_provider(self, value: Optional['CreationRoleProviderArgs']):
+        pulumi.set(self, "creation_role_provider", value)
+
+    @_builtins.property
+    @pulumi.getter(name="deletionProtection")
+    def deletion_protection(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled. Default: `false`.
+        """
+        return pulumi.get(self, "deletion_protection")
+
+    @deletion_protection.setter
+    def deletion_protection(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "deletion_protection", value)
+
+    @_builtins.property
+    @pulumi.getter(name="desiredCapacity")
+    def desired_capacity(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The number of worker nodes that should be running in the cluster. Defaults to 2.
+        """
+        return pulumi.get(self, "desired_capacity")
+
+    @desired_capacity.setter
+    def desired_capacity(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "desired_capacity", value)
+
+    @_builtins.property
+    @pulumi.getter(name="enableConfigMapMutable")
+    def enable_config_map_mutable(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Sets the 'enableConfigMapMutable' option on the cluster kubernetes provider.
+
+        Applies updates to the aws-auth ConfigMap in place over a replace operation if set to true.
+        https://www.pulumi.com/registry/packages/kubernetes/api-docs/provider/#enableconfigmapmutable_nodejs
+        """
+        return pulumi.get(self, "enable_config_map_mutable")
+
+    @enable_config_map_mutable.setter
+    def enable_config_map_mutable(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "enable_config_map_mutable", value)
+
+    @_builtins.property
+    @pulumi.getter(name="enabledClusterLogTypes")
+    def enabled_cluster_log_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        Enable EKS control plane logging. This sends logs to cloudwatch. Possible list of values are: ["api", "audit", "authenticator", "controllerManager", "scheduler"]. By default it is off.
+        """
+        return pulumi.get(self, "enabled_cluster_log_types")
+
+    @enabled_cluster_log_types.setter
+    def enabled_cluster_log_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "enabled_cluster_log_types", value)
+
+    @_builtins.property
+    @pulumi.getter(name="encryptionConfigKeyArn")
+    def encryption_config_key_arn(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        KMS Key ARN to use with the encryption configuration for the cluster.
+
+        Only available on Kubernetes 1.13+ clusters created after March 6, 2020.
+        See for more details:
+        - https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/
+        """
+        return pulumi.get(self, "encryption_config_key_arn")
+
+    @encryption_config_key_arn.setter
+    def encryption_config_key_arn(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "encryption_config_key_arn", value)
+
+    @_builtins.property
+    @pulumi.getter(name="endpointPrivateAccess")
+    def endpoint_private_access(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is `false`.
+        """
+        return pulumi.get(self, "endpoint_private_access")
+
+    @endpoint_private_access.setter
+    def endpoint_private_access(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "endpoint_private_access", value)
+
+    @_builtins.property
+    @pulumi.getter(name="endpointPublicAccess")
+    def endpoint_public_access(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is `true`.
+        """
+        return pulumi.get(self, "endpoint_public_access")
+
+    @endpoint_public_access.setter
+    def endpoint_public_access(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "endpoint_public_access", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def fargate(self) -> Optional[pulumi.Input[Union[_builtins.bool, 'FargateProfileArgs']]]:
+        """
+        Add support for launching pods in Fargate. Defaults to launching pods in the `default` namespace.  If specified, the default node group is skipped as though `skipDefaultNodeGroup: true` had been passed.
+        """
+        return pulumi.get(self, "fargate")
+
+    @fargate.setter
+    def fargate(self, value: Optional[pulumi.Input[Union[_builtins.bool, 'FargateProfileArgs']]]):
+        pulumi.set(self, "fargate", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def gpu(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
+
+        Defaults to false.
+
+        Note: `gpu` and `nodeAmiId` are mutually exclusive.
+
+        See for more details:
+        - https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
+        - https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
+        """
+        return pulumi.get(self, "gpu")
+
+    @gpu.setter
+    def gpu(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "gpu", value)
+
+    @_builtins.property
+    @pulumi.getter(name="instanceProfileName")
+    def instance_profile_name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The default IAM InstanceProfile to use on the Worker NodeGroups, if one is not already set in the NodeGroup.
+        """
+        return pulumi.get(self, "instance_profile_name")
+
+    @instance_profile_name.setter
+    def instance_profile_name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "instance_profile_name", value)
+
+    @_builtins.property
+    @pulumi.getter(name="instanceRole")
+    def instance_role(self) -> Optional[pulumi.Input['pulumi_aws.iam.Role']]:
+        """
+        This enables the simple case of only registering a *single* IAM instance role with the cluster, that is required to be shared by *all* node groups in their instance profiles.
+
+        Note: options `instanceRole` and `instanceRoles` are mutually exclusive.
+        """
+        return pulumi.get(self, "instance_role")
+
+    @instance_role.setter
+    def instance_role(self, value: Optional[pulumi.Input['pulumi_aws.iam.Role']]):
+        pulumi.set(self, "instance_role", value)
+
+    @_builtins.property
+    @pulumi.getter(name="instanceRoles")
+    def instance_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['pulumi_aws.iam.Role']]]]:
+        """
+        This enables the advanced case of registering *many* IAM instance roles with the cluster for per node group IAM, instead of the simpler, shared case of `instanceRole`.
+
+        Note: options `instanceRole` and `instanceRoles` are mutually exclusive.
+        """
+        return pulumi.get(self, "instance_roles")
+
+    @instance_roles.setter
+    def instance_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['pulumi_aws.iam.Role']]]]):
+        pulumi.set(self, "instance_roles", value)
+
+    @_builtins.property
+    @pulumi.getter(name="instanceType")
+    def instance_type(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The instance type to use for the cluster's nodes. Defaults to "t3.medium".
+        """
+        return pulumi.get(self, "instance_type")
+
+    @instance_type.setter
+    def instance_type(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "instance_type", value)
+
+    @_builtins.property
+    @pulumi.getter(name="ipFamily")
+    def ip_family(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`.
+        You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created.
+        """
+        return pulumi.get(self, "ip_family")
+
+    @ip_family.setter
+    def ip_family(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "ip_family", value)
+
+    @_builtins.property
+    @pulumi.getter(name="kubeProxyAddonOptions")
+    def kube_proxy_addon_options(self) -> Optional['KubeProxyAddonOptionsArgs']:
+        """
+        Options for managing the `kube-proxy` addon.
+        """
+        return pulumi.get(self, "kube_proxy_addon_options")
+
+    @kube_proxy_addon_options.setter
+    def kube_proxy_addon_options(self, value: Optional['KubeProxyAddonOptionsArgs']):
+        pulumi.set(self, "kube_proxy_addon_options", value)
+
+    @_builtins.property
+    @pulumi.getter(name="kubernetesServiceIpAddressRange")
+    def kubernetes_service_ip_address_range(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The CIDR block to assign Kubernetes service IP addresses from. If you don't
+        specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or
+        172.20.0.0/16 CIDR blocks. This setting only applies to IPv4 clusters. We recommend that you specify a block
+        that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify
+        a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created.
+
+        The block must meet the following requirements:
+        - Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0.0/12, or 192.168.0.0/16.
+        - Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
+        - Between /24 and /12.
+        """
+        return pulumi.get(self, "kubernetes_service_ip_address_range")
+
+    @kubernetes_service_ip_address_range.setter
+    def kubernetes_service_ip_address_range(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "kubernetes_service_ip_address_range", value)
+
+    @_builtins.property
+    @pulumi.getter(name="maxSize")
+    def max_size(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The maximum number of worker nodes running in the cluster. Defaults to 2.
+        """
+        return pulumi.get(self, "max_size")
+
+    @max_size.setter
+    def max_size(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "max_size", value)
+
+    @_builtins.property
+    @pulumi.getter(name="minSize")
+    def min_size(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The minimum number of worker nodes running in the cluster. Defaults to 1.
+        """
+        return pulumi.get(self, "min_size")
+
+    @min_size.setter
+    def min_size(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "min_size", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The cluster's physical resource name.
+
+        If not specified, the default is to use auto-naming for the cluster's name, resulting in a physical name with the format `${name}-eksCluster-0123abcd`.
+
+        See for more details: https://www.pulumi.com/docs/intro/concepts/programming-model/#autonaming
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+
+    @_builtins.property
+    @pulumi.getter(name="nodeAmiId")
+    def node_ami_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The AMI ID to use for the worker nodes.
+
+        Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
+
+        Note: `nodeAmiId` and `gpu` are mutually exclusive.
+
+        See for more details:
+        - https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
+        """
+        return pulumi.get(self, "node_ami_id")
+
+    @node_ami_id.setter
+    def node_ami_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "node_ami_id", value)
+
+    @_builtins.property
+    @pulumi.getter(name="nodeAssociatePublicIpAddress")
+    def node_associate_public_ip_address(self) -> Optional[_builtins.bool]:
+        """
+        Whether or not to auto-assign the EKS worker nodes public IP addresses. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
+        """
+        return pulumi.get(self, "node_associate_public_ip_address")
+
+    @node_associate_public_ip_address.setter
+    def node_associate_public_ip_address(self, value: Optional[_builtins.bool]):
+        pulumi.set(self, "node_associate_public_ip_address", value)
+
+    @_builtins.property
+    @pulumi.getter(name="nodeGroupOptions")
+    def node_group_options(self) -> Optional['ClusterNodeGroupOptionsArgs']:
+        """
+        The common configuration settings for NodeGroups.
+        """
+        return pulumi.get(self, "node_group_options")
+
+    @node_group_options.setter
+    def node_group_options(self, value: Optional['ClusterNodeGroupOptionsArgs']):
+        pulumi.set(self, "node_group_options", value)
+
+    @_builtins.property
+    @pulumi.getter(name="nodePublicKey")
+    def node_public_key(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Public key material for SSH access to worker nodes. See allowed formats at:
+        https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
+        If not provided, no SSH access is enabled on VMs.
+        """
+        return pulumi.get(self, "node_public_key")
+
+    @node_public_key.setter
+    def node_public_key(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "node_public_key", value)
+
+    @_builtins.property
+    @pulumi.getter(name="nodeRootVolumeEncrypted")
+    def node_root_volume_encrypted(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Encrypt the root block device of the nodes in the node group.
+        """
+        return pulumi.get(self, "node_root_volume_encrypted")
+
+    @node_root_volume_encrypted.setter
+    def node_root_volume_encrypted(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "node_root_volume_encrypted", value)
+
+    @_builtins.property
+    @pulumi.getter(name="nodeRootVolumeSize")
+    def node_root_volume_size(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The size in GiB of a cluster node's root volume. Defaults to 20.
+        """
+        return pulumi.get(self, "node_root_volume_size")
+
+    @node_root_volume_size.setter
+    def node_root_volume_size(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "node_root_volume_size", value)
+
+    @_builtins.property
+    @pulumi.getter(name="nodeSecurityGroupTags")
+    def node_security_group_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
+        """
+        The tags to apply to the default `nodeSecurityGroup` created by the cluster.
+
+        Note: The `nodeSecurityGroupTags` option and the node group option `nodeSecurityGroup` are mutually exclusive.
+        """
+        return pulumi.get(self, "node_security_group_tags")
+
+    @node_security_group_tags.setter
+    def node_security_group_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "node_security_group_tags", value)
+
+    @_builtins.property
+    @pulumi.getter(name="nodeSubnetIds")
+    def node_subnet_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        The subnets to use for worker nodes. Defaults to the value of subnetIds.
+        """
+        return pulumi.get(self, "node_subnet_ids")
+
+    @node_subnet_ids.setter
+    def node_subnet_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "node_subnet_ids", value)
+
+    @_builtins.property
+    @pulumi.getter(name="nodeUserData")
+    def node_user_data(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a `#!`).
+        """
+        return pulumi.get(self, "node_user_data")
+
+    @node_user_data.setter
+    def node_user_data(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "node_user_data", value)
+
+    @_builtins.property
+    @pulumi.getter(name="privateSubnetIds")
+    def private_subnet_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        The set of private subnets to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.
+
+        If `vpcId` is not set, the cluster will use the AWS account's default VPC subnets.
+
+        Worker network architecture options:
+         - Private-only: Only set `privateSubnetIds`.
+           - Default workers to run in a private subnet. In this setting, Kubernetes cannot create public, internet-facing load balancers for your pods.
+         - Public-only: Only set `publicSubnetIds`.
+           - Default workers to run in a public subnet.
+         - Mixed (recommended): Set both `privateSubnetIds` and `publicSubnetIds`.
+           - Default all worker nodes to run in private subnets, and use the public subnets for internet-facing load balancers.
+
+        See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.Note: The use of `subnetIds`, along with `publicSubnetIds` and/or `privateSubnetIds` is mutually exclusive. The use of `publicSubnetIds` and `privateSubnetIds` is encouraged.
+
+        Also consider setting `nodeAssociatePublicIpAddress: false` for fully private workers.
+        """
+        return pulumi.get(self, "private_subnet_ids")
+
+    @private_subnet_ids.setter
+    def private_subnet_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "private_subnet_ids", value)
+
+    @_builtins.property
+    @pulumi.getter(name="providerCredentialOpts")
+    def provider_credential_opts(self) -> Optional[pulumi.Input['KubeconfigOptionsArgs']]:
+        """
+        The AWS provider credential options to scope the cluster's kubeconfig authentication when using a non-default credential chain.
+
+        This is required for certain auth scenarios. For example:
+        - Creating and using a new AWS provider instance, or
+        - Setting the AWS_PROFILE environment variable, or
+        - Using a named profile configured on the AWS provider via:
+        `pulumi config set aws:profile <profileName>`
+
+        See for more details:
+        - https://www.pulumi.com/registry/packages/aws/api-docs/provider/
+        - https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/
+        - https://www.pulumi.com/docs/intro/cloud-providers/aws/#configuration
+        - https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
+        """
+        return pulumi.get(self, "provider_credential_opts")
+
+    @provider_credential_opts.setter
+    def provider_credential_opts(self, value: Optional[pulumi.Input['KubeconfigOptionsArgs']]):
+        pulumi.set(self, "provider_credential_opts", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def proxy(self) -> Optional[_builtins.str]:
+        """
+        The HTTP(S) proxy to use within a proxied environment.
+
+         The proxy is used during cluster creation, and OIDC configuration.
+
+        This is an alternative option to setting the proxy environment variables: HTTP(S)_PROXY and/or http(s)_proxy.
+
+        This option is required iff the proxy environment variables are not set.
+
+        Format:      <protocol>://<host>:<port>
+        Auth Format: <protocol>://<username>:<password>@<host>:<port>
+
+        Ex:
+          - "http://proxy.example.com:3128"
+          - "https://proxy.example.com"
+          - "http://username:password@proxy.example.com:3128"
+        """
+        return pulumi.get(self, "proxy")
+
+    @proxy.setter
+    def proxy(self, value: Optional[_builtins.str]):
+        pulumi.set(self, "proxy", value)
+
+    @_builtins.property
+    @pulumi.getter(name="publicAccessCidrs")
+    def public_access_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        Indicates which CIDR blocks can access the Amazon EKS public API server endpoint.
+        """
+        return pulumi.get(self, "public_access_cidrs")
+
+    @public_access_cidrs.setter
+    def public_access_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "public_access_cidrs", value)
+
+    @_builtins.property
+    @pulumi.getter(name="publicSubnetIds")
+    def public_subnet_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        The set of public subnets to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.
+
+        If `vpcId` is not set, the cluster will use the AWS account's default VPC subnets.
+
+        Worker network architecture options:
+         - Private-only: Only set `privateSubnetIds`.
+           - Default workers to run in a private subnet. In this setting, Kubernetes cannot create public, internet-facing load balancers for your pods.
+         - Public-only: Only set `publicSubnetIds`.
+           - Default workers to run in a public subnet.
+         - Mixed (recommended): Set both `privateSubnetIds` and `publicSubnetIds`.
+           - Default all worker nodes to run in private subnets, and use the public subnets for internet-facing load balancers.
+
+        See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.Note: The use of `subnetIds`, along with `publicSubnetIds` and/or `privateSubnetIds` is mutually exclusive. The use of `publicSubnetIds` and `privateSubnetIds` is encouraged.
+        """
+        return pulumi.get(self, "public_subnet_ids")
+
+    @public_subnet_ids.setter
+    def public_subnet_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "public_subnet_ids", value)
+
+    @_builtins.property
+    @pulumi.getter(name="roleMappings")
+    def role_mappings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['RoleMappingArgs']]]]:
+        """
+        Optional mappings from AWS IAM roles to Kubernetes users and groups. Only supported with authentication mode `CONFIG_MAP` or `API_AND_CONFIG_MAP`
+        """
+        return pulumi.get(self, "role_mappings")
+
+    @role_mappings.setter
+    def role_mappings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['RoleMappingArgs']]]]):
+        pulumi.set(self, "role_mappings", value)
+
+    @_builtins.property
+    @pulumi.getter(name="serviceRole")
+    def service_role(self) -> Optional[pulumi.Input['pulumi_aws.iam.Role']]:
+        """
+        IAM Service Role for EKS to use to manage the cluster.
+        """
+        return pulumi.get(self, "service_role")
+
+    @service_role.setter
+    def service_role(self, value: Optional[pulumi.Input['pulumi_aws.iam.Role']]):
+        pulumi.set(self, "service_role", value)
+
+    @_builtins.property
+    @pulumi.getter(name="skipDefaultNodeGroup")
+    def skip_default_node_group(self) -> Optional[_builtins.bool]:
+        """
+        If this toggle is set to true, the EKS cluster will be created without node group attached. Defaults to false, unless `fargate` or `autoMode` is enabled.
+        """
+        return pulumi.get(self, "skip_default_node_group")
+
+    @skip_default_node_group.setter
+    def skip_default_node_group(self, value: Optional[_builtins.bool]):
+        pulumi.set(self, "skip_default_node_group", value)
+
+    @_builtins.property
+    @pulumi.getter(name="skipDefaultSecurityGroups")
+    def skip_default_security_groups(self) -> Optional[_builtins.bool]:
+        """
+        If this toggle is set to true, the EKS cluster will be created without the default node and cluster security groups. Defaults to false, unless `autoMode` is enabled.
+
+        See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
+        """
+        return pulumi.get(self, "skip_default_security_groups")
+
+    @skip_default_security_groups.setter
+    def skip_default_security_groups(self, value: Optional[_builtins.bool]):
+        pulumi.set(self, "skip_default_security_groups", value)
+
+    @_builtins.property
+    @pulumi.getter(name="storageClasses")
+    def storage_classes(self) -> Optional[Union[_builtins.str, Mapping[str, 'StorageClassArgs']]]:
+        """
+        An optional set of StorageClasses to enable for the cluster. If this is a single volume type rather than a map, a single StorageClass will be created for that volume type.
+
+        Note: As of Kubernetes v1.11+ on EKS, a default `gp2` storage class will always be created automatically for the cluster by the EKS service. See https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html
+        """
+        return pulumi.get(self, "storage_classes")
+
+    @storage_classes.setter
+    def storage_classes(self, value: Optional[Union[_builtins.str, Mapping[str, 'StorageClassArgs']]]):
+        pulumi.set(self, "storage_classes", value)
+
+    @_builtins.property
+    @pulumi.getter(name="subnetIds")
+    def subnet_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        The set of all subnets, public and private, to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.
+
+        If `vpcId` is not set, the cluster will use the AWS account's default VPC subnets.
+
+        If the list of subnets includes both public and private subnets, the worker nodes will only be attached to the private subnets, and the public subnets will be used for internet-facing load balancers.
+
+        See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.
+
+        Note: The use of `subnetIds`, along with `publicSubnetIds` and/or `privateSubnetIds` is mutually exclusive. The use of `publicSubnetIds` and `privateSubnetIds` is encouraged.
+        """
+        return pulumi.get(self, "subnet_ids")
+
+    @subnet_ids.setter
+    def subnet_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "subnet_ids", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
+        """
+        Key-value mapping of tags that are automatically applied to all AWS resources directly under management with this cluster, which support tagging.
+        """
+        return pulumi.get(self, "tags")
+
+    @tags.setter
+    def tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "tags", value)
+
+    @_builtins.property
+    @pulumi.getter(name="upgradePolicy")
+    def upgrade_policy(self) -> Optional[pulumi.Input['pulumi_aws.eks.ClusterUpgradePolicyArgs']]:
+        """
+        The cluster's upgrade policy. Valid support types are "STANDARD" and "EXTENDED". Defaults to "EXTENDED".
+        """
+        return pulumi.get(self, "upgrade_policy")
+
+    @upgrade_policy.setter
+    def upgrade_policy(self, value: Optional[pulumi.Input['pulumi_aws.eks.ClusterUpgradePolicyArgs']]):
+        pulumi.set(self, "upgrade_policy", value)
+
+    @_builtins.property
+    @pulumi.getter(name="useDefaultVpcCni")
+    def use_default_vpc_cni(self) -> Optional[_builtins.bool]:
+        """
+        Use the default VPC CNI instead of creating a custom one. Should not be used in conjunction with `vpcCniOptions`.
+        Defaults to true, unless `autoMode` is enabled.
+        """
+        return pulumi.get(self, "use_default_vpc_cni")
+
+    @use_default_vpc_cni.setter
+    def use_default_vpc_cni(self, value: Optional[_builtins.bool]):
+        pulumi.set(self, "use_default_vpc_cni", value)
+
+    @_builtins.property
+    @pulumi.getter(name="userMappings")
+    def user_mappings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserMappingArgs']]]]:
+        """
+        Optional mappings from AWS IAM users to Kubernetes users and groups. Only supported with authentication mode `CONFIG_MAP` or `API_AND_CONFIG_MAP`.
+        """
+        return pulumi.get(self, "user_mappings")
+
+    @user_mappings.setter
+    def user_mappings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserMappingArgs']]]]):
+        pulumi.set(self, "user_mappings", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def version(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
+        """
+        return pulumi.get(self, "version")
+
+    @version.setter
+    def version(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "version", value)
+
+    @_builtins.property
+    @pulumi.getter(name="vpcCniOptions")
+    def vpc_cni_options(self) -> Optional['VpcCniOptionsArgs']:
+        """
+        The configuration of the Amazon VPC CNI plugin for this instance. Defaults are described in the documentation for the VpcCniOptions type.
+        """
+        return pulumi.get(self, "vpc_cni_options")
+
+    @vpc_cni_options.setter
+    def vpc_cni_options(self, value: Optional['VpcCniOptionsArgs']):
+        pulumi.set(self, "vpc_cni_options", value)
+
+    @_builtins.property
+    @pulumi.getter(name="vpcId")
+    def vpc_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The VPC in which to create the cluster and its worker nodes. If unset, the cluster will be created in the default VPC.
+        """
+        return pulumi.get(self, "vpc_id")
+
+    @vpc_id.setter
+    def vpc_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "vpc_id", value)
+
+
+@pulumi.type_token("eks:index:Cluster")
+class Cluster(pulumi.ComponentResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 access_entries: Optional[Mapping[str, Union['AccessEntryArgs', 'AccessEntryArgsDict']]] = None,
+                 authentication_mode: Optional['AuthenticationMode'] = None,
+                 auto_mode: Optional[Union['AutoModeOptionsArgs', 'AutoModeOptionsArgsDict']] = None,
+                 bootstrap_self_managed_addons: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cluster_security_group: Optional[pulumi.Input['pulumi_aws.ec2.SecurityGroup']] = None,
+                 cluster_security_group_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 cluster_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 coredns_addon_options: Optional[Union['CoreDnsAddonOptionsArgs', 'CoreDnsAddonOptionsArgsDict']] = None,
+                 create_instance_role: Optional[_builtins.bool] = None,
+                 create_oidc_provider: Optional[pulumi.Input[_builtins.bool]] = None,
+                 creation_role_provider: Optional[Union['CreationRoleProviderArgs', 'CreationRoleProviderArgsDict']] = None,
+                 deletion_protection: Optional[pulumi.Input[_builtins.bool]] = None,
+                 desired_capacity: Optional[pulumi.Input[_builtins.int]] = None,
+                 enable_config_map_mutable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enabled_cluster_log_types: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 encryption_config_key_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 endpoint_private_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 endpoint_public_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 fargate: Optional[pulumi.Input[Union[_builtins.bool, Union['FargateProfileArgs', 'FargateProfileArgsDict']]]] = None,
+                 gpu: Optional[pulumi.Input[_builtins.bool]] = None,
+                 instance_profile_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 instance_role: Optional[pulumi.Input['pulumi_aws.iam.Role']] = None,
+                 instance_roles: Optional[pulumi.Input[Sequence[pulumi.Input['pulumi_aws.iam.Role']]]] = None,
+                 instance_type: Optional[pulumi.Input[_builtins.str]] = None,
+                 ip_family: Optional[pulumi.Input[_builtins.str]] = None,
+                 kube_proxy_addon_options: Optional[Union['KubeProxyAddonOptionsArgs', 'KubeProxyAddonOptionsArgsDict']] = None,
+                 kubernetes_service_ip_address_range: Optional[pulumi.Input[_builtins.str]] = None,
+                 max_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_ami_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_associate_public_ip_address: Optional[_builtins.bool] = None,
+                 node_group_options: Optional[Union['ClusterNodeGroupOptionsArgs', 'ClusterNodeGroupOptionsArgsDict']] = None,
+                 node_public_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_root_volume_encrypted: Optional[pulumi.Input[_builtins.bool]] = None,
+                 node_root_volume_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 node_security_group_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 node_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 node_user_data: Optional[pulumi.Input[_builtins.str]] = None,
+                 private_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 provider_credential_opts: Optional[pulumi.Input[Union['KubeconfigOptionsArgs', 'KubeconfigOptionsArgsDict']]] = None,
+                 proxy: Optional[_builtins.str] = None,
+                 public_access_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 public_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 role_mappings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleMappingArgs', 'RoleMappingArgsDict']]]]] = None,
+                 service_role: Optional[pulumi.Input['pulumi_aws.iam.Role']] = None,
+                 skip_default_node_group: Optional[_builtins.bool] = None,
+                 skip_default_security_groups: Optional[_builtins.bool] = None,
+                 storage_classes: Optional[Union[_builtins.str, Mapping[str, Union['StorageClassArgs', 'StorageClassArgsDict']]]] = None,
+                 subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 upgrade_policy: Optional[pulumi.Input[pulumi.InputType['pulumi_aws.eks.ClusterUpgradePolicyArgs']]] = None,
+                 use_default_vpc_cni: Optional[_builtins.bool] = None,
+                 user_mappings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['UserMappingArgs', 'UserMappingArgsDict']]]]] = None,
+                 version: Optional[pulumi.Input[_builtins.str]] = None,
+                 vpc_cni_options: Optional[Union['VpcCniOptionsArgs', 'VpcCniOptionsArgsDict']] = None,
+                 vpc_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        """
+        Cluster is a component that wraps the AWS and Kubernetes resources necessary to run an EKS cluster, its worker nodes, its optional StorageClasses, and an optional deployment of the Kubernetes Dashboard.
+
+        ## Example Usage
+
+        ### Provisioning a New EKS Cluster
+
+        <!--Start PulumiCodeChooser -->
+
+        ```python
+         import pulumi
+         import pulumi_eks as eks
+         
+         # Create an EKS cluster with the default configuration.
+         cluster = eks.Cluster("cluster")
+
+         # Export the cluster's kubeconfig.
+         pulumi.export("kubeconfig", cluster.kubeconfig)
+        ```
+        <!--End PulumiCodeChooser -->
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param Mapping[str, Union['AccessEntryArgs', 'AccessEntryArgsDict']] access_entries: Access entries to add to the EKS cluster. They can be used to allow IAM principals to access the cluster. Access entries are only supported with authentication mode `API` or `API_AND_CONFIG_MAP`.
+               
+               See for more details:
+               https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
+        :param 'AuthenticationMode' authentication_mode: The authentication mode of the cluster. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP`.
+               
+               See for more details:
+               https://docs.aws.amazon.com/eks/latest/userguide/grant-k8s-access.html#set-cam
+        :param Union['AutoModeOptionsArgs', 'AutoModeOptionsArgsDict'] auto_mode: Configuration Options for EKS Auto Mode. If EKS Auto Mode is enabled, AWS will manage cluster infrastructure on your behalf.
+               
+               For more information, see: https://docs.aws.amazon.com/eks/latest/userguide/automode.html
+        :param pulumi.Input[_builtins.bool] bootstrap_self_managed_addons: Install default unmanaged add-ons, such as `aws-cni`, `kube-proxy`, and CoreDNS during cluster creation. If `false`, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults to `true`
+        :param pulumi.Input['pulumi_aws.ec2.SecurityGroup'] cluster_security_group: The security group to use for the cluster API endpoint. If not provided, a new security group will be created with full internet egress and ingress from node groups.
+               
+               Note: The security group resource should not contain any inline ingress or egress rules.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] cluster_security_group_tags: The tags to apply to the cluster security group.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] cluster_tags: The tags to apply to the EKS cluster.
+        :param Union['CoreDnsAddonOptionsArgs', 'CoreDnsAddonOptionsArgsDict'] coredns_addon_options: Options for managing the `coredns` addon.
+        :param _builtins.bool create_instance_role: Whether to create the instance role for the EKS cluster. Defaults to true when using the default node group, false otherwise.
+               If set to false when using the default node group, an instance role or instance profile must be provided.n
+               Note: this option has no effect if a custom instance role is provided with `instanceRole` or `instanceRoles`.
+        :param pulumi.Input[_builtins.bool] create_oidc_provider: Indicates whether an IAM OIDC Provider is created for the EKS cluster.
+               
+               The OIDC provider is used in the cluster in combination with k8s Service Account annotations to provide IAM roles at the k8s Pod level.
+               
+               See for more details:
+                - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
+                - https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
+                - https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
+                - https://www.pulumi.com/registry/packages/aws/api-docs/eks/cluster/#enabling-iam-roles-for-service-accounts
+        :param Union['CreationRoleProviderArgs', 'CreationRoleProviderArgsDict'] creation_role_provider: The IAM Role Provider used to create & authenticate against the EKS cluster. This role is given `[system:masters]` permission in K8S, See: https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
+               
+               Note: This option is only supported with Pulumi nodejs programs. Please use `ProviderCredentialOpts` as an alternative instead.
+        :param pulumi.Input[_builtins.bool] deletion_protection: Whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled. Default: `false`.
+        :param pulumi.Input[_builtins.int] desired_capacity: The number of worker nodes that should be running in the cluster. Defaults to 2.
+        :param pulumi.Input[_builtins.bool] enable_config_map_mutable: Sets the 'enableConfigMapMutable' option on the cluster kubernetes provider.
+               
+               Applies updates to the aws-auth ConfigMap in place over a replace operation if set to true.
+               https://www.pulumi.com/registry/packages/kubernetes/api-docs/provider/#enableconfigmapmutable_nodejs
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] enabled_cluster_log_types: Enable EKS control plane logging. This sends logs to cloudwatch. Possible list of values are: ["api", "audit", "authenticator", "controllerManager", "scheduler"]. By default it is off.
+        :param pulumi.Input[_builtins.str] encryption_config_key_arn: KMS Key ARN to use with the encryption configuration for the cluster.
+               
+               Only available on Kubernetes 1.13+ clusters created after March 6, 2020.
+               See for more details:
+               - https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/
+        :param pulumi.Input[_builtins.bool] endpoint_private_access: Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is `false`.
+        :param pulumi.Input[_builtins.bool] endpoint_public_access: Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is `true`.
+        :param pulumi.Input[Union[_builtins.bool, Union['FargateProfileArgs', 'FargateProfileArgsDict']]] fargate: Add support for launching pods in Fargate. Defaults to launching pods in the `default` namespace.  If specified, the default node group is skipped as though `skipDefaultNodeGroup: true` had been passed.
+        :param pulumi.Input[_builtins.bool] gpu: Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
+               
+               Defaults to false.
+               
+               Note: `gpu` and `nodeAmiId` are mutually exclusive.
+               
+               See for more details:
+               - https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
+               - https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
+        :param pulumi.Input[_builtins.str] instance_profile_name: The default IAM InstanceProfile to use on the Worker NodeGroups, if one is not already set in the NodeGroup.
+        :param pulumi.Input['pulumi_aws.iam.Role'] instance_role: This enables the simple case of only registering a *single* IAM instance role with the cluster, that is required to be shared by *all* node groups in their instance profiles.
+               
+               Note: options `instanceRole` and `instanceRoles` are mutually exclusive.
+        :param pulumi.Input[Sequence[pulumi.Input['pulumi_aws.iam.Role']]] instance_roles: This enables the advanced case of registering *many* IAM instance roles with the cluster for per node group IAM, instead of the simpler, shared case of `instanceRole`.
+               
+               Note: options `instanceRole` and `instanceRoles` are mutually exclusive.
+        :param pulumi.Input[_builtins.str] instance_type: The instance type to use for the cluster's nodes. Defaults to "t3.medium".
+        :param pulumi.Input[_builtins.str] ip_family: The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`.
+               You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created.
+        :param Union['KubeProxyAddonOptionsArgs', 'KubeProxyAddonOptionsArgsDict'] kube_proxy_addon_options: Options for managing the `kube-proxy` addon.
+        :param pulumi.Input[_builtins.str] kubernetes_service_ip_address_range: The CIDR block to assign Kubernetes service IP addresses from. If you don't
+               specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or
+               172.20.0.0/16 CIDR blocks. This setting only applies to IPv4 clusters. We recommend that you specify a block
+               that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify
+               a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created.
+               
+               The block must meet the following requirements:
+               - Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0.0/12, or 192.168.0.0/16.
+               - Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
+               - Between /24 and /12.
+        :param pulumi.Input[_builtins.int] max_size: The maximum number of worker nodes running in the cluster. Defaults to 2.
+        :param pulumi.Input[_builtins.int] min_size: The minimum number of worker nodes running in the cluster. Defaults to 1.
+        :param pulumi.Input[_builtins.str] name: The cluster's physical resource name.
+               
+               If not specified, the default is to use auto-naming for the cluster's name, resulting in a physical name with the format `${name}-eksCluster-0123abcd`.
+               
+               See for more details: https://www.pulumi.com/docs/intro/concepts/programming-model/#autonaming
+        :param pulumi.Input[_builtins.str] node_ami_id: The AMI ID to use for the worker nodes.
+               
+               Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
+               
+               Note: `nodeAmiId` and `gpu` are mutually exclusive.
+               
+               See for more details:
+               - https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
+        :param _builtins.bool node_associate_public_ip_address: Whether or not to auto-assign the EKS worker nodes public IP addresses. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
+        :param Union['ClusterNodeGroupOptionsArgs', 'ClusterNodeGroupOptionsArgsDict'] node_group_options: The common configuration settings for NodeGroups.
+        :param pulumi.Input[_builtins.str] node_public_key: Public key material for SSH access to worker nodes. See allowed formats at:
+               https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
+               If not provided, no SSH access is enabled on VMs.
+        :param pulumi.Input[_builtins.bool] node_root_volume_encrypted: Encrypt the root block device of the nodes in the node group.
+        :param pulumi.Input[_builtins.int] node_root_volume_size: The size in GiB of a cluster node's root volume. Defaults to 20.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] node_security_group_tags: The tags to apply to the default `nodeSecurityGroup` created by the cluster.
+               
+               Note: The `nodeSecurityGroupTags` option and the node group option `nodeSecurityGroup` are mutually exclusive.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] node_subnet_ids: The subnets to use for worker nodes. Defaults to the value of subnetIds.
+        :param pulumi.Input[_builtins.str] node_user_data: Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a `#!`).
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] private_subnet_ids: The set of private subnets to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.
+               
+               If `vpcId` is not set, the cluster will use the AWS account's default VPC subnets.
+               
+               Worker network architecture options:
+                - Private-only: Only set `privateSubnetIds`.
+                  - Default workers to run in a private subnet. In this setting, Kubernetes cannot create public, internet-facing load balancers for your pods.
+                - Public-only: Only set `publicSubnetIds`.
+                  - Default workers to run in a public subnet.
+                - Mixed (recommended): Set both `privateSubnetIds` and `publicSubnetIds`.
+                  - Default all worker nodes to run in private subnets, and use the public subnets for internet-facing load balancers.
+               
+               See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.Note: The use of `subnetIds`, along with `publicSubnetIds` and/or `privateSubnetIds` is mutually exclusive. The use of `publicSubnetIds` and `privateSubnetIds` is encouraged.
+               
+               Also consider setting `nodeAssociatePublicIpAddress: false` for fully private workers.
+        :param pulumi.Input[Union['KubeconfigOptionsArgs', 'KubeconfigOptionsArgsDict']] provider_credential_opts: The AWS provider credential options to scope the cluster's kubeconfig authentication when using a non-default credential chain.
+               
+               This is required for certain auth scenarios. For example:
+               - Creating and using a new AWS provider instance, or
+               - Setting the AWS_PROFILE environment variable, or
+               - Using a named profile configured on the AWS provider via:
+               `pulumi config set aws:profile <profileName>`
+               
+               See for more details:
+               - https://www.pulumi.com/registry/packages/aws/api-docs/provider/
+               - https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/
+               - https://www.pulumi.com/docs/intro/cloud-providers/aws/#configuration
+               - https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
+        :param _builtins.str proxy: The HTTP(S) proxy to use within a proxied environment.
+               
+                The proxy is used during cluster creation, and OIDC configuration.
+               
+               This is an alternative option to setting the proxy environment variables: HTTP(S)_PROXY and/or http(s)_proxy.
+               
+               This option is required iff the proxy environment variables are not set.
+               
+               Format:      <protocol>://<host>:<port>
+               Auth Format: <protocol>://<username>:<password>@<host>:<port>
+               
+               Ex:
+                 - "http://proxy.example.com:3128"
+                 - "https://proxy.example.com"
+                 - "http://username:password@proxy.example.com:3128"
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] public_access_cidrs: Indicates which CIDR blocks can access the Amazon EKS public API server endpoint.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] public_subnet_ids: The set of public subnets to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.
+               
+               If `vpcId` is not set, the cluster will use the AWS account's default VPC subnets.
+               
+               Worker network architecture options:
+                - Private-only: Only set `privateSubnetIds`.
+                  - Default workers to run in a private subnet. In this setting, Kubernetes cannot create public, internet-facing load balancers for your pods.
+                - Public-only: Only set `publicSubnetIds`.
+                  - Default workers to run in a public subnet.
+                - Mixed (recommended): Set both `privateSubnetIds` and `publicSubnetIds`.
+                  - Default all worker nodes to run in private subnets, and use the public subnets for internet-facing load balancers.
+               
+               See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.Note: The use of `subnetIds`, along with `publicSubnetIds` and/or `privateSubnetIds` is mutually exclusive. The use of `publicSubnetIds` and `privateSubnetIds` is encouraged.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['RoleMappingArgs', 'RoleMappingArgsDict']]]] role_mappings: Optional mappings from AWS IAM roles to Kubernetes users and groups. Only supported with authentication mode `CONFIG_MAP` or `API_AND_CONFIG_MAP`
+        :param pulumi.Input['pulumi_aws.iam.Role'] service_role: IAM Service Role for EKS to use to manage the cluster.
+        :param _builtins.bool skip_default_node_group: If this toggle is set to true, the EKS cluster will be created without node group attached. Defaults to false, unless `fargate` or `autoMode` is enabled.
+        :param _builtins.bool skip_default_security_groups: If this toggle is set to true, the EKS cluster will be created without the default node and cluster security groups. Defaults to false, unless `autoMode` is enabled.
+               
+               See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
+        :param Union[_builtins.str, Mapping[str, Union['StorageClassArgs', 'StorageClassArgsDict']]] storage_classes: An optional set of StorageClasses to enable for the cluster. If this is a single volume type rather than a map, a single StorageClass will be created for that volume type.
+               
+               Note: As of Kubernetes v1.11+ on EKS, a default `gp2` storage class will always be created automatically for the cluster by the EKS service. See https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] subnet_ids: The set of all subnets, public and private, to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.
+               
+               If `vpcId` is not set, the cluster will use the AWS account's default VPC subnets.
+               
+               If the list of subnets includes both public and private subnets, the worker nodes will only be attached to the private subnets, and the public subnets will be used for internet-facing load balancers.
+               
+               See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.
+               
+               Note: The use of `subnetIds`, along with `publicSubnetIds` and/or `privateSubnetIds` is mutually exclusive. The use of `publicSubnetIds` and `privateSubnetIds` is encouraged.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] tags: Key-value mapping of tags that are automatically applied to all AWS resources directly under management with this cluster, which support tagging.
+        :param pulumi.Input[pulumi.InputType['pulumi_aws.eks.ClusterUpgradePolicyArgs']] upgrade_policy: The cluster's upgrade policy. Valid support types are "STANDARD" and "EXTENDED". Defaults to "EXTENDED".
+        :param _builtins.bool use_default_vpc_cni: Use the default VPC CNI instead of creating a custom one. Should not be used in conjunction with `vpcCniOptions`.
+               Defaults to true, unless `autoMode` is enabled.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['UserMappingArgs', 'UserMappingArgsDict']]]] user_mappings: Optional mappings from AWS IAM users to Kubernetes users and groups. Only supported with authentication mode `CONFIG_MAP` or `API_AND_CONFIG_MAP`.
+        :param pulumi.Input[_builtins.str] version: Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
+        :param Union['VpcCniOptionsArgs', 'VpcCniOptionsArgsDict'] vpc_cni_options: The configuration of the Amazon VPC CNI plugin for this instance. Defaults are described in the documentation for the VpcCniOptions type.
+        :param pulumi.Input[_builtins.str] vpc_id: The VPC in which to create the cluster and its worker nodes. If unset, the cluster will be created in the default VPC.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: Optional[ClusterArgs] = None,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Cluster is a component that wraps the AWS and Kubernetes resources necessary to run an EKS cluster, its worker nodes, its optional StorageClasses, and an optional deployment of the Kubernetes Dashboard.
+
+        ## Example Usage
+
+        ### Provisioning a New EKS Cluster
+
+        <!--Start PulumiCodeChooser -->
+
+        ```python
+         import pulumi
+         import pulumi_eks as eks
+         
+         # Create an EKS cluster with the default configuration.
+         cluster = eks.Cluster("cluster")
+
+         # Export the cluster's kubeconfig.
+         pulumi.export("kubeconfig", cluster.kubeconfig)
+        ```
+        <!--End PulumiCodeChooser -->
+
+        :param str resource_name: The name of the resource.
+        :param ClusterArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(ClusterArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 access_entries: Optional[Mapping[str, Union['AccessEntryArgs', 'AccessEntryArgsDict']]] = None,
+                 authentication_mode: Optional['AuthenticationMode'] = None,
+                 auto_mode: Optional[Union['AutoModeOptionsArgs', 'AutoModeOptionsArgsDict']] = None,
+                 bootstrap_self_managed_addons: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cluster_security_group: Optional[pulumi.Input['pulumi_aws.ec2.SecurityGroup']] = None,
+                 cluster_security_group_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 cluster_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 coredns_addon_options: Optional[Union['CoreDnsAddonOptionsArgs', 'CoreDnsAddonOptionsArgsDict']] = None,
+                 create_instance_role: Optional[_builtins.bool] = None,
+                 create_oidc_provider: Optional[pulumi.Input[_builtins.bool]] = None,
+                 creation_role_provider: Optional[Union['CreationRoleProviderArgs', 'CreationRoleProviderArgsDict']] = None,
+                 deletion_protection: Optional[pulumi.Input[_builtins.bool]] = None,
+                 desired_capacity: Optional[pulumi.Input[_builtins.int]] = None,
+                 enable_config_map_mutable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enabled_cluster_log_types: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 encryption_config_key_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 endpoint_private_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 endpoint_public_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 fargate: Optional[pulumi.Input[Union[_builtins.bool, Union['FargateProfileArgs', 'FargateProfileArgsDict']]]] = None,
+                 gpu: Optional[pulumi.Input[_builtins.bool]] = None,
+                 instance_profile_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 instance_role: Optional[pulumi.Input['pulumi_aws.iam.Role']] = None,
+                 instance_roles: Optional[pulumi.Input[Sequence[pulumi.Input['pulumi_aws.iam.Role']]]] = None,
+                 instance_type: Optional[pulumi.Input[_builtins.str]] = None,
+                 ip_family: Optional[pulumi.Input[_builtins.str]] = None,
+                 kube_proxy_addon_options: Optional[Union['KubeProxyAddonOptionsArgs', 'KubeProxyAddonOptionsArgsDict']] = None,
+                 kubernetes_service_ip_address_range: Optional[pulumi.Input[_builtins.str]] = None,
+                 max_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_ami_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_associate_public_ip_address: Optional[_builtins.bool] = None,
+                 node_group_options: Optional[Union['ClusterNodeGroupOptionsArgs', 'ClusterNodeGroupOptionsArgsDict']] = None,
+                 node_public_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_root_volume_encrypted: Optional[pulumi.Input[_builtins.bool]] = None,
+                 node_root_volume_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 node_security_group_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 node_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 node_user_data: Optional[pulumi.Input[_builtins.str]] = None,
+                 private_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 provider_credential_opts: Optional[pulumi.Input[Union['KubeconfigOptionsArgs', 'KubeconfigOptionsArgsDict']]] = None,
+                 proxy: Optional[_builtins.str] = None,
+                 public_access_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 public_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 role_mappings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleMappingArgs', 'RoleMappingArgsDict']]]]] = None,
+                 service_role: Optional[pulumi.Input['pulumi_aws.iam.Role']] = None,
+                 skip_default_node_group: Optional[_builtins.bool] = None,
+                 skip_default_security_groups: Optional[_builtins.bool] = None,
+                 storage_classes: Optional[Union[_builtins.str, Mapping[str, Union['StorageClassArgs', 'StorageClassArgsDict']]]] = None,
+                 subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 upgrade_policy: Optional[pulumi.Input[pulumi.InputType['pulumi_aws.eks.ClusterUpgradePolicyArgs']]] = None,
+                 use_default_vpc_cni: Optional[_builtins.bool] = None,
+                 user_mappings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['UserMappingArgs', 'UserMappingArgsDict']]]]] = None,
+                 version: Optional[pulumi.Input[_builtins.str]] = None,
+                 vpc_cni_options: Optional[Union['VpcCniOptionsArgs', 'VpcCniOptionsArgsDict']] = None,
+                 vpc_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is not None:
+            raise ValueError('ComponentResource classes do not support opts.id')
+        else:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = ClusterArgs.__new__(ClusterArgs)
+
+            __props__.__dict__["access_entries"] = access_entries
+            __props__.__dict__["authentication_mode"] = authentication_mode
+            __props__.__dict__["auto_mode"] = auto_mode
+            __props__.__dict__["bootstrap_self_managed_addons"] = bootstrap_self_managed_addons
+            __props__.__dict__["cluster_security_group"] = cluster_security_group
+            __props__.__dict__["cluster_security_group_tags"] = cluster_security_group_tags
+            __props__.__dict__["cluster_tags"] = cluster_tags
+            __props__.__dict__["coredns_addon_options"] = coredns_addon_options
+            __props__.__dict__["create_instance_role"] = create_instance_role
+            __props__.__dict__["create_oidc_provider"] = create_oidc_provider
+            __props__.__dict__["creation_role_provider"] = creation_role_provider
+            __props__.__dict__["deletion_protection"] = deletion_protection
+            __props__.__dict__["desired_capacity"] = desired_capacity
+            __props__.__dict__["enable_config_map_mutable"] = enable_config_map_mutable
+            __props__.__dict__["enabled_cluster_log_types"] = enabled_cluster_log_types
+            __props__.__dict__["encryption_config_key_arn"] = encryption_config_key_arn
+            __props__.__dict__["endpoint_private_access"] = endpoint_private_access
+            __props__.__dict__["endpoint_public_access"] = endpoint_public_access
+            __props__.__dict__["fargate"] = fargate
+            __props__.__dict__["gpu"] = gpu
+            __props__.__dict__["instance_profile_name"] = instance_profile_name
+            __props__.__dict__["instance_role"] = instance_role
+            __props__.__dict__["instance_roles"] = instance_roles
+            __props__.__dict__["instance_type"] = instance_type
+            __props__.__dict__["ip_family"] = ip_family
+            __props__.__dict__["kube_proxy_addon_options"] = kube_proxy_addon_options
+            __props__.__dict__["kubernetes_service_ip_address_range"] = kubernetes_service_ip_address_range
+            __props__.__dict__["max_size"] = max_size
+            __props__.__dict__["min_size"] = min_size
+            __props__.__dict__["name"] = name
+            __props__.__dict__["node_ami_id"] = node_ami_id
+            __props__.__dict__["node_associate_public_ip_address"] = node_associate_public_ip_address
+            __props__.__dict__["node_group_options"] = node_group_options
+            __props__.__dict__["node_public_key"] = node_public_key
+            __props__.__dict__["node_root_volume_encrypted"] = node_root_volume_encrypted
+            __props__.__dict__["node_root_volume_size"] = node_root_volume_size
+            __props__.__dict__["node_security_group_tags"] = node_security_group_tags
+            __props__.__dict__["node_subnet_ids"] = node_subnet_ids
+            __props__.__dict__["node_user_data"] = node_user_data
+            __props__.__dict__["private_subnet_ids"] = private_subnet_ids
+            __props__.__dict__["provider_credential_opts"] = provider_credential_opts
+            __props__.__dict__["proxy"] = proxy
+            __props__.__dict__["public_access_cidrs"] = public_access_cidrs
+            __props__.__dict__["public_subnet_ids"] = public_subnet_ids
+            __props__.__dict__["role_mappings"] = role_mappings
+            __props__.__dict__["service_role"] = service_role
+            __props__.__dict__["skip_default_node_group"] = skip_default_node_group
+            __props__.__dict__["skip_default_security_groups"] = skip_default_security_groups
+            __props__.__dict__["storage_classes"] = storage_classes
+            __props__.__dict__["subnet_ids"] = subnet_ids
+            __props__.__dict__["tags"] = tags
+            __props__.__dict__["upgrade_policy"] = upgrade_policy
+            __props__.__dict__["use_default_vpc_cni"] = use_default_vpc_cni
+            __props__.__dict__["user_mappings"] = user_mappings
+            __props__.__dict__["version"] = version
+            __props__.__dict__["vpc_cni_options"] = vpc_cni_options
+            __props__.__dict__["vpc_id"] = vpc_id
+            __props__.__dict__["auto_mode_node_role_name"] = None
+            __props__.__dict__["aws_provider"] = None
+            __props__.__dict__["cluster_ingress_rule_id"] = None
+            __props__.__dict__["cluster_security_group_id"] = None
+            __props__.__dict__["core"] = None
+            __props__.__dict__["default_node_group"] = None
+            __props__.__dict__["default_node_group_asg_name"] = None
+            __props__.__dict__["eks_cluster"] = None
+            __props__.__dict__["eks_cluster_ingress_rule"] = None
+            __props__.__dict__["fargate_profile_id"] = None
+            __props__.__dict__["fargate_profile_status"] = None
+            __props__.__dict__["kubeconfig"] = None
+            __props__.__dict__["kubeconfig_json"] = None
+            __props__.__dict__["node_security_group"] = None
+            __props__.__dict__["node_security_group_id"] = None
+            __props__.__dict__["oidc_issuer"] = None
+            __props__.__dict__["oidc_provider_arn"] = None
+            __props__.__dict__["oidc_provider_url"] = None
+        super(Cluster, __self__).__init__(
+            'eks:index:Cluster',
+            resource_name,
+            __props__,
+            opts,
+            remote=True)
+
+    @_builtins.property
+    @pulumi.getter(name="autoModeNodeRoleName")
+    def auto_mode_node_role_name(self) -> pulumi.Output[_builtins.str]:
+        """
+        The name of the IAM role created for nodes managed by EKS Auto Mode. Defaults to an empty string.
+        """
+        return pulumi.get(self, "auto_mode_node_role_name")
+
+    @_builtins.property
+    @pulumi.getter(name="awsProvider")
+    def aws_provider(self) -> pulumi.Output['pulumi_aws.Provider']:
+        """
+        The AWS resource provider.
+        """
+        return pulumi.get(self, "aws_provider")
+
+    @_builtins.property
+    @pulumi.getter(name="clusterIngressRuleId")
+    def cluster_ingress_rule_id(self) -> pulumi.Output[_builtins.str]:
+        """
+        The ID of the security group rule that gives node group access to the cluster API server. Defaults to an empty string if `skipDefaultSecurityGroups` is set to true.
+        """
+        return pulumi.get(self, "cluster_ingress_rule_id")
+
+    @_builtins.property
+    @pulumi.getter(name="clusterSecurityGroup")
+    def cluster_security_group(self) -> pulumi.Output[Optional['pulumi_aws.ec2.SecurityGroup']]:
+        """
+        The security group for the EKS cluster.
+        """
+        return pulumi.get(self, "cluster_security_group")
+
+    @_builtins.property
+    @pulumi.getter(name="clusterSecurityGroupId")
+    def cluster_security_group_id(self) -> pulumi.Output[_builtins.str]:
+        """
+        The cluster security group ID of the EKS cluster. Returns the EKS created security group if `skipDefaultSecurityGroups` is set to true.
+        """
+        return pulumi.get(self, "cluster_security_group_id")
+
+    @_builtins.property
+    @pulumi.getter
+    def core(self) -> pulumi.Output['outputs.CoreData']:
+        """
+        The EKS cluster and its dependencies.
+        """
+        return pulumi.get(self, "core")
+
+    @_builtins.property
+    @pulumi.getter(name="defaultNodeGroup")
+    def default_node_group(self) -> pulumi.Output[Optional['outputs.NodeGroupData']]:
+        """
+        The default Node Group configuration, or undefined if `skipDefaultNodeGroup` was specified.
+        """
+        return pulumi.get(self, "default_node_group")
+
+    @_builtins.property
+    @pulumi.getter(name="defaultNodeGroupAsgName")
+    def default_node_group_asg_name(self) -> pulumi.Output[_builtins.str]:
+        """
+        The name of the default node group's AutoScaling Group. Defaults to an empty string if `skipDefaultNodeGroup` is set to true.
+        """
+        return pulumi.get(self, "default_node_group_asg_name")
+
+    @_builtins.property
+    @pulumi.getter(name="eksCluster")
+    def eks_cluster(self) -> pulumi.Output['pulumi_aws.eks.Cluster']:
+        """
+        The EKS cluster.
+        """
+        return pulumi.get(self, "eks_cluster")
+
+    @_builtins.property
+    @pulumi.getter(name="eksClusterIngressRule")
+    def eks_cluster_ingress_rule(self) -> pulumi.Output[Optional['pulumi_aws.ec2.SecurityGroupRule']]:
+        """
+        The ingress rule that gives node group access to cluster API server.
+        """
+        return pulumi.get(self, "eks_cluster_ingress_rule")
+
+    @_builtins.property
+    @pulumi.getter(name="fargateProfileId")
+    def fargate_profile_id(self) -> pulumi.Output[_builtins.str]:
+        """
+        The ID of the Fargate Profile. Defaults to an empty string if no Fargate profile is configured.
+        """
+        return pulumi.get(self, "fargate_profile_id")
+
+    @_builtins.property
+    @pulumi.getter(name="fargateProfileStatus")
+    def fargate_profile_status(self) -> pulumi.Output[_builtins.str]:
+        """
+        The status of the Fargate Profile. Defaults to an empty string if no Fargate profile is configured.
+        """
+        return pulumi.get(self, "fargate_profile_status")
+
+    @_builtins.property
+    @pulumi.getter(name="instanceRoles")
+    def instance_roles(self) -> pulumi.Output[Sequence['pulumi_aws.iam.Role']]:
+        """
+        The service roles used by the EKS cluster. Only supported with authentication mode `CONFIG_MAP` or `API_AND_CONFIG_MAP`.
+        """
+        return pulumi.get(self, "instance_roles")
+
+    @_builtins.property
+    @pulumi.getter
+    def kubeconfig(self) -> pulumi.Output[Any]:
+        """
+        A kubeconfig that can be used to connect to the EKS cluster.
+        """
+        return pulumi.get(self, "kubeconfig")
+
+    @_builtins.property
+    @pulumi.getter(name="kubeconfigJson")
+    def kubeconfig_json(self) -> pulumi.Output[_builtins.str]:
+        """
+        A kubeconfig that can be used to connect to the EKS cluster as a JSON string.
+        """
+        return pulumi.get(self, "kubeconfig_json")
+
+    @_builtins.property
+    @pulumi.getter(name="nodeSecurityGroup")
+    def node_security_group(self) -> pulumi.Output[Optional['pulumi_aws.ec2.SecurityGroup']]:
+        """
+        The security group for the cluster's nodes.
+        """
+        return pulumi.get(self, "node_security_group")
+
+    @_builtins.property
+    @pulumi.getter(name="nodeSecurityGroupId")
+    def node_security_group_id(self) -> pulumi.Output[_builtins.str]:
+        """
+        The node security group ID of the EKS cluster. Returns the EKS created security group if `skipDefaultSecurityGroups` is set to true.
+        """
+        return pulumi.get(self, "node_security_group_id")
+
+    @_builtins.property
+    @pulumi.getter(name="oidcIssuer")
+    def oidc_issuer(self) -> pulumi.Output[_builtins.str]:
+        """
+        The OIDC Issuer of the EKS cluster (OIDC Provider URL without leading `https://`).
+
+        This value can be used to associate kubernetes service accounts with IAM roles. For more information, see https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html.
+        """
+        return pulumi.get(self, "oidc_issuer")
+
+    @_builtins.property
+    @pulumi.getter(name="oidcProviderArn")
+    def oidc_provider_arn(self) -> pulumi.Output[_builtins.str]:
+        """
+        The ARN of the IAM OpenID Connect Provider for the EKS cluster. Defaults to an empty string if no OIDC provider is configured.
+        """
+        return pulumi.get(self, "oidc_provider_arn")
+
+    @_builtins.property
+    @pulumi.getter(name="oidcProviderUrl")
+    def oidc_provider_url(self) -> pulumi.Output[_builtins.str]:
+        """
+        Issuer URL for the OpenID Connect identity provider of the EKS cluster.
+        """
+        return pulumi.get(self, "oidc_provider_url")
+
+    @pulumi.output_type
+    class GetKubeconfigResult:
+        def __init__(__self__, result=None):
+            if result and not isinstance(result, str):
+                raise TypeError("Expected argument 'result' to be a str")
+            pulumi.set(__self__, "result", result)
+
+        @_builtins.property
+        @pulumi.getter
+        def result(self) -> _builtins.str:
+            """
+            The kubeconfig for the cluster.
+            """
+            return pulumi.get(self, "result")
+
+    def get_kubeconfig(__self__, *,
+                       profile_name: Optional[pulumi.Input[_builtins.str]] = None,
+                       role_arn: Optional[pulumi.Input[_builtins.str]] = None) -> pulumi.Output['str']:
+        """
+        Generate a kubeconfig for cluster authentication that does not use the default AWS credential provider chain, and instead is scoped to the supported options in `KubeconfigOptions`.
+
+        The kubeconfig generated is automatically stringified for ease of use with the pulumi/kubernetes provider.
+
+        See for more details:
+        - https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
+        - https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html
+        - https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
+
+
+        :param pulumi.Input[_builtins.str] profile_name: AWS credential profile name to always use instead of the default AWS credential provider chain.
+               
+               The profile is passed to kubeconfig as an authentication environment setting.
+        :param pulumi.Input[_builtins.str] role_arn: Role ARN to assume instead of the default AWS credential provider chain.
+               
+               The role is passed to kubeconfig as an authentication exec argument.
+        """
+        __args__ = dict()
+        __args__['__self__'] = __self__
+        __args__['profileName'] = profile_name
+        __args__['roleArn'] = role_arn
+        __result__ = pulumi.runtime.call('eks:index:Cluster/getKubeconfig', __args__, res=__self__, typ=Cluster.GetKubeconfigResult)
+        return __result__.result
+