From 1faf31d1ec7ffec4c6323a050126b0b054094c63 Mon Sep 17 00:00:00 2001 From: Eli Polonsky Date: Mon, 22 Nov 2021 17:19:07 +0200 Subject: [PATCH] feat(eks): ALB Controller (#17618) Add support for deploying the [AWS ALB Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/) onto the cluster. Resolves https://github.com/aws/aws-cdk/issues/8836 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-eks/README.md | 75 +- .../lib/addons/alb-iam_policy-v2.0.0.json | 184 + .../lib/addons/alb-iam_policy-v2.0.1.json | 191 + .../lib/addons/alb-iam_policy-v2.1.0.json | 191 + .../lib/addons/alb-iam_policy-v2.1.1.json | 191 + .../lib/addons/alb-iam_policy-v2.1.2.json | 193 + .../lib/addons/alb-iam_policy-v2.1.3.json | 193 + .../lib/addons/alb-iam_policy-v2.2.0.json | 207 + .../lib/addons/alb-iam_policy-v2.2.1.json | 207 + .../lib/addons/alb-iam_policy-v2.2.2.json | 207 + .../lib/addons/alb-iam_policy-v2.2.3.json | 207 + .../lib/addons/alb-iam_policy-v2.2.4.json | 207 + .../lib/addons/alb-iam_policy-v2.3.0.json | 217 + .../@aws-cdk/aws-eks/lib/alb-controller.ts | 247 + packages/@aws-cdk/aws-eks/lib/cluster.ts | 67 +- packages/@aws-cdk/aws-eks/lib/index.ts | 1 + packages/@aws-cdk/aws-eks/lib/k8s-manifest.ts | 47 + .../@aws-cdk/aws-eks/lib/managed-nodegroup.ts | 5 + packages/@aws-cdk/aws-eks/package.json | 4 +- .../__snapshots__/alb-controller.test.js.snap | 4465 +++++++++++++++++ .../aws-eks/test/alb-controller.test.ts | 78 + .../@aws-cdk/aws-eks/test/cluster.test.ts | 16 + .../test/integ.alb-controller.expected.json | 2351 +++++++++ .../aws-eks/test/integ.alb-controller.ts | 62 + .../test/integ.eks-cluster.expected.json | 1035 +--- .../aws-eks/test/integ.eks-cluster.ts | 75 +- .../test/integ.eks-inference.expected.json | 2424 +++++++++ .../aws-eks/test/integ.eks-inference.ts | 32 + yarn.lock | 66 +- 29 files changed, 12400 insertions(+), 1045 deletions(-) create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.0.0.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.0.1.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.0.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.1.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.2.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.3.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.0.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.1.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.2.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.3.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.4.json create mode 100644 packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.3.0.json create mode 100644 packages/@aws-cdk/aws-eks/lib/alb-controller.ts create mode 100644 packages/@aws-cdk/aws-eks/test/__snapshots__/alb-controller.test.js.snap create mode 100644 packages/@aws-cdk/aws-eks/test/alb-controller.test.ts create mode 100644 packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json create mode 100644 packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts create mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json create mode 100644 packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts diff --git a/packages/@aws-cdk/aws-eks/README.md b/packages/@aws-cdk/aws-eks/README.md index ee082134b51f0..01d4a9490252d 100644 --- a/packages/@aws-cdk/aws-eks/README.md +++ b/packages/@aws-cdk/aws-eks/README.md @@ -24,6 +24,7 @@ In addition, the library also supports defining Kubernetes resource manifests wi * [Fargate Profiles](#fargate-profiles) * [Self-managed nodes](#self-managed-nodes) * [Endpoint Access](#endpoint-access) + * [ALB Controller](#alb-controller) * [VPC Support](#vpc-support) * [Kubectl Support](#kubectl-support) * [ARM64 Support](#arm64-support) @@ -521,6 +522,51 @@ const cluster = new eks.Cluster(this, 'hello-eks', { The default value is `eks.EndpointAccess.PUBLIC_AND_PRIVATE`. Which means the cluster endpoint is accessible from outside of your VPC, but worker node traffic and `kubectl` commands issued by this library stay within your VPC. +### Alb Controller + +Some Kubernetes resources are commonly implemented on AWS with the help of the [ALB Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/). + +From the docs: + +> AWS Load Balancer Controller is a controller to help manage Elastic Load Balancers for a Kubernetes cluster. +> +> * It satisfies Kubernetes Ingress resources by provisioning Application Load Balancers. +> * It satisfies Kubernetes Service resources by provisioning Network Load Balancers. + +To deploy the controller on your EKS cluster, configure the `albController` property: + +```ts +new eks.Cluster(this, 'HelloEKS', { + version: eks.KubernetesVersion.V1_21, + albController: { + version: eks.AlbControllerVersion.V2_3_0, + }, +}); +``` + +Querying the controller pods should look something like this: + +```console +❯ kubectl get pods -n kube-system +NAME READY STATUS RESTARTS AGE +aws-load-balancer-controller-76bd6c7586-d929p 1/1 Running 0 109m +aws-load-balancer-controller-76bd6c7586-fqxph 1/1 Running 0 109m +... +... +``` + +Every Kubernetes manifest that utilizes the ALB Controller is effectively dependant on the controller. +If the controller is deleted before the manifest, it might result in dangling ELB/ALB resources. +Currently, the EKS construct library does not detect such dependencies, and they should be done explicitly. + +For example: + +```ts +declare const cluster: eks.Cluster; +const manifest = cluster.addManifest('manifest', {/* ... */}); +manifest.node.addDependency(cluster.albController ?? []) +``` + ### VPC Support You can specify the VPC of the cluster using the `vpc` and `vpcSubnets` properties: @@ -565,7 +611,7 @@ Breaking this down, it means that if the endpoint exposes private access (via `E If the endpoint does not expose private access (via `EndpointAccess.PUBLIC`) **or** the VPC does not contain private subnets, the function will not be provisioned within the VPC. -If your use-case requires control over the IAM role that the KubeCtl Handler assumes, a custom role can be passed through the ClusterProps (as `kubectlLambdaRole`) of the EKS Cluster construct. +If your use-case requires control over the IAM role that the KubeCtl Handler assumes, a custom role can be passed through the ClusterProps (as `kubectlLambdaRole`) of the EKS Cluster construct. #### Cluster Handler @@ -660,7 +706,7 @@ By default, the kubectl provider is configured with 1024MiB of memory. You can u ```ts new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4), - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_21, }); // or @@ -931,6 +977,18 @@ new eks.KubernetesManifest(this, 'hello-kub', { cluster.addManifest('hello-kub', service, deployment); ``` +#### ALB Controller Integration + +The `KubernetesManifest` construct can detect ingress resources inside your manifest and automatically add the necessary annotations +so they are picked up by the ALB Controller. + +> See [Alb Controller](#alb-controller) + +To that end, it offers the following properties: + +* `ingressAlb` - Signal that the ingress detection should be done. +* `ingressAlbScheme` - Which ALB scheme should be applied. Defaults to `internal`. + #### Adding resources from a URL The following example will deploy the resource manifest hosting on remote server: @@ -1094,13 +1152,16 @@ To get started, add the following dependencies to your `package.json` file: ```json "dependencies": { - "cdk8s": "0.30.0", - "cdk8s-plus": "0.30.0", - "constructs": "3.0.4" + "cdk8s": "^1.0.0", + "cdk8s-plus-21": "^1.0.0-beta.38", + "constructs": "^3.3.69" } ``` -> Note that the version of `cdk8s` must be `>=0.30.0`. +Note that here we are using `cdk8s-plus-21` as we are targeting Kubernetes version 1.21.0. If you operate a different kubernetes version, you should +use the corresponding `cdk8s-plus-XX` library. +See [Select the appropriate cdk8s+ library](https://cdk8s.io/docs/latest/plus/#i-operate-kubernetes-version-1xx-which-cdk8s-library-should-i-be-using) +for more details. Similarly to how you would create a stack by extending `@aws-cdk/core.Stack`, we recommend you create a chart of your own that extends `cdk8s.Chart`, and add your kubernetes resources to it. You can use `aws-cdk` construct attributes and properties inside your `cdk8s` construct freely. @@ -1116,7 +1177,7 @@ For this reason, to avoid possible confusion, we will create the chart in a sepa import * as s3 from '@aws-cdk/aws-s3'; import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; -import * as kplus from 'cdk8s-plus'; +import * as kplus from 'cdk8s-plus-21'; export interface MyChartProps { readonly bucket: s3.Bucket; diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.0.0.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.0.0.json new file mode 100644 index 0000000000000..917ebd5315085 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.0.0.json @@ -0,0 +1,184 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.0.1.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.0.1.json new file mode 100644 index 0000000000000..d981ab24420ea --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.0.1.json @@ -0,0 +1,191 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.0.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.0.json new file mode 100644 index 0000000000000..d981ab24420ea --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.0.json @@ -0,0 +1,191 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.1.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.1.json new file mode 100644 index 0000000000000..d981ab24420ea --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.1.json @@ -0,0 +1,191 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.2.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.2.json new file mode 100644 index 0000000000000..a73a018ed193f --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.2.json @@ -0,0 +1,193 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.3.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.3.json new file mode 100644 index 0000000000000..a73a018ed193f --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.1.3.json @@ -0,0 +1,193 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.0.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.0.json new file mode 100644 index 0000000000000..c11ff943863a0 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.0.json @@ -0,0 +1,207 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.1.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.1.json new file mode 100644 index 0000000000000..c11ff943863a0 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.1.json @@ -0,0 +1,207 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.2.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.2.json new file mode 100644 index 0000000000000..c11ff943863a0 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.2.json @@ -0,0 +1,207 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.3.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.3.json new file mode 100644 index 0000000000000..c11ff943863a0 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.3.json @@ -0,0 +1,207 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.4.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.4.json new file mode 100644 index 0000000000000..c11ff943863a0 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.2.4.json @@ -0,0 +1,207 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} diff --git a/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.3.0.json b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.3.0.json new file mode 100644 index 0000000000000..4e6e4dee8988f --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.3.0.json @@ -0,0 +1,217 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "iam:CreateServiceLinkedRole", + "Resource": "*", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] +} diff --git a/packages/@aws-cdk/aws-eks/lib/alb-controller.ts b/packages/@aws-cdk/aws-eks/lib/alb-controller.ts new file mode 100644 index 0000000000000..d9ca24c0d1d56 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/lib/alb-controller.ts @@ -0,0 +1,247 @@ +import * as fs from 'fs'; +import * as path from 'path'; +import * as iam from '@aws-cdk/aws-iam'; +import { Construct } from 'constructs'; +import { Cluster } from './cluster'; +import { HelmChart } from './helm-chart'; +import { ServiceAccount } from './service-account'; + +// v2 - keep this import as a separate section to reduce merge conflict when forward merging with the v2 branch. +// eslint-disable-next-line +import { Construct as CoreConstruct, Duration, Names, Stack } from '@aws-cdk/core'; + +/** + * Controller version. + * + * Corresponds to the image tag of 'amazon/aws-load-balancer-controller' image. + */ +export class AlbControllerVersion { + + /** + * v2.0.0 + */ + public static readonly V2_0_0 = new AlbControllerVersion('v2.0.0', false); + + /** + * v2.0.1 + */ + public static readonly V2_0_1 = new AlbControllerVersion('v2.0.1', false); + + /** + * v2.1.0 + */ + public static readonly V2_1_0 = new AlbControllerVersion('v2.1.0', false); + + /** + * v2.1.1 + */ + public static readonly V2_1_1 = new AlbControllerVersion('v2.1.1', false); + + /** + * v2.1.2 + */ + public static readonly V2_1_2 = new AlbControllerVersion('v2.1.2', false); + + /** + * v2.1.3 + */ + public static readonly V2_1_3 = new AlbControllerVersion('v2.1.3', false); + + /** + * v2.0.0 + */ + public static readonly V2_2_0 = new AlbControllerVersion('v2.2.0', false); + + /** + * v2.2.1 + */ + public static readonly V2_2_1 = new AlbControllerVersion('v2.2.1', false); + + /** + * v2.2.2 + */ + public static readonly V2_2_2 = new AlbControllerVersion('v2.2.2', false); + + /** + * v2.2.3 + */ + public static readonly V2_2_3 = new AlbControllerVersion('v2.2.3', false); + + /** + * v2.2.4 + */ + public static readonly V2_2_4 = new AlbControllerVersion('v2.2.4', false); + + /** + * v2.3.0 + */ + public static readonly V2_3_0 = new AlbControllerVersion('v2.3.0', false); + + /** + * Specify a custom version. + * Use this if the version you need is not available in one of the predefined versions. + * Note that in this case, you will also need to provide an IAM policy in the controller options. + * + * @param version The version number. + */ + public static of(version: string) { + return new AlbControllerVersion(version, true); + } + + private constructor( + /** + * The version string. + */ + public readonly version: string, + /** + * Whether or not its a custom version. + */ + public readonly custom: boolean) {} +} + +/** + * ALB Scheme. + * + * @see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/guide/ingress/annotations/#scheme + */ +export enum AlbScheme { + + /** + * The nodes of an internal load balancer have only private IP addresses. + * The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. + * Therefore, internal load balancers can only route requests from clients with access to the VPC for the load balancer. + */ + INTERNAL = 'internal', + + /** + * An internet-facing load balancer has a publicly resolvable DNS name, so it can route requests from clients over the internet + * to the EC2 instances that are registered with the load balancer. + */ + INTERNET_FACING = 'internet-facing' +} + +/** + * Options for `AlbController`. + */ +export interface AlbControllerOptions { + + /** + * Version of the controller. + */ + readonly version: AlbControllerVersion; + + /** + * The repository to pull the controller image from. + * + * Note that the default repository works for most regions, but not all. + * If the repository is not applicable to your region, use a custom repository + * according to the information here: https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases. + * + * @default '602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller' + */ + readonly repository?: string; + + /** + * The IAM policy to apply to the service account. + * + * If you're using one of the built-in versions, this is not required since + * CDK ships with the appropriate policies for those versions. + * + * However, if you are using a custom version, this is required (and validated). + * + * @default - Corresponds to the predefined version. + */ + readonly policy?: any; + +} + +/** + * Properties for `AlbController`. + */ +export interface AlbControllerProps extends AlbControllerOptions { + + /** + * [disable-awslint:ref-via-interface] + * Cluster to install the controller onto. + */ + readonly cluster: Cluster; +} + +/** + * Construct for installing the AWS ALB Contoller on EKS clusters. + * + * Use the factory functions `get` and `getOrCreate` to obtain/create instances of this controller. + * + * @see https://kubernetes-sigs.github.io/aws-load-balancer-controller + * + */ +export class AlbController extends CoreConstruct { + + /** + * Create the controller construct associated with this cluster and scope. + * + * Singleton per stack/cluster. + */ + public static create(scope: Construct, props: AlbControllerProps) { + const stack = Stack.of(scope); + const uid = AlbController.uid(props.cluster); + return new AlbController(stack, uid, props); + } + + private static uid(cluster: Cluster) { + return `${Names.nodeUniqueId(cluster.node)}-AlbController`; + } + + public constructor(scope: Construct, id: string, props: AlbControllerProps) { + super(scope, id); + + const namespace = 'kube-system'; + const serviceAccount = new ServiceAccount(this, 'alb-sa', { namespace, name: 'aws-load-balancer-controller', cluster: props.cluster }); + + if (props.version.custom && !props.policy) { + throw new Error("'albControllerOptions.policy' is required when using a custom controller version"); + } + + // https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/#iam-permissions + const policy: any = props.policy ?? JSON.parse(fs.readFileSync(path.join(__dirname, 'addons', `alb-iam_policy-${props.version.version}.json`), 'utf8')); + + for (const statement of policy.Statement) { + serviceAccount.addToPrincipalPolicy(iam.PolicyStatement.fromJson(statement)); + } + + // https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/#add-controller-to-cluster + const chart = new HelmChart(this, 'Resource', { + cluster: props.cluster, + chart: 'aws-load-balancer-controller', + repository: 'https://aws.github.io/eks-charts', + namespace, + release: 'aws-load-balancer-controller', + + // latest at the time of writing. We intentionally don't + // want to expose this since helm here is just an implementation detail + // for installing a specific version of the controller itself. + // https://github.com/aws/eks-charts/blob/v0.0.65/stable/aws-load-balancer-controller/Chart.yaml + version: '1.2.7', + + wait: true, + timeout: Duration.minutes(15), + values: { + clusterName: props.cluster.clusterName, + serviceAccount: { + create: false, + name: serviceAccount.serviceAccountName, + }, + region: Stack.of(this).region, + vpcId: props.cluster.vpc.vpcId, + repository: props.repository ?? '602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller', + tag: props.version.version, + }, + }); + + // the controller relies on permissions deployed using these resources. + chart.node.addDependency(serviceAccount); + chart.node.addDependency(props.cluster.openIdConnectProvider); + chart.node.addDependency(props.cluster.awsAuth); + } + +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/lib/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster.ts index 7aa18e7aa5fce..5489fa9fb8249 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster.ts @@ -9,12 +9,13 @@ import * as ssm from '@aws-cdk/aws-ssm'; import { Annotations, CfnOutput, CfnResource, IResource, Resource, Stack, Tags, Token, Duration, Size } from '@aws-cdk/core'; import { Construct, Node } from 'constructs'; import * as YAML from 'yaml'; +import { AlbController, AlbControllerOptions } from './alb-controller'; import { AwsAuth } from './aws-auth'; import { ClusterResource, clusterArnComponents } from './cluster-resource'; import { FargateProfile, FargateProfileOptions } from './fargate-profile'; import { HelmChart, HelmChartOptions } from './helm-chart'; import { INSTANCE_TYPES } from './instance-types'; -import { KubernetesManifest } from './k8s-manifest'; +import { KubernetesManifest, KubernetesManifestOptions } from './k8s-manifest'; import { KubernetesObjectValue } from './k8s-object-value'; import { KubernetesPatch } from './k8s-patch'; import { KubectlProvider } from './kubectl-provider'; @@ -199,7 +200,7 @@ export interface ICluster extends IResource, ec2.IConnectable { * @param chart the cdk8s chart. * @returns a `KubernetesManifest` construct representing the chart. */ - addCdk8sChart(id: string, chart: Construct): KubernetesManifest; + addCdk8sChart(id: string, chart: Construct, options?: KubernetesManifestOptions): KubernetesManifest; /** * Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. @@ -592,6 +593,15 @@ export interface ClusterOptions extends CommonClusterOptions { * @see https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr */ readonly serviceIpv4Cidr?: string; + + /** + * Install the AWS Load Balancer Controller onto the cluster. + * + * @see https://kubernetes-sigs.github.io/aws-load-balancer-controller + * + * @default - The controller is not installed. + */ + readonly albController?: AlbControllerOptions; } /** @@ -846,7 +856,7 @@ abstract class ClusterBase extends Resource implements ICluster { * @param chart the cdk8s chart. * @returns a `KubernetesManifest` construct representing the chart. */ - public addCdk8sChart(id: string, chart: Construct): KubernetesManifest { + public addCdk8sChart(id: string, chart: Construct, options: KubernetesManifestOptions = {}): KubernetesManifest { const cdk8sChart = chart as any; @@ -855,7 +865,13 @@ abstract class ClusterBase extends Resource implements ICluster { throw new Error(`Invalid cdk8s chart. Must contain a 'toJson' method, but found ${typeof cdk8sChart.toJson}`); } - return this.addManifest(id, ...cdk8sChart.toJson()); + const manifest = new KubernetesManifest(this, id, { + cluster: this, + manifest: cdk8sChart.toJson(), + ...options, + }); + + return manifest; } public addServiceAccount(id: string, options: ServiceAccountOptions = {}): ServiceAccount { @@ -981,6 +997,12 @@ abstract class ClusterBase extends Resource implements ICluster { if (autoScalingGroup.spotPrice && addSpotInterruptHandler) { this.addSpotInterruptHandler(); } + + if (this instanceof Cluster) { + // the controller runs on the worker nodes so they cannot + // be deleted before the controller. + this.albController?.node.addDependency(autoScalingGroup); + } } } @@ -1005,6 +1027,11 @@ export interface ServiceLoadBalancerAddressOptions { } +/** + * Options for fetching an IngressLoadBalancerAddress. + */ +export interface IngressLoadBalancerAddressOptions extends ServiceLoadBalancerAddressOptions {}; + /** * A Cluster represents a managed Kubernetes Service (EKS) * @@ -1185,6 +1212,12 @@ export class Cluster extends ClusterBase { */ public readonly prune: boolean; + /** + * The ALB Controller construct defined for this cluster. + * Will be undefined if `albController` wasn't configured. + */ + public readonly albController?: AlbController; + /** * If this cluster is kubectl-enabled, returns the `ClusterResource` object * that manages it. If this cluster is not kubectl-enabled (i.e. uses the @@ -1407,6 +1440,10 @@ export class Cluster extends ClusterBase { commonCommandOptions.push(`--role-arn ${mastersRole.roleArn}`); + if (props.albController) { + this.albController = AlbController.create(this, { ...props.albController, cluster: this }); + } + // allocate default capacity if non-zero (or default). const minCapacity = props.defaultCapacity ?? DEFAULT_CAPACITY_COUNT; if (minCapacity > 0) { @@ -1426,6 +1463,7 @@ export class Cluster extends ClusterBase { } this.defineCoreDnsComputeType(props.coreDnsComputeType ?? CoreDnsComputeType.EC2); + } /** @@ -1449,6 +1487,27 @@ export class Cluster extends ClusterBase { } + /** + * Fetch the load balancer address of an ingress backed by a load balancer. + * + * @param ingressName The name of the ingress. + * @param options Additional operation options. + */ + public getIngressLoadBalancerAddress(ingressName: string, options: IngressLoadBalancerAddressOptions = {}): string { + + const loadBalancerAddress = new KubernetesObjectValue(this, `${ingressName}LoadBalancerAddress`, { + cluster: this, + objectType: 'ingress', + objectName: ingressName, + objectNamespace: options.namespace, + jsonPath: '.status.loadBalancer.ingress[0].hostname', + timeout: options.timeout, + }); + + return loadBalancerAddress.value; + + } + /** * Add nodes to this EKS cluster * diff --git a/packages/@aws-cdk/aws-eks/lib/index.ts b/packages/@aws-cdk/aws-eks/lib/index.ts index 454242cf5259f..286662f7581d5 100644 --- a/packages/@aws-cdk/aws-eks/lib/index.ts +++ b/packages/@aws-cdk/aws-eks/lib/index.ts @@ -11,3 +11,4 @@ export * from './fargate-cluster'; export * from './service-account'; export * from './managed-nodegroup'; export * from './oidc-provider'; +export * from './alb-controller'; diff --git a/packages/@aws-cdk/aws-eks/lib/k8s-manifest.ts b/packages/@aws-cdk/aws-eks/lib/k8s-manifest.ts index 205c28a9ee647..2afae6d6990c2 100644 --- a/packages/@aws-cdk/aws-eks/lib/k8s-manifest.ts +++ b/packages/@aws-cdk/aws-eks/lib/k8s-manifest.ts @@ -1,5 +1,6 @@ import { CustomResource, Stack } from '@aws-cdk/core'; import { Construct, Node } from 'constructs'; +import { AlbScheme } from './alb-controller'; import { ICluster } from './cluster'; import { KubectlProvider } from './kubectl-provider'; @@ -44,6 +45,23 @@ export interface KubernetesManifestOptions { * @default false */ readonly skipValidation?: boolean; + + /** + * Automatically detect `Ingress` resources in the manifest and annotate them so they + * are picked up by an ALB Ingress Controller. + * + * @default false + */ + readonly ingressAlb?: boolean; + + /** + * Specify the ALB scheme that should be applied to `Ingress` resources. + * Only applicable if `ingressAlb` is set to `true`. + * + * @default AlbScheme.INTERNAL + */ + readonly ingressAlbScheme?: AlbScheme; + } /** @@ -117,6 +135,10 @@ export class KubernetesManifest extends CoreConstruct { ? this.injectPruneLabel(props.manifest) : undefined; + if (props.ingressAlb ?? false) { + this.injectIngressAlbAnnotations(props.manifest, props.ingressAlbScheme ?? AlbScheme.INTERNAL); + } + new CustomResource(this, 'Resource', { serviceToken: provider.serviceToken, resourceType: KubernetesManifest.RESOURCE_TYPE, @@ -167,4 +189,29 @@ export class KubernetesManifest extends CoreConstruct { return pruneLabel; } + + /** + * Inject the necessary ingress annontations if possible (and requested). + * + * @see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/ + */ + private injectIngressAlbAnnotations(manifest: Record[], scheme: AlbScheme) { + + for (const resource of manifest) { + + // skip resource if it's not an object or if it does not have a "kind" + if (typeof(resource) !== 'object' || !resource.kind) { + continue; + } + + if (resource.kind === 'Ingress') { + resource.metadata.annotations = { + 'kubernetes.io/ingress.class': 'alb', + 'alb.ingress.kubernetes.io/scheme': scheme, + ...resource.metadata.annotations, + }; + } + } + + } } diff --git a/packages/@aws-cdk/aws-eks/lib/managed-nodegroup.ts b/packages/@aws-cdk/aws-eks/lib/managed-nodegroup.ts index ec91d54abb610..a6017175cd681 100644 --- a/packages/@aws-cdk/aws-eks/lib/managed-nodegroup.ts +++ b/packages/@aws-cdk/aws-eks/lib/managed-nodegroup.ts @@ -427,6 +427,11 @@ export class Nodegroup extends Resource implements INodegroup { 'system:nodes', ], }); + + // the controller runs on the worker nodes so they cannot + // be deleted before the controller. + this.cluster.albController?.node.addDependency(this); + } this.nodegroupArn = this.getResourceArnAttribute(resource.attrArn, { diff --git a/packages/@aws-cdk/aws-eks/package.json b/packages/@aws-cdk/aws-eks/package.json index 48d5dad161a32..1eae2b3fbb4d0 100644 --- a/packages/@aws-cdk/aws-eks/package.json +++ b/packages/@aws-cdk/aws-eks/package.json @@ -89,8 +89,8 @@ "@types/sinon": "^9.0.11", "@types/yaml": "1.9.6", "aws-sdk": "^2.848.0", - "cdk8s": "^0.33.0", - "cdk8s-plus": "^0.33.0", + "cdk8s": "^1.0.0", + "cdk8s-plus-21": "^1.0.0-beta.38", "jest": "^27.3.1", "sinon": "^9.2.4" }, diff --git a/packages/@aws-cdk/aws-eks/test/__snapshots__/alb-controller.test.js.snap b/packages/@aws-cdk/aws-eks/test/__snapshots__/alb-controller.test.js.snap new file mode 100644 index 0000000000000..9bb17465d983f --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/__snapshots__/alb-controller.test.js.snap @@ -0,0 +1,4465 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`can configure a custom repository 1`] = ` +Object { + "Outputs": Object { + "ClusterConfigCommand43AAE40F": Object { + "Value": Object { + "Fn::Join": Array [ + "", + Array [ + "aws eks update-kubeconfig --name ", + Object { + "Ref": "Cluster9EE0221C", + }, + " --region us-east-1 --role-arn ", + Object { + "Fn::GetAtt": Array [ + "ClusterMastersRole9AA35625", + "Arn", + ], + }, + ], + ], + }, + }, + "ClusterGetTokenCommand06AE992E": Object { + "Value": Object { + "Fn::Join": Array [ + "", + Array [ + "aws eks get-token --cluster-name ", + Object { + "Ref": "Cluster9EE0221C", + }, + " --region us-east-1 --role-arn ", + Object { + "Fn::GetAtt": Array [ + "ClusterMastersRole9AA35625", + "Arn", + ], + }, + ], + ], + }, + }, + }, + "Parameters": Object { + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afArtifactHash761F4689": Object { + "Description": "Artifact hash for asset \\"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\\"", + "Type": "String", + }, + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F": Object { + "Description": "S3 bucket for asset \\"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\\"", + "Type": "String", + }, + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56": Object { + "Description": "S3 key for asset version \\"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\\"", + "Type": "String", + }, + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665ArtifactHash9EA5AC29": Object { + "Description": "Artifact hash for asset \\"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\\"", + "Type": "String", + }, + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681": Object { + "Description": "S3 bucket for asset \\"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\\"", + "Type": "String", + }, + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791": Object { + "Description": "S3 key for asset version \\"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\\"", + "Type": "String", + }, + "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cArtifactHashC3F25ABC": Object { + "Description": "Artifact hash for asset \\"28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3c\\"", + "Type": "String", + }, + "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cS3Bucket9FA20082": Object { + "Description": "S3 bucket for asset \\"28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3c\\"", + "Type": "String", + }, + "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cS3VersionKey17CD9E6F": Object { + "Description": "S3 key for asset version \\"28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3c\\"", + "Type": "String", + }, + "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255ArtifactHash77E612E0": Object { + "Description": "Artifact hash for asset \\"295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255\\"", + "Type": "String", + }, + "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255S3BucketA3B80672": Object { + "Description": "S3 bucket for asset \\"295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255\\"", + "Type": "String", + }, + "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255S3VersionKey387B5B88": Object { + "Description": "S3 key for asset version \\"295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255\\"", + "Type": "String", + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10ArtifactHash528547CD": Object { + "Description": "Artifact hash for asset \\"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\\"", + "Type": "String", + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9": Object { + "Description": "S3 bucket for asset \\"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\\"", + "Type": "String", + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421": Object { + "Description": "S3 key for asset version \\"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\\"", + "Type": "String", + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3ArtifactHash5E61FCA5": Object { + "Description": "Artifact hash for asset \\"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\\"", + "Type": "String", + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0": Object { + "Description": "S3 bucket for asset \\"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\\"", + "Type": "String", + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD": Object { + "Description": "S3 key for asset version \\"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\\"", + "Type": "String", + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4ArtifactHashD6EA1BC7": Object { + "Description": "Artifact hash for asset \\"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\\"", + "Type": "String", + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777": Object { + "Description": "S3 bucket for asset \\"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\\"", + "Type": "String", + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30": Object { + "Description": "S3 key for asset version \\"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\\"", + "Type": "String", + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": Object { + "Description": "Artifact hash for asset \\"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\\"", + "Type": "String", + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": Object { + "Description": "S3 bucket for asset \\"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\\"", + "Type": "String", + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": Object { + "Description": "S3 key for asset version \\"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\\"", + "Type": "String", + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": Object { + "Description": "Artifact hash for asset \\"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\\"", + "Type": "String", + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": Object { + "Description": "S3 bucket for asset \\"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\\"", + "Type": "String", + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": Object { + "Description": "S3 key for asset version \\"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\\"", + "Type": "String", + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eArtifactHash4654D012": Object { + "Description": "Artifact hash for asset \\"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\\"", + "Type": "String", + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": Object { + "Description": "S3 bucket for asset \\"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\\"", + "Type": "String", + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565": Object { + "Description": "S3 key for asset version \\"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\\"", + "Type": "String", + }, + }, + "Resources": Object { + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57": Object { + "DependsOn": Array [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867", + ], + "Properties": Object { + "Code": Object { + "S3Bucket": Object { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0", + }, + "S3Key": Object { + "Fn::Join": Array [ + "", + Array [ + Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD", + }, + ], + }, + ], + }, + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD", + }, + ], + }, + ], + }, + ], + ], + }, + }, + "Handler": "__entrypoint__.handler", + "MemorySize": 128, + "Role": Object { + "Fn::GetAtt": Array [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867", + "Arn", + ], + }, + "Runtime": "nodejs12.x", + "Timeout": 900, + }, + "Type": "AWS::Lambda::Function", + }, + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "Service": "lambda.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": Array [ + Object { + "Fn::Sub": "arn:\${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "Cluster9EE0221C": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "ClusterDefaultVpcIGW756BE43E", + "ClusterDefaultVpcPrivateSubnet1DefaultRouteD624C8BD", + "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C", + "ClusterDefaultVpcPrivateSubnet1RouteTableAssociationF8A67D95", + "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + "ClusterDefaultVpcPrivateSubnet2DefaultRouteAB55737C", + "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298", + "ClusterDefaultVpcPrivateSubnet2RouteTableAssociationE1240DF2", + "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + "ClusterDefaultVpcPublicSubnet1DefaultRouteCF22EF6E", + "ClusterDefaultVpcPublicSubnet1EIP498E2BD2", + "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E", + "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98", + "ClusterDefaultVpcPublicSubnet1RouteTableAssociationAFBE6789", + "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + "ClusterDefaultVpcPublicSubnet2DefaultRoute1FA8621E", + "ClusterDefaultVpcPublicSubnet2EIP265F4810", + "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728", + "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47", + "ClusterDefaultVpcPublicSubnet2RouteTableAssociationA8539C50", + "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + "ClusterDefaultVpcFA9F2722", + "ClusterDefaultVpcVPCGWC1D00388", + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + ], + "Properties": Object { + "AssumeRoleArn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + "AttributesRevision": 2, + "Config": Object { + "resourcesVpcConfig": Object { + "endpointPrivateAccess": true, + "endpointPublicAccess": true, + "securityGroupIds": Array [ + Object { + "Fn::GetAtt": Array [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId", + ], + }, + ], + "subnetIds": Array [ + Object { + "Ref": "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + }, + Object { + "Ref": "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + }, + Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + }, + Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + }, + ], + }, + "roleArn": Object { + "Fn::GetAtt": Array [ + "ClusterRoleFA261979", + "Arn", + ], + }, + "version": "1.21", + }, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", + "Outputs.StackawscdkawseksClusterResourceProviderframeworkonEvent9D6CED48Arn", + ], + }, + }, + "Type": "Custom::AWSCDK-EKS-Cluster", + "UpdateReplacePolicy": "Delete", + }, + "ClusterAwsAuthmanifestFE51F8AE": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "ClusterKubectlReadyBarrier200052AF", + ], + "Properties": Object { + "ClusterName": Object { + "Ref": "Cluster9EE0221C", + }, + "Manifest": Object { + "Fn::Join": Array [ + "", + Array [ + "[{\\"apiVersion\\":\\"v1\\",\\"kind\\":\\"ConfigMap\\",\\"metadata\\":{\\"name\\":\\"aws-auth\\",\\"namespace\\":\\"kube-system\\",\\"labels\\":{\\"aws.cdk.eks/prune-c82ececabf77e03e3590f2ebe02adba8641d1b3e76\\":\\"\\"}},\\"data\\":{\\"mapRoles\\":\\"[{\\\\\\"rolearn\\\\\\":\\\\\\"", + Object { + "Fn::GetAtt": Array [ + "ClusterMastersRole9AA35625", + "Arn", + ], + }, + "\\\\\\",\\\\\\"username\\\\\\":\\\\\\"", + Object { + "Fn::GetAtt": Array [ + "ClusterMastersRole9AA35625", + "Arn", + ], + }, + "\\\\\\",\\\\\\"groups\\\\\\":[\\\\\\"system:masters\\\\\\"]},{\\\\\\"rolearn\\\\\\":\\\\\\"", + Object { + "Fn::GetAtt": Array [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn", + ], + }, + "\\\\\\",\\\\\\"username\\\\\\":\\\\\\"system:node:{{EC2PrivateDNSName}}\\\\\\",\\\\\\"groups\\\\\\":[\\\\\\"system:bootstrappers\\\\\\",\\\\\\"system:nodes\\\\\\"]}]\\",\\"mapUsers\\":\\"[]\\",\\"mapAccounts\\":\\"[]\\"}}]", + ], + ], + }, + "Overwrite": true, + "PruneLabel": "aws.cdk.eks/prune-c82ececabf77e03e3590f2ebe02adba8641d1b3e76", + "RoleArn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn", + ], + }, + }, + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "UpdateReplacePolicy": "Delete", + }, + "ClusterControlPlaneSecurityGroupD274242C": Object { + "Properties": Object { + "GroupDescription": "EKS Control Plane Security Group", + "SecurityGroupEgress": Array [ + Object { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::SecurityGroup", + }, + "ClusterCreationRole360249B6": Object { + "DependsOn": Array [ + "ClusterDefaultVpcIGW756BE43E", + "ClusterDefaultVpcPrivateSubnet1DefaultRouteD624C8BD", + "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C", + "ClusterDefaultVpcPrivateSubnet1RouteTableAssociationF8A67D95", + "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + "ClusterDefaultVpcPrivateSubnet2DefaultRouteAB55737C", + "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298", + "ClusterDefaultVpcPrivateSubnet2RouteTableAssociationE1240DF2", + "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + "ClusterDefaultVpcPublicSubnet1DefaultRouteCF22EF6E", + "ClusterDefaultVpcPublicSubnet1EIP498E2BD2", + "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E", + "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98", + "ClusterDefaultVpcPublicSubnet1RouteTableAssociationAFBE6789", + "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + "ClusterDefaultVpcPublicSubnet2DefaultRoute1FA8621E", + "ClusterDefaultVpcPublicSubnet2EIP265F4810", + "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728", + "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47", + "ClusterDefaultVpcPublicSubnet2RouteTableAssociationA8539C50", + "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + "ClusterDefaultVpcFA9F2722", + "ClusterDefaultVpcVPCGWC1D00388", + ], + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::", + Object { + "Ref": "AWS::AccountId", + }, + ":root", + ], + ], + }, + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "ClusterCreationRoleDefaultPolicyE8BDFC7B": Object { + "DependsOn": Array [ + "ClusterDefaultVpcIGW756BE43E", + "ClusterDefaultVpcPrivateSubnet1DefaultRouteD624C8BD", + "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C", + "ClusterDefaultVpcPrivateSubnet1RouteTableAssociationF8A67D95", + "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + "ClusterDefaultVpcPrivateSubnet2DefaultRouteAB55737C", + "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298", + "ClusterDefaultVpcPrivateSubnet2RouteTableAssociationE1240DF2", + "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + "ClusterDefaultVpcPublicSubnet1DefaultRouteCF22EF6E", + "ClusterDefaultVpcPublicSubnet1EIP498E2BD2", + "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E", + "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98", + "ClusterDefaultVpcPublicSubnet1RouteTableAssociationAFBE6789", + "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + "ClusterDefaultVpcPublicSubnet2DefaultRoute1FA8621E", + "ClusterDefaultVpcPublicSubnet2EIP265F4810", + "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728", + "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47", + "ClusterDefaultVpcPublicSubnet2RouteTableAssociationA8539C50", + "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + "ClusterDefaultVpcFA9F2722", + "ClusterDefaultVpcVPCGWC1D00388", + ], + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": Object { + "Fn::GetAtt": Array [ + "ClusterRoleFA261979", + "Arn", + ], + }, + }, + Object { + "Action": Array [ + "eks:CreateCluster", + "eks:DescribeCluster", + "eks:DescribeUpdate", + "eks:DeleteCluster", + "eks:UpdateClusterVersion", + "eks:UpdateClusterConfig", + "eks:CreateFargateProfile", + "eks:TagResource", + "eks:UntagResource", + ], + "Effect": "Allow", + "Resource": Array [ + "*", + ], + }, + Object { + "Action": Array [ + "eks:DescribeFargateProfile", + "eks:DeleteFargateProfile", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "iam:GetRole", + "iam:listAttachedRolePolicies", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": "iam:CreateServiceLinkedRole", + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables", + "ec2:DescribeDhcpOptions", + "ec2:DescribeVpcs", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "Roles": Array [ + Object { + "Ref": "ClusterCreationRole360249B6", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "ClusterDefaultVpcFA9F2722": Object { + "Properties": Object { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc", + }, + ], + }, + "Type": "AWS::EC2::VPC", + }, + "ClusterDefaultVpcIGW756BE43E": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc", + }, + ], + }, + "Type": "AWS::EC2::InternetGateway", + }, + "ClusterDefaultVpcPrivateSubnet1DefaultRouteD624C8BD": Object { + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E", + }, + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C", + }, + }, + "Type": "AWS::EC2::Route", + }, + "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PrivateSubnet1", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "ClusterDefaultVpcPrivateSubnet1RouteTableAssociationF8A67D95": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C", + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "ClusterDefaultVpcPrivateSubnet1Subnet03F39409": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Private", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Private", + }, + Object { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PrivateSubnet1", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "ClusterDefaultVpcPrivateSubnet2DefaultRouteAB55737C": Object { + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728", + }, + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298", + }, + }, + "Type": "AWS::EC2::Route", + }, + "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PrivateSubnet2", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "ClusterDefaultVpcPrivateSubnet2RouteTableAssociationE1240DF2": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298", + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Private", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Private", + }, + Object { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PrivateSubnet2", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "ClusterDefaultVpcPublicSubnet1DefaultRouteCF22EF6E": Object { + "DependsOn": Array [ + "ClusterDefaultVpcVPCGWC1D00388", + ], + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": Object { + "Ref": "ClusterDefaultVpcIGW756BE43E", + }, + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98", + }, + }, + "Type": "AWS::EC2::Route", + }, + "ClusterDefaultVpcPublicSubnet1EIP498E2BD2": Object { + "Properties": Object { + "Domain": "vpc", + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet1", + }, + ], + }, + "Type": "AWS::EC2::EIP", + }, + "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E": Object { + "Properties": Object { + "AllocationId": Object { + "Fn::GetAtt": Array [ + "ClusterDefaultVpcPublicSubnet1EIP498E2BD2", + "AllocationId", + ], + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + }, + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet1", + }, + ], + }, + "Type": "AWS::EC2::NatGateway", + }, + "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet1", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "ClusterDefaultVpcPublicSubnet1RouteTableAssociationAFBE6789": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98", + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Public", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Public", + }, + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet1", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "ClusterDefaultVpcPublicSubnet2DefaultRoute1FA8621E": Object { + "DependsOn": Array [ + "ClusterDefaultVpcVPCGWC1D00388", + ], + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": Object { + "Ref": "ClusterDefaultVpcIGW756BE43E", + }, + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47", + }, + }, + "Type": "AWS::EC2::Route", + }, + "ClusterDefaultVpcPublicSubnet2EIP265F4810": Object { + "Properties": Object { + "Domain": "vpc", + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet2", + }, + ], + }, + "Type": "AWS::EC2::EIP", + }, + "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728": Object { + "Properties": Object { + "AllocationId": Object { + "Fn::GetAtt": Array [ + "ClusterDefaultVpcPublicSubnet2EIP265F4810", + "AllocationId", + ], + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + }, + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet2", + }, + ], + }, + "Type": "AWS::EC2::NatGateway", + }, + "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet2", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "ClusterDefaultVpcPublicSubnet2RouteTableAssociationA8539C50": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47", + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Public", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Public", + }, + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet2", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "ClusterDefaultVpcVPCGWC1D00388": Object { + "Properties": Object { + "InternetGatewayId": Object { + "Ref": "ClusterDefaultVpcIGW756BE43E", + }, + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::VPCGatewayAttachment", + }, + "ClusterKubectlReadyBarrier200052AF": Object { + "DependsOn": Array [ + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C", + ], + "Properties": Object { + "Type": "String", + "Value": "aws:cdk:eks:kubectl-ready", + }, + "Type": "AWS::SSM::Parameter", + }, + "ClusterMastersRole9AA35625": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::", + Object { + "Ref": "AWS::AccountId", + }, + ":root", + ], + ], + }, + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "ClusterNodegroupDefaultCapacityDA0920A3": Object { + "Properties": Object { + "AmiType": "AL2_x86_64", + "ClusterName": Object { + "Ref": "Cluster9EE0221C", + }, + "ForceUpdateEnabled": true, + "InstanceTypes": Array [ + "m5.large", + ], + "NodeRole": Object { + "Fn::GetAtt": Array [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn", + ], + }, + "ScalingConfig": Object { + "DesiredSize": 2, + "MaxSize": 2, + "MinSize": 2, + }, + "Subnets": Array [ + Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + }, + Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + }, + ], + }, + "Type": "AWS::EKS::Nodegroup", + }, + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "Service": "ec2.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy", + ], + ], + }, + Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/AmazonEKS_CNI_Policy", + ], + ], + }, + Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", + ], + ], + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "ClusterOpenIdConnectProviderE7EB0530": Object { + "DeletionPolicy": "Delete", + "Properties": Object { + "ClientIDList": Array [ + "sts.amazonaws.com", + ], + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0", + "Arn", + ], + }, + "ThumbprintList": Array [ + "9e99a48a9960b14926bb7f3b02e22da2b0ab7280", + ], + "Url": Object { + "Fn::GetAtt": Array [ + "Cluster9EE0221C", + "OpenIdConnectIssuerUrl", + ], + }, + }, + "Type": "Custom::AWSCDKOpenIdConnectProvider", + "UpdateReplacePolicy": "Delete", + }, + "ClusterRoleFA261979": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "Service": "eks.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/AmazonEKSClusterPolicy", + ], + ], + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0": Object { + "DependsOn": Array [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65", + ], + "Properties": Object { + "Code": Object { + "S3Bucket": Object { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777", + }, + "S3Key": Object { + "Fn::Join": Array [ + "", + Array [ + Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30", + }, + ], + }, + ], + }, + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30", + }, + ], + }, + ], + }, + ], + ], + }, + }, + "Handler": "__entrypoint__.handler", + "MemorySize": 128, + "Role": Object { + "Fn::GetAtt": Array [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65", + "Arn", + ], + }, + "Runtime": "nodejs12.x", + "Timeout": 900, + }, + "Type": "AWS::Lambda::Function", + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "Service": "lambda.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": Array [ + Object { + "Fn::Sub": "arn:\${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + }, + ], + "Policies": Array [ + Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "iam:CreateOpenIDConnectProvider", + "iam:DeleteOpenIDConnectProvider", + "iam:UpdateOpenIDConnectProviderThumbprint", + "iam:AddClientIDToOpenIDConnectProvider", + "iam:RemoveClientIDFromOpenIDConnectProvider", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "Inline", + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "StackClusterF0EB02FAAlbController3CA38157": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterKubectlReadyBarrier200052AF", + "ClusterOpenIdConnectProviderE7EB0530", + "StackClusterF0EB02FAAlbControlleralbsaConditionJsonEB803D33", + "StackClusterF0EB02FAAlbControlleralbsamanifestalbsaServiceAccountResource1F87255D", + "StackClusterF0EB02FAAlbControlleralbsaRoleDefaultPolicyB2195229", + "StackClusterF0EB02FAAlbControlleralbsaRole5FFB27D0", + ], + "Properties": Object { + "Chart": "aws-load-balancer-controller", + "ClusterName": Object { + "Ref": "Cluster9EE0221C", + }, + "CreateNamespace": true, + "Namespace": "kube-system", + "Release": "aws-load-balancer-controller", + "Repository": "https://aws.github.io/eks-charts", + "RoleArn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn", + ], + }, + "Timeout": "900s", + "Values": Object { + "Fn::Join": Array [ + "", + Array [ + "{\\"clusterName\\":\\"", + Object { + "Ref": "Cluster9EE0221C", + }, + "\\",\\"serviceAccount\\":{\\"create\\":false,\\"name\\":\\"aws-load-balancer-controller\\"},\\"region\\":\\"us-east-1\\",\\"vpcId\\":\\"", + Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + "\\",\\"repository\\":\\"custom\\",\\"tag\\":\\"v2.3.0\\"}", + ], + ], + }, + "Version": "1.2.7", + "Wait": true, + }, + "Type": "Custom::AWSCDK-EKS-HelmChart", + "UpdateReplacePolicy": "Delete", + }, + "StackClusterF0EB02FAAlbControlleralbsaConditionJsonEB803D33": Object { + "DeletionPolicy": "Delete", + "Properties": Object { + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57", + "Arn", + ], + }, + "Value": Object { + "Fn::Join": Array [ + "", + Array [ + "{\\"", + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + ":oidc-provider/", + Object { + "Ref": "ClusterOpenIdConnectProviderE7EB0530", + }, + ], + }, + ], + }, + ":aud\\":\\"sts.amazonaws.com\\",\\"", + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + ":oidc-provider/", + Object { + "Ref": "ClusterOpenIdConnectProviderE7EB0530", + }, + ], + }, + ], + }, + ":sub\\":\\"system:serviceaccount:kube-system:aws-load-balancer-controller\\"}", + ], + ], + }, + }, + "Type": "Custom::AWSCDKCfnJson", + "UpdateReplacePolicy": "Delete", + }, + "StackClusterF0EB02FAAlbControlleralbsaRole5FFB27D0": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": Object { + "StringEquals": Object { + "Fn::GetAtt": Array [ + "StackClusterF0EB02FAAlbControlleralbsaConditionJsonEB803D33", + "Value", + ], + }, + }, + "Effect": "Allow", + "Principal": Object { + "Federated": Object { + "Ref": "ClusterOpenIdConnectProviderE7EB0530", + }, + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "StackClusterF0EB02FAAlbControlleralbsaRoleDefaultPolicyB2195229": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "iam:CreateServiceLinkedRole", + "Condition": Object { + "StringEquals": Object { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com", + }, + }, + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": "ec2:CreateSecurityGroup", + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": "ec2:CreateTags", + "Condition": Object { + "Null": Object { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false", + }, + "StringEquals": Object { + "ec2:CreateAction": "CreateSecurityGroup", + }, + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:security-group/*", + }, + Object { + "Action": Array [ + "ec2:CreateTags", + "ec2:DeleteTags", + ], + "Condition": Object { + "Null": Object { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false", + }, + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:security-group/*", + }, + Object { + "Action": Array [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + ], + "Condition": Object { + "Null": Object { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false", + }, + }, + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup", + ], + "Condition": Object { + "Null": Object { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false", + }, + }, + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags", + ], + "Condition": Object { + "Null": Object { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false", + }, + }, + "Effect": "Allow", + "Resource": Array [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", + ], + }, + Object { + "Action": Array [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags", + ], + "Effect": "Allow", + "Resource": Array [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*", + ], + }, + Object { + "Action": Array [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup", + ], + "Condition": Object { + "Null": Object { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false", + }, + }, + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets", + ], + "Effect": "Allow", + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + }, + Object { + "Action": Array [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "StackClusterF0EB02FAAlbControlleralbsaRoleDefaultPolicyB2195229", + "Roles": Array [ + Object { + "Ref": "StackClusterF0EB02FAAlbControlleralbsaRole5FFB27D0", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "StackClusterF0EB02FAAlbControlleralbsamanifestalbsaServiceAccountResource1F87255D": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "ClusterKubectlReadyBarrier200052AF", + ], + "Properties": Object { + "ClusterName": Object { + "Ref": "Cluster9EE0221C", + }, + "Manifest": Object { + "Fn::Join": Array [ + "", + Array [ + "[{\\"apiVersion\\":\\"v1\\",\\"kind\\":\\"ServiceAccount\\",\\"metadata\\":{\\"name\\":\\"aws-load-balancer-controller\\",\\"namespace\\":\\"kube-system\\",\\"labels\\":{\\"aws.cdk.eks/prune-c84bfbcec3a76ba434febd72b4b5b4e172d0e2daaf\\":\\"\\",\\"app.kubernetes.io/name\\":\\"aws-load-balancer-controller\\"},\\"annotations\\":{\\"eks.amazonaws.com/role-arn\\":\\"", + Object { + "Fn::GetAtt": Array [ + "StackClusterF0EB02FAAlbControlleralbsaRole5FFB27D0", + "Arn", + ], + }, + "\\"}}}]", + ], + ], + }, + "PruneLabel": "aws.cdk.eks/prune-c84bfbcec3a76ba434febd72b4b5b4e172d0e2daaf", + "RoleArn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn", + ], + }, + }, + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "UpdateReplacePolicy": "Delete", + }, + "VPCB9E5F0B4": Object { + "Properties": Object { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC", + }, + ], + }, + "Type": "AWS::EC2::VPC", + }, + "VPCIGWB7E252D3": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC", + }, + ], + }, + "Type": "AWS::EC2::InternetGateway", + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": Object { + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": Object { + "Ref": "VPCPublicSubnet1NATGatewayE0556630", + }, + "RouteTableId": Object { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027", + }, + }, + "Type": "AWS::EC2::Route", + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027", + }, + "SubnetId": Object { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "VPCPrivateSubnet1RouteTableBE8A6027": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PrivateSubnet1", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "VPCPrivateSubnet1Subnet8BCA10E0": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Private", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Private", + }, + Object { + "Key": "Name", + "Value": "Stack/VPC/PrivateSubnet1", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": Object { + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": Object { + "Ref": "VPCPublicSubnet2NATGateway3C070193", + }, + "RouteTableId": Object { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E", + }, + }, + "Type": "AWS::EC2::Route", + }, + "VPCPrivateSubnet2RouteTable0A19E10E": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PrivateSubnet2", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E", + }, + "SubnetId": Object { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Private", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Private", + }, + Object { + "Key": "Name", + "Value": "Stack/VPC/PrivateSubnet2", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "VPCPublicSubnet1DefaultRoute91CEF279": Object { + "DependsOn": Array [ + "VPCVPCGW99B986DC", + ], + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": Object { + "Ref": "VPCIGWB7E252D3", + }, + "RouteTableId": Object { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781", + }, + }, + "Type": "AWS::EC2::Route", + }, + "VPCPublicSubnet1EIP6AD938E8": Object { + "Properties": Object { + "Domain": "vpc", + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet1", + }, + ], + }, + "Type": "AWS::EC2::EIP", + }, + "VPCPublicSubnet1NATGatewayE0556630": Object { + "Properties": Object { + "AllocationId": Object { + "Fn::GetAtt": Array [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId", + ], + }, + "SubnetId": Object { + "Ref": "VPCPublicSubnet1SubnetB4246D30", + }, + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet1", + }, + ], + }, + "Type": "AWS::EC2::NatGateway", + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781", + }, + "SubnetId": Object { + "Ref": "VPCPublicSubnet1SubnetB4246D30", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "VPCPublicSubnet1RouteTableFEE4B781": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet1", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "VPCPublicSubnet1SubnetB4246D30": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Public", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Public", + }, + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet1", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": Object { + "DependsOn": Array [ + "VPCVPCGW99B986DC", + ], + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": Object { + "Ref": "VPCIGWB7E252D3", + }, + "RouteTableId": Object { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1", + }, + }, + "Type": "AWS::EC2::Route", + }, + "VPCPublicSubnet2EIP4947BC00": Object { + "Properties": Object { + "Domain": "vpc", + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet2", + }, + ], + }, + "Type": "AWS::EC2::EIP", + }, + "VPCPublicSubnet2NATGateway3C070193": Object { + "Properties": Object { + "AllocationId": Object { + "Fn::GetAtt": Array [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId", + ], + }, + "SubnetId": Object { + "Ref": "VPCPublicSubnet2Subnet74179F39", + }, + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet2", + }, + ], + }, + "Type": "AWS::EC2::NatGateway", + }, + "VPCPublicSubnet2RouteTable6F1A15F1": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet2", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1", + }, + "SubnetId": Object { + "Ref": "VPCPublicSubnet2Subnet74179F39", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "VPCPublicSubnet2Subnet74179F39": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Public", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Public", + }, + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet2", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "VPCVPCGW99B986DC": Object { + "Properties": Object { + "InternetGatewayId": Object { + "Ref": "VPCIGWB7E252D3", + }, + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::VPCGatewayAttachment", + }, + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": Object { + "DeletionPolicy": "Delete", + "Properties": Object { + "Parameters": Object { + "referencetoStackAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket2A621CC8Ref": Object { + "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F", + }, + "referencetoStackAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey958A3826Ref": Object { + "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56", + }, + "referencetoStackAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket9D1B5197Ref": Object { + "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681", + }, + "referencetoStackAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyA5E30E2ARef": Object { + "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791", + }, + "referencetoStackAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket2F9FC3A4Ref": Object { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1", + }, + "referencetoStackAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey60096BB7Ref": Object { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F", + }, + "referencetoStackClusterCreationRole3E974CE8Arn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + }, + "TemplateURL": Object { + "Fn::Join": Array [ + "", + Array [ + "https://s3.us-east-1.", + Object { + "Ref": "AWS::URLSuffix", + }, + "/", + Object { + "Ref": "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cS3Bucket9FA20082", + }, + "/", + Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cS3VersionKey17CD9E6F", + }, + ], + }, + ], + }, + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cS3VersionKey17CD9E6F", + }, + ], + }, + ], + }, + ], + ], + }, + }, + "Type": "AWS::CloudFormation::Stack", + "UpdateReplacePolicy": "Delete", + }, + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": Object { + "DeletionPolicy": "Delete", + "Properties": Object { + "Parameters": Object { + "referencetoStackAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3Bucket8D8787CCRef": Object { + "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9", + }, + "referencetoStackAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKey44F3FF61Ref": Object { + "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421", + }, + "referencetoStackAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket2F9FC3A4Ref": Object { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1", + }, + "referencetoStackAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey60096BB7Ref": Object { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F", + }, + "referencetoStackAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3Bucket3EB648DFRef": Object { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7", + }, + "referencetoStackAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey45D6282ARef": Object { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F", + }, + "referencetoStackAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketAF6F4455Ref": Object { + "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998", + }, + "referencetoStackAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKey4F7BA5A8Ref": Object { + "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565", + }, + "referencetoStackCluster979F48BAArn": Object { + "Fn::GetAtt": Array [ + "Cluster9EE0221C", + "Arn", + ], + }, + "referencetoStackCluster979F48BAClusterSecurityGroupId": Object { + "Fn::GetAtt": Array [ + "Cluster9EE0221C", + "ClusterSecurityGroupId", + ], + }, + "referencetoStackClusterCreationRole3E974CE8Arn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + "referencetoStackClusterDefaultVpcPrivateSubnet1SubnetA64D1BF0Ref": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + }, + "referencetoStackClusterDefaultVpcPrivateSubnet2Subnet32D85AB8Ref": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + }, + }, + "TemplateURL": Object { + "Fn::Join": Array [ + "", + Array [ + "https://s3.us-east-1.", + Object { + "Ref": "AWS::URLSuffix", + }, + "/", + Object { + "Ref": "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255S3BucketA3B80672", + }, + "/", + Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255S3VersionKey387B5B88", + }, + ], + }, + ], + }, + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255S3VersionKey387B5B88", + }, + ], + }, + ], + }, + ], + ], + }, + }, + "Type": "AWS::CloudFormation::Stack", + "UpdateReplacePolicy": "Delete", + }, + }, +} +`; + +exports[`minimal snapshot 1`] = ` +Object { + "Outputs": Object { + "ClusterConfigCommand43AAE40F": Object { + "Value": Object { + "Fn::Join": Array [ + "", + Array [ + "aws eks update-kubeconfig --name ", + Object { + "Ref": "Cluster9EE0221C", + }, + " --region us-east-1 --role-arn ", + Object { + "Fn::GetAtt": Array [ + "ClusterMastersRole9AA35625", + "Arn", + ], + }, + ], + ], + }, + }, + "ClusterGetTokenCommand06AE992E": Object { + "Value": Object { + "Fn::Join": Array [ + "", + Array [ + "aws eks get-token --cluster-name ", + Object { + "Ref": "Cluster9EE0221C", + }, + " --region us-east-1 --role-arn ", + Object { + "Fn::GetAtt": Array [ + "ClusterMastersRole9AA35625", + "Arn", + ], + }, + ], + ], + }, + }, + }, + "Parameters": Object { + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afArtifactHash761F4689": Object { + "Description": "Artifact hash for asset \\"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\\"", + "Type": "String", + }, + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F": Object { + "Description": "S3 bucket for asset \\"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\\"", + "Type": "String", + }, + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56": Object { + "Description": "S3 key for asset version \\"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\\"", + "Type": "String", + }, + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665ArtifactHash9EA5AC29": Object { + "Description": "Artifact hash for asset \\"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\\"", + "Type": "String", + }, + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681": Object { + "Description": "S3 bucket for asset \\"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\\"", + "Type": "String", + }, + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791": Object { + "Description": "S3 key for asset version \\"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\\"", + "Type": "String", + }, + "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cArtifactHashC3F25ABC": Object { + "Description": "Artifact hash for asset \\"28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3c\\"", + "Type": "String", + }, + "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cS3Bucket9FA20082": Object { + "Description": "S3 bucket for asset \\"28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3c\\"", + "Type": "String", + }, + "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cS3VersionKey17CD9E6F": Object { + "Description": "S3 key for asset version \\"28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3c\\"", + "Type": "String", + }, + "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255ArtifactHash77E612E0": Object { + "Description": "Artifact hash for asset \\"295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255\\"", + "Type": "String", + }, + "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255S3BucketA3B80672": Object { + "Description": "S3 bucket for asset \\"295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255\\"", + "Type": "String", + }, + "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255S3VersionKey387B5B88": Object { + "Description": "S3 key for asset version \\"295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255\\"", + "Type": "String", + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10ArtifactHash528547CD": Object { + "Description": "Artifact hash for asset \\"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\\"", + "Type": "String", + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9": Object { + "Description": "S3 bucket for asset \\"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\\"", + "Type": "String", + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421": Object { + "Description": "S3 key for asset version \\"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\\"", + "Type": "String", + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3ArtifactHash5E61FCA5": Object { + "Description": "Artifact hash for asset \\"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\\"", + "Type": "String", + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0": Object { + "Description": "S3 bucket for asset \\"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\\"", + "Type": "String", + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD": Object { + "Description": "S3 key for asset version \\"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\\"", + "Type": "String", + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4ArtifactHashD6EA1BC7": Object { + "Description": "Artifact hash for asset \\"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\\"", + "Type": "String", + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777": Object { + "Description": "S3 bucket for asset \\"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\\"", + "Type": "String", + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30": Object { + "Description": "S3 key for asset version \\"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\\"", + "Type": "String", + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": Object { + "Description": "Artifact hash for asset \\"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\\"", + "Type": "String", + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": Object { + "Description": "S3 bucket for asset \\"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\\"", + "Type": "String", + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": Object { + "Description": "S3 key for asset version \\"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\\"", + "Type": "String", + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": Object { + "Description": "Artifact hash for asset \\"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\\"", + "Type": "String", + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": Object { + "Description": "S3 bucket for asset \\"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\\"", + "Type": "String", + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": Object { + "Description": "S3 key for asset version \\"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\\"", + "Type": "String", + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eArtifactHash4654D012": Object { + "Description": "Artifact hash for asset \\"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\\"", + "Type": "String", + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": Object { + "Description": "S3 bucket for asset \\"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\\"", + "Type": "String", + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565": Object { + "Description": "S3 key for asset version \\"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\\"", + "Type": "String", + }, + }, + "Resources": Object { + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57": Object { + "DependsOn": Array [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867", + ], + "Properties": Object { + "Code": Object { + "S3Bucket": Object { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0", + }, + "S3Key": Object { + "Fn::Join": Array [ + "", + Array [ + Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD", + }, + ], + }, + ], + }, + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD", + }, + ], + }, + ], + }, + ], + ], + }, + }, + "Handler": "__entrypoint__.handler", + "MemorySize": 128, + "Role": Object { + "Fn::GetAtt": Array [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867", + "Arn", + ], + }, + "Runtime": "nodejs12.x", + "Timeout": 900, + }, + "Type": "AWS::Lambda::Function", + }, + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "Service": "lambda.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": Array [ + Object { + "Fn::Sub": "arn:\${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "Cluster9EE0221C": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "ClusterDefaultVpcIGW756BE43E", + "ClusterDefaultVpcPrivateSubnet1DefaultRouteD624C8BD", + "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C", + "ClusterDefaultVpcPrivateSubnet1RouteTableAssociationF8A67D95", + "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + "ClusterDefaultVpcPrivateSubnet2DefaultRouteAB55737C", + "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298", + "ClusterDefaultVpcPrivateSubnet2RouteTableAssociationE1240DF2", + "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + "ClusterDefaultVpcPublicSubnet1DefaultRouteCF22EF6E", + "ClusterDefaultVpcPublicSubnet1EIP498E2BD2", + "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E", + "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98", + "ClusterDefaultVpcPublicSubnet1RouteTableAssociationAFBE6789", + "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + "ClusterDefaultVpcPublicSubnet2DefaultRoute1FA8621E", + "ClusterDefaultVpcPublicSubnet2EIP265F4810", + "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728", + "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47", + "ClusterDefaultVpcPublicSubnet2RouteTableAssociationA8539C50", + "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + "ClusterDefaultVpcFA9F2722", + "ClusterDefaultVpcVPCGWC1D00388", + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + ], + "Properties": Object { + "AssumeRoleArn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + "AttributesRevision": 2, + "Config": Object { + "resourcesVpcConfig": Object { + "endpointPrivateAccess": true, + "endpointPublicAccess": true, + "securityGroupIds": Array [ + Object { + "Fn::GetAtt": Array [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId", + ], + }, + ], + "subnetIds": Array [ + Object { + "Ref": "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + }, + Object { + "Ref": "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + }, + Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + }, + Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + }, + ], + }, + "roleArn": Object { + "Fn::GetAtt": Array [ + "ClusterRoleFA261979", + "Arn", + ], + }, + "version": "1.21", + }, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", + "Outputs.StackawscdkawseksClusterResourceProviderframeworkonEvent9D6CED48Arn", + ], + }, + }, + "Type": "Custom::AWSCDK-EKS-Cluster", + "UpdateReplacePolicy": "Delete", + }, + "ClusterAwsAuthmanifestFE51F8AE": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "ClusterKubectlReadyBarrier200052AF", + ], + "Properties": Object { + "ClusterName": Object { + "Ref": "Cluster9EE0221C", + }, + "Manifest": Object { + "Fn::Join": Array [ + "", + Array [ + "[{\\"apiVersion\\":\\"v1\\",\\"kind\\":\\"ConfigMap\\",\\"metadata\\":{\\"name\\":\\"aws-auth\\",\\"namespace\\":\\"kube-system\\",\\"labels\\":{\\"aws.cdk.eks/prune-c82ececabf77e03e3590f2ebe02adba8641d1b3e76\\":\\"\\"}},\\"data\\":{\\"mapRoles\\":\\"[{\\\\\\"rolearn\\\\\\":\\\\\\"", + Object { + "Fn::GetAtt": Array [ + "ClusterMastersRole9AA35625", + "Arn", + ], + }, + "\\\\\\",\\\\\\"username\\\\\\":\\\\\\"", + Object { + "Fn::GetAtt": Array [ + "ClusterMastersRole9AA35625", + "Arn", + ], + }, + "\\\\\\",\\\\\\"groups\\\\\\":[\\\\\\"system:masters\\\\\\"]},{\\\\\\"rolearn\\\\\\":\\\\\\"", + Object { + "Fn::GetAtt": Array [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn", + ], + }, + "\\\\\\",\\\\\\"username\\\\\\":\\\\\\"system:node:{{EC2PrivateDNSName}}\\\\\\",\\\\\\"groups\\\\\\":[\\\\\\"system:bootstrappers\\\\\\",\\\\\\"system:nodes\\\\\\"]}]\\",\\"mapUsers\\":\\"[]\\",\\"mapAccounts\\":\\"[]\\"}}]", + ], + ], + }, + "Overwrite": true, + "PruneLabel": "aws.cdk.eks/prune-c82ececabf77e03e3590f2ebe02adba8641d1b3e76", + "RoleArn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn", + ], + }, + }, + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "UpdateReplacePolicy": "Delete", + }, + "ClusterControlPlaneSecurityGroupD274242C": Object { + "Properties": Object { + "GroupDescription": "EKS Control Plane Security Group", + "SecurityGroupEgress": Array [ + Object { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::SecurityGroup", + }, + "ClusterCreationRole360249B6": Object { + "DependsOn": Array [ + "ClusterDefaultVpcIGW756BE43E", + "ClusterDefaultVpcPrivateSubnet1DefaultRouteD624C8BD", + "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C", + "ClusterDefaultVpcPrivateSubnet1RouteTableAssociationF8A67D95", + "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + "ClusterDefaultVpcPrivateSubnet2DefaultRouteAB55737C", + "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298", + "ClusterDefaultVpcPrivateSubnet2RouteTableAssociationE1240DF2", + "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + "ClusterDefaultVpcPublicSubnet1DefaultRouteCF22EF6E", + "ClusterDefaultVpcPublicSubnet1EIP498E2BD2", + "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E", + "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98", + "ClusterDefaultVpcPublicSubnet1RouteTableAssociationAFBE6789", + "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + "ClusterDefaultVpcPublicSubnet2DefaultRoute1FA8621E", + "ClusterDefaultVpcPublicSubnet2EIP265F4810", + "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728", + "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47", + "ClusterDefaultVpcPublicSubnet2RouteTableAssociationA8539C50", + "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + "ClusterDefaultVpcFA9F2722", + "ClusterDefaultVpcVPCGWC1D00388", + ], + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::", + Object { + "Ref": "AWS::AccountId", + }, + ":root", + ], + ], + }, + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "ClusterCreationRoleDefaultPolicyE8BDFC7B": Object { + "DependsOn": Array [ + "ClusterDefaultVpcIGW756BE43E", + "ClusterDefaultVpcPrivateSubnet1DefaultRouteD624C8BD", + "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C", + "ClusterDefaultVpcPrivateSubnet1RouteTableAssociationF8A67D95", + "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + "ClusterDefaultVpcPrivateSubnet2DefaultRouteAB55737C", + "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298", + "ClusterDefaultVpcPrivateSubnet2RouteTableAssociationE1240DF2", + "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + "ClusterDefaultVpcPublicSubnet1DefaultRouteCF22EF6E", + "ClusterDefaultVpcPublicSubnet1EIP498E2BD2", + "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E", + "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98", + "ClusterDefaultVpcPublicSubnet1RouteTableAssociationAFBE6789", + "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + "ClusterDefaultVpcPublicSubnet2DefaultRoute1FA8621E", + "ClusterDefaultVpcPublicSubnet2EIP265F4810", + "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728", + "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47", + "ClusterDefaultVpcPublicSubnet2RouteTableAssociationA8539C50", + "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + "ClusterDefaultVpcFA9F2722", + "ClusterDefaultVpcVPCGWC1D00388", + ], + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": Object { + "Fn::GetAtt": Array [ + "ClusterRoleFA261979", + "Arn", + ], + }, + }, + Object { + "Action": Array [ + "eks:CreateCluster", + "eks:DescribeCluster", + "eks:DescribeUpdate", + "eks:DeleteCluster", + "eks:UpdateClusterVersion", + "eks:UpdateClusterConfig", + "eks:CreateFargateProfile", + "eks:TagResource", + "eks:UntagResource", + ], + "Effect": "Allow", + "Resource": Array [ + "*", + ], + }, + Object { + "Action": Array [ + "eks:DescribeFargateProfile", + "eks:DeleteFargateProfile", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "iam:GetRole", + "iam:listAttachedRolePolicies", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": "iam:CreateServiceLinkedRole", + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables", + "ec2:DescribeDhcpOptions", + "ec2:DescribeVpcs", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "Roles": Array [ + Object { + "Ref": "ClusterCreationRole360249B6", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "ClusterDefaultVpcFA9F2722": Object { + "Properties": Object { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc", + }, + ], + }, + "Type": "AWS::EC2::VPC", + }, + "ClusterDefaultVpcIGW756BE43E": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc", + }, + ], + }, + "Type": "AWS::EC2::InternetGateway", + }, + "ClusterDefaultVpcPrivateSubnet1DefaultRouteD624C8BD": Object { + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E", + }, + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C", + }, + }, + "Type": "AWS::EC2::Route", + }, + "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PrivateSubnet1", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "ClusterDefaultVpcPrivateSubnet1RouteTableAssociationF8A67D95": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1RouteTable7844020C", + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "ClusterDefaultVpcPrivateSubnet1Subnet03F39409": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Private", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Private", + }, + Object { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PrivateSubnet1", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "ClusterDefaultVpcPrivateSubnet2DefaultRouteAB55737C": Object { + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728", + }, + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298", + }, + }, + "Type": "AWS::EC2::Route", + }, + "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PrivateSubnet2", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "ClusterDefaultVpcPrivateSubnet2RouteTableAssociationE1240DF2": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2RouteTable1F9A5298", + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Private", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Private", + }, + Object { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PrivateSubnet2", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "ClusterDefaultVpcPublicSubnet1DefaultRouteCF22EF6E": Object { + "DependsOn": Array [ + "ClusterDefaultVpcVPCGWC1D00388", + ], + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": Object { + "Ref": "ClusterDefaultVpcIGW756BE43E", + }, + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98", + }, + }, + "Type": "AWS::EC2::Route", + }, + "ClusterDefaultVpcPublicSubnet1EIP498E2BD2": Object { + "Properties": Object { + "Domain": "vpc", + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet1", + }, + ], + }, + "Type": "AWS::EC2::EIP", + }, + "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E": Object { + "Properties": Object { + "AllocationId": Object { + "Fn::GetAtt": Array [ + "ClusterDefaultVpcPublicSubnet1EIP498E2BD2", + "AllocationId", + ], + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + }, + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet1", + }, + ], + }, + "Type": "AWS::EC2::NatGateway", + }, + "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet1", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "ClusterDefaultVpcPublicSubnet1RouteTableAssociationAFBE6789": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet1RouteTable1DCCDD98", + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Public", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Public", + }, + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet1", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "ClusterDefaultVpcPublicSubnet2DefaultRoute1FA8621E": Object { + "DependsOn": Array [ + "ClusterDefaultVpcVPCGWC1D00388", + ], + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": Object { + "Ref": "ClusterDefaultVpcIGW756BE43E", + }, + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47", + }, + }, + "Type": "AWS::EC2::Route", + }, + "ClusterDefaultVpcPublicSubnet2EIP265F4810": Object { + "Properties": Object { + "Domain": "vpc", + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet2", + }, + ], + }, + "Type": "AWS::EC2::EIP", + }, + "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728": Object { + "Properties": Object { + "AllocationId": Object { + "Fn::GetAtt": Array [ + "ClusterDefaultVpcPublicSubnet2EIP265F4810", + "AllocationId", + ], + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + }, + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet2", + }, + ], + }, + "Type": "AWS::EC2::NatGateway", + }, + "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet2", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "ClusterDefaultVpcPublicSubnet2RouteTableAssociationA8539C50": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet2RouteTable6F1F5F47", + }, + "SubnetId": Object { + "Ref": "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Public", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Public", + }, + Object { + "Key": "kubernetes.io/role/elb", + "Value": "1", + }, + Object { + "Key": "Name", + "Value": "Stack/Cluster/DefaultVpc/PublicSubnet2", + }, + ], + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "ClusterDefaultVpcVPCGWC1D00388": Object { + "Properties": Object { + "InternetGatewayId": Object { + "Ref": "ClusterDefaultVpcIGW756BE43E", + }, + "VpcId": Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + }, + "Type": "AWS::EC2::VPCGatewayAttachment", + }, + "ClusterKubectlReadyBarrier200052AF": Object { + "DependsOn": Array [ + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C", + ], + "Properties": Object { + "Type": "String", + "Value": "aws:cdk:eks:kubectl-ready", + }, + "Type": "AWS::SSM::Parameter", + }, + "ClusterMastersRole9AA35625": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::", + Object { + "Ref": "AWS::AccountId", + }, + ":root", + ], + ], + }, + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "ClusterNodegroupDefaultCapacityDA0920A3": Object { + "Properties": Object { + "AmiType": "AL2_x86_64", + "ClusterName": Object { + "Ref": "Cluster9EE0221C", + }, + "ForceUpdateEnabled": true, + "InstanceTypes": Array [ + "m5.large", + ], + "NodeRole": Object { + "Fn::GetAtt": Array [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn", + ], + }, + "ScalingConfig": Object { + "DesiredSize": 2, + "MaxSize": 2, + "MinSize": 2, + }, + "Subnets": Array [ + Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + }, + Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + }, + ], + }, + "Type": "AWS::EKS::Nodegroup", + }, + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "Service": "ec2.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy", + ], + ], + }, + Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/AmazonEKS_CNI_Policy", + ], + ], + }, + Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", + ], + ], + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "ClusterOpenIdConnectProviderE7EB0530": Object { + "DeletionPolicy": "Delete", + "Properties": Object { + "ClientIDList": Array [ + "sts.amazonaws.com", + ], + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0", + "Arn", + ], + }, + "ThumbprintList": Array [ + "9e99a48a9960b14926bb7f3b02e22da2b0ab7280", + ], + "Url": Object { + "Fn::GetAtt": Array [ + "Cluster9EE0221C", + "OpenIdConnectIssuerUrl", + ], + }, + }, + "Type": "Custom::AWSCDKOpenIdConnectProvider", + "UpdateReplacePolicy": "Delete", + }, + "ClusterRoleFA261979": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "Service": "eks.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/AmazonEKSClusterPolicy", + ], + ], + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0": Object { + "DependsOn": Array [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65", + ], + "Properties": Object { + "Code": Object { + "S3Bucket": Object { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777", + }, + "S3Key": Object { + "Fn::Join": Array [ + "", + Array [ + Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30", + }, + ], + }, + ], + }, + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30", + }, + ], + }, + ], + }, + ], + ], + }, + }, + "Handler": "__entrypoint__.handler", + "MemorySize": 128, + "Role": Object { + "Fn::GetAtt": Array [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65", + "Arn", + ], + }, + "Runtime": "nodejs12.x", + "Timeout": 900, + }, + "Type": "AWS::Lambda::Function", + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "Service": "lambda.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": Array [ + Object { + "Fn::Sub": "arn:\${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + }, + ], + "Policies": Array [ + Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "iam:CreateOpenIDConnectProvider", + "iam:DeleteOpenIDConnectProvider", + "iam:UpdateOpenIDConnectProviderThumbprint", + "iam:AddClientIDToOpenIDConnectProvider", + "iam:RemoveClientIDFromOpenIDConnectProvider", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "Inline", + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "StackClusterF0EB02FAAlbController3CA38157": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterKubectlReadyBarrier200052AF", + "ClusterOpenIdConnectProviderE7EB0530", + "StackClusterF0EB02FAAlbControlleralbsaConditionJsonEB803D33", + "StackClusterF0EB02FAAlbControlleralbsamanifestalbsaServiceAccountResource1F87255D", + "StackClusterF0EB02FAAlbControlleralbsaRoleDefaultPolicyB2195229", + "StackClusterF0EB02FAAlbControlleralbsaRole5FFB27D0", + ], + "Properties": Object { + "Chart": "aws-load-balancer-controller", + "ClusterName": Object { + "Ref": "Cluster9EE0221C", + }, + "CreateNamespace": true, + "Namespace": "kube-system", + "Release": "aws-load-balancer-controller", + "Repository": "https://aws.github.io/eks-charts", + "RoleArn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn", + ], + }, + "Timeout": "900s", + "Values": Object { + "Fn::Join": Array [ + "", + Array [ + "{\\"clusterName\\":\\"", + Object { + "Ref": "Cluster9EE0221C", + }, + "\\",\\"serviceAccount\\":{\\"create\\":false,\\"name\\":\\"aws-load-balancer-controller\\"},\\"region\\":\\"us-east-1\\",\\"vpcId\\":\\"", + Object { + "Ref": "ClusterDefaultVpcFA9F2722", + }, + "\\",\\"repository\\":\\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\\",\\"tag\\":\\"v2.3.0\\"}", + ], + ], + }, + "Version": "1.2.7", + "Wait": true, + }, + "Type": "Custom::AWSCDK-EKS-HelmChart", + "UpdateReplacePolicy": "Delete", + }, + "StackClusterF0EB02FAAlbControlleralbsaConditionJsonEB803D33": Object { + "DeletionPolicy": "Delete", + "Properties": Object { + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57", + "Arn", + ], + }, + "Value": Object { + "Fn::Join": Array [ + "", + Array [ + "{\\"", + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + ":oidc-provider/", + Object { + "Ref": "ClusterOpenIdConnectProviderE7EB0530", + }, + ], + }, + ], + }, + ":aud\\":\\"sts.amazonaws.com\\",\\"", + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + ":oidc-provider/", + Object { + "Ref": "ClusterOpenIdConnectProviderE7EB0530", + }, + ], + }, + ], + }, + ":sub\\":\\"system:serviceaccount:kube-system:aws-load-balancer-controller\\"}", + ], + ], + }, + }, + "Type": "Custom::AWSCDKCfnJson", + "UpdateReplacePolicy": "Delete", + }, + "StackClusterF0EB02FAAlbControlleralbsaRole5FFB27D0": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": Object { + "StringEquals": Object { + "Fn::GetAtt": Array [ + "StackClusterF0EB02FAAlbControlleralbsaConditionJsonEB803D33", + "Value", + ], + }, + }, + "Effect": "Allow", + "Principal": Object { + "Federated": Object { + "Ref": "ClusterOpenIdConnectProviderE7EB0530", + }, + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "StackClusterF0EB02FAAlbControlleralbsaRoleDefaultPolicyB2195229": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "iam:CreateServiceLinkedRole", + "Condition": Object { + "StringEquals": Object { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com", + }, + }, + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": "ec2:CreateSecurityGroup", + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": "ec2:CreateTags", + "Condition": Object { + "Null": Object { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false", + }, + "StringEquals": Object { + "ec2:CreateAction": "CreateSecurityGroup", + }, + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:security-group/*", + }, + Object { + "Action": Array [ + "ec2:CreateTags", + "ec2:DeleteTags", + ], + "Condition": Object { + "Null": Object { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false", + }, + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:security-group/*", + }, + Object { + "Action": Array [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + ], + "Condition": Object { + "Null": Object { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false", + }, + }, + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup", + ], + "Condition": Object { + "Null": Object { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false", + }, + }, + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule", + ], + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags", + ], + "Condition": Object { + "Null": Object { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false", + }, + }, + "Effect": "Allow", + "Resource": Array [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", + ], + }, + Object { + "Action": Array [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags", + ], + "Effect": "Allow", + "Resource": Array [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*", + ], + }, + Object { + "Action": Array [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup", + ], + "Condition": Object { + "Null": Object { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false", + }, + }, + "Effect": "Allow", + "Resource": "*", + }, + Object { + "Action": Array [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets", + ], + "Effect": "Allow", + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + }, + Object { + "Action": Array [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "StackClusterF0EB02FAAlbControlleralbsaRoleDefaultPolicyB2195229", + "Roles": Array [ + Object { + "Ref": "StackClusterF0EB02FAAlbControlleralbsaRole5FFB27D0", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "StackClusterF0EB02FAAlbControlleralbsamanifestalbsaServiceAccountResource1F87255D": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "ClusterKubectlReadyBarrier200052AF", + ], + "Properties": Object { + "ClusterName": Object { + "Ref": "Cluster9EE0221C", + }, + "Manifest": Object { + "Fn::Join": Array [ + "", + Array [ + "[{\\"apiVersion\\":\\"v1\\",\\"kind\\":\\"ServiceAccount\\",\\"metadata\\":{\\"name\\":\\"aws-load-balancer-controller\\",\\"namespace\\":\\"kube-system\\",\\"labels\\":{\\"aws.cdk.eks/prune-c84bfbcec3a76ba434febd72b4b5b4e172d0e2daaf\\":\\"\\",\\"app.kubernetes.io/name\\":\\"aws-load-balancer-controller\\"},\\"annotations\\":{\\"eks.amazonaws.com/role-arn\\":\\"", + Object { + "Fn::GetAtt": Array [ + "StackClusterF0EB02FAAlbControlleralbsaRole5FFB27D0", + "Arn", + ], + }, + "\\"}}}]", + ], + ], + }, + "PruneLabel": "aws.cdk.eks/prune-c84bfbcec3a76ba434febd72b4b5b4e172d0e2daaf", + "RoleArn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn", + ], + }, + }, + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "UpdateReplacePolicy": "Delete", + }, + "VPCB9E5F0B4": Object { + "Properties": Object { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC", + }, + ], + }, + "Type": "AWS::EC2::VPC", + }, + "VPCIGWB7E252D3": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC", + }, + ], + }, + "Type": "AWS::EC2::InternetGateway", + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": Object { + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": Object { + "Ref": "VPCPublicSubnet1NATGatewayE0556630", + }, + "RouteTableId": Object { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027", + }, + }, + "Type": "AWS::EC2::Route", + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027", + }, + "SubnetId": Object { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "VPCPrivateSubnet1RouteTableBE8A6027": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PrivateSubnet1", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "VPCPrivateSubnet1Subnet8BCA10E0": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Private", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Private", + }, + Object { + "Key": "Name", + "Value": "Stack/VPC/PrivateSubnet1", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": Object { + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": Object { + "Ref": "VPCPublicSubnet2NATGateway3C070193", + }, + "RouteTableId": Object { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E", + }, + }, + "Type": "AWS::EC2::Route", + }, + "VPCPrivateSubnet2RouteTable0A19E10E": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PrivateSubnet2", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E", + }, + "SubnetId": Object { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Private", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Private", + }, + Object { + "Key": "Name", + "Value": "Stack/VPC/PrivateSubnet2", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "VPCPublicSubnet1DefaultRoute91CEF279": Object { + "DependsOn": Array [ + "VPCVPCGW99B986DC", + ], + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": Object { + "Ref": "VPCIGWB7E252D3", + }, + "RouteTableId": Object { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781", + }, + }, + "Type": "AWS::EC2::Route", + }, + "VPCPublicSubnet1EIP6AD938E8": Object { + "Properties": Object { + "Domain": "vpc", + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet1", + }, + ], + }, + "Type": "AWS::EC2::EIP", + }, + "VPCPublicSubnet1NATGatewayE0556630": Object { + "Properties": Object { + "AllocationId": Object { + "Fn::GetAtt": Array [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId", + ], + }, + "SubnetId": Object { + "Ref": "VPCPublicSubnet1SubnetB4246D30", + }, + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet1", + }, + ], + }, + "Type": "AWS::EC2::NatGateway", + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781", + }, + "SubnetId": Object { + "Ref": "VPCPublicSubnet1SubnetB4246D30", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "VPCPublicSubnet1RouteTableFEE4B781": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet1", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "VPCPublicSubnet1SubnetB4246D30": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Public", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Public", + }, + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet1", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": Object { + "DependsOn": Array [ + "VPCVPCGW99B986DC", + ], + "Properties": Object { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": Object { + "Ref": "VPCIGWB7E252D3", + }, + "RouteTableId": Object { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1", + }, + }, + "Type": "AWS::EC2::Route", + }, + "VPCPublicSubnet2EIP4947BC00": Object { + "Properties": Object { + "Domain": "vpc", + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet2", + }, + ], + }, + "Type": "AWS::EC2::EIP", + }, + "VPCPublicSubnet2NATGateway3C070193": Object { + "Properties": Object { + "AllocationId": Object { + "Fn::GetAtt": Array [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId", + ], + }, + "SubnetId": Object { + "Ref": "VPCPublicSubnet2Subnet74179F39", + }, + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet2", + }, + ], + }, + "Type": "AWS::EC2::NatGateway", + }, + "VPCPublicSubnet2RouteTable6F1A15F1": Object { + "Properties": Object { + "Tags": Array [ + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet2", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::RouteTable", + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": Object { + "Properties": Object { + "RouteTableId": Object { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1", + }, + "SubnetId": Object { + "Ref": "VPCPublicSubnet2Subnet74179F39", + }, + }, + "Type": "AWS::EC2::SubnetRouteTableAssociation", + }, + "VPCPublicSubnet2Subnet74179F39": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::GetAZs": "", + }, + ], + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": Array [ + Object { + "Key": "aws-cdk:subnet-name", + "Value": "Public", + }, + Object { + "Key": "aws-cdk:subnet-type", + "Value": "Public", + }, + Object { + "Key": "Name", + "Value": "Stack/VPC/PublicSubnet2", + }, + ], + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::Subnet", + }, + "VPCVPCGW99B986DC": Object { + "Properties": Object { + "InternetGatewayId": Object { + "Ref": "VPCIGWB7E252D3", + }, + "VpcId": Object { + "Ref": "VPCB9E5F0B4", + }, + }, + "Type": "AWS::EC2::VPCGatewayAttachment", + }, + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": Object { + "DeletionPolicy": "Delete", + "Properties": Object { + "Parameters": Object { + "referencetoStackAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket2A621CC8Ref": Object { + "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F", + }, + "referencetoStackAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey958A3826Ref": Object { + "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56", + }, + "referencetoStackAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket9D1B5197Ref": Object { + "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681", + }, + "referencetoStackAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyA5E30E2ARef": Object { + "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791", + }, + "referencetoStackAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket2F9FC3A4Ref": Object { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1", + }, + "referencetoStackAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey60096BB7Ref": Object { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F", + }, + "referencetoStackClusterCreationRole3E974CE8Arn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + }, + "TemplateURL": Object { + "Fn::Join": Array [ + "", + Array [ + "https://s3.us-east-1.", + Object { + "Ref": "AWS::URLSuffix", + }, + "/", + Object { + "Ref": "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cS3Bucket9FA20082", + }, + "/", + Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cS3VersionKey17CD9E6F", + }, + ], + }, + ], + }, + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters28514b056c6e85ada0c93a419f1e8be6a0b4579e6e00a2202e13dba6727fda3cS3VersionKey17CD9E6F", + }, + ], + }, + ], + }, + ], + ], + }, + }, + "Type": "AWS::CloudFormation::Stack", + "UpdateReplacePolicy": "Delete", + }, + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": Object { + "DeletionPolicy": "Delete", + "Properties": Object { + "Parameters": Object { + "referencetoStackAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3Bucket8D8787CCRef": Object { + "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9", + }, + "referencetoStackAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKey44F3FF61Ref": Object { + "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421", + }, + "referencetoStackAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket2F9FC3A4Ref": Object { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1", + }, + "referencetoStackAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey60096BB7Ref": Object { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F", + }, + "referencetoStackAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3Bucket3EB648DFRef": Object { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7", + }, + "referencetoStackAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey45D6282ARef": Object { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F", + }, + "referencetoStackAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketAF6F4455Ref": Object { + "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998", + }, + "referencetoStackAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKey4F7BA5A8Ref": Object { + "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565", + }, + "referencetoStackCluster979F48BAArn": Object { + "Fn::GetAtt": Array [ + "Cluster9EE0221C", + "Arn", + ], + }, + "referencetoStackCluster979F48BAClusterSecurityGroupId": Object { + "Fn::GetAtt": Array [ + "Cluster9EE0221C", + "ClusterSecurityGroupId", + ], + }, + "referencetoStackClusterCreationRole3E974CE8Arn": Object { + "Fn::GetAtt": Array [ + "ClusterCreationRole360249B6", + "Arn", + ], + }, + "referencetoStackClusterDefaultVpcPrivateSubnet1SubnetA64D1BF0Ref": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet1Subnet03F39409", + }, + "referencetoStackClusterDefaultVpcPrivateSubnet2Subnet32D85AB8Ref": Object { + "Ref": "ClusterDefaultVpcPrivateSubnet2SubnetA526AEA7", + }, + }, + "TemplateURL": Object { + "Fn::Join": Array [ + "", + Array [ + "https://s3.us-east-1.", + Object { + "Ref": "AWS::URLSuffix", + }, + "/", + Object { + "Ref": "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255S3BucketA3B80672", + }, + "/", + Object { + "Fn::Select": Array [ + 0, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255S3VersionKey387B5B88", + }, + ], + }, + ], + }, + Object { + "Fn::Select": Array [ + 1, + Object { + "Fn::Split": Array [ + "||", + Object { + "Ref": "AssetParameters295be8a2e573197d513da169926a66adc8a01dff49ac2e5165b0cb53e4649255S3VersionKey387B5B88", + }, + ], + }, + ], + }, + ], + ], + }, + }, + "Type": "AWS::CloudFormation::Stack", + "UpdateReplacePolicy": "Delete", + }, + }, +} +`; diff --git a/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts b/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts new file mode 100644 index 0000000000000..be7ee247559e0 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/alb-controller.test.ts @@ -0,0 +1,78 @@ +import * as fs from 'fs'; +import * as path from 'path'; +import { SynthUtils } from '@aws-cdk/assert-internal'; +import * as iam from '@aws-cdk/aws-iam'; +import '@aws-cdk/assert-internal/jest'; +import { Cluster, KubernetesVersion, AlbController, AlbControllerVersion } from '../lib'; +import { testFixture } from './util'; + +test('minimal snapshot', () => { + + const { stack } = testFixture(); + + const cluster = new Cluster(stack, 'Cluster', { + version: KubernetesVersion.V1_21, + }); + + AlbController.create(stack, { + cluster, + version: AlbControllerVersion.V2_3_0, + }); + + expect(SynthUtils.synthesize(stack).template).toMatchSnapshot(); + +}); + +test('all vended policies are valid', () => { + + const addOnsDir = path.join(__dirname, '..', 'lib', 'addons'); + + for (const addOn of fs.readdirSync(addOnsDir)) { + if (addOn.startsWith('alb-iam_policy')) { + const policy = JSON.parse(fs.readFileSync(path.join(addOnsDir, addOn)).toString()); + try { + + for (const statement of policy.Statement) { + iam.PolicyStatement.fromJson(statement); + } + + } catch (error) { + throw new Error(`Invalid policy: ${addOn}: ${error}`); + } + } + } + +}); + +test('can configure a custom repository', () => { + + const { stack } = testFixture(); + + const cluster = new Cluster(stack, 'Cluster', { + version: KubernetesVersion.V1_21, + }); + + AlbController.create(stack, { + cluster, + version: AlbControllerVersion.V2_3_0, + repository: 'custom', + }); + + expect(SynthUtils.synthesize(stack).template).toMatchSnapshot(); + +}); + +test('throws when a policy is not defined for a custom version', () => { + + const { stack } = testFixture(); + + const cluster = new Cluster(stack, 'Cluster', { + version: KubernetesVersion.V1_21, + }); + + expect(() => AlbController.create(stack, { + cluster, + version: AlbControllerVersion.of('custom'), + })).toThrowError("'albControllerOptions.policy' is required when using a custom controller version"); + +}); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cluster.test.ts b/packages/@aws-cdk/aws-eks/test/cluster.test.ts index 5c6050a63682c..0cdf55100598d 100644 --- a/packages/@aws-cdk/aws-eks/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-eks/test/cluster.test.ts @@ -21,6 +21,22 @@ const CLUSTER_VERSION = eks.KubernetesVersion.V1_21; describe('cluster', () => { + test('can configure and access ALB controller', () => { + const { stack } = testFixture(); + + const cluster = new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + albController: { + version: eks.AlbControllerVersion.V2_3_0, + }, + }); + + expect(stack).toHaveResource('Custom::AWSCDK-EKS-HelmChart', { + Chart: 'aws-load-balancer-controller', + }); + expect(cluster.albController).toBeDefined(); + }); + test('can specify custom environment to cluster resource handler', () => { const { stack } = testFixture(); diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json new file mode 100644 index 0000000000000..217c6e6698bee --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json @@ -0,0 +1,2351 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.0.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.32.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet3SubnetBE12F0B6": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.64.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1c", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PublicSubnet3" + } + ] + } + }, + "VpcPublicSubnet3RouteTable93458DBB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PublicSubnet3" + } + ] + } + }, + "VpcPublicSubnet3RouteTableAssociation1F1EDF02": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet3RouteTable93458DBB" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet3SubnetBE12F0B6" + } + } + }, + "VpcPublicSubnet3DefaultRoute4697774F": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet3RouteTable93458DBB" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.96.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PrivateSubnet1" + } + ] + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PrivateSubnet1" + } + ] + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.128.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PrivateSubnet2" + } + ] + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PrivateSubnet2" + } + ] + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcPrivateSubnet3SubnetF258B56E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.160.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1c", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PrivateSubnet3" + } + ] + } + }, + "VpcPrivateSubnet3RouteTableD98824C7": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc/PrivateSubnet3" + } + ] + } + }, + "VpcPrivateSubnet3RouteTableAssociation16BDDC43": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet3RouteTableD98824C7" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet3SubnetF258B56E" + } + } + }, + "VpcPrivateSubnet3DefaultRoute94B74F0D": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet3RouteTableD98824C7" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-alb-controller-test/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + } + } + }, + "ClusterRoleFA261979": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSClusterPolicy" + ] + ] + } + ] + } + }, + "ClusterControlPlaneSecurityGroupD274242C": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "EKS Control Plane Security Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "ClusterCreationRole360249B6": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::12345678:root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + }, + "DependsOn": [ + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPrivateSubnet3DefaultRoute94B74F0D", + "VpcPrivateSubnet3RouteTableD98824C7", + "VpcPrivateSubnet3RouteTableAssociation16BDDC43", + "VpcPrivateSubnet3SubnetF258B56E", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "VpcPublicSubnet3DefaultRoute4697774F", + "VpcPublicSubnet3RouteTable93458DBB", + "VpcPublicSubnet3RouteTableAssociation1F1EDF02", + "VpcPublicSubnet3SubnetBE12F0B6", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ] + }, + "ClusterCreationRoleDefaultPolicyE8BDFC7B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + } + }, + { + "Action": [ + "eks:CreateCluster", + "eks:DescribeCluster", + "eks:DescribeUpdate", + "eks:DeleteCluster", + "eks:UpdateClusterVersion", + "eks:UpdateClusterConfig", + "eks:CreateFargateProfile", + "eks:TagResource", + "eks:UntagResource" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "eks:DescribeFargateProfile", + "eks:DeleteFargateProfile" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:GetRole", + "iam:listAttachedRolePolicies" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables", + "ec2:DescribeDhcpOptions", + "ec2:DescribeVpcs" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "Roles": [ + { + "Ref": "ClusterCreationRole360249B6" + } + ] + }, + "DependsOn": [ + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPrivateSubnet3DefaultRoute94B74F0D", + "VpcPrivateSubnet3RouteTableD98824C7", + "VpcPrivateSubnet3RouteTableAssociation16BDDC43", + "VpcPrivateSubnet3SubnetF258B56E", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "VpcPublicSubnet3DefaultRoute4697774F", + "VpcPublicSubnet3RouteTable93458DBB", + "VpcPublicSubnet3RouteTableAssociation1F1EDF02", + "VpcPublicSubnet3SubnetBE12F0B6", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ] + }, + "Cluster9EE0221C": { + "Type": "Custom::AWSCDK-EKS-Cluster", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", + "Outputs.awscdkeksclusteralbcontrollertestawscdkawseksClusterResourceProviderframeworkonEventB8A2CF0DArn" + ] + }, + "Config": { + "version": "1.21", + "roleArn": { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + }, + "resourcesVpcConfig": { + "subnetIds": [ + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + { + "Ref": "VpcPublicSubnet3SubnetBE12F0B6" + }, + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + { + "Ref": "VpcPrivateSubnet3SubnetF258B56E" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId" + ] + } + ], + "endpointPublicAccess": true, + "endpointPrivateAccess": true + } + }, + "AssumeRoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "AttributesRevision": 2 + }, + "DependsOn": [ + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPrivateSubnet3DefaultRoute94B74F0D", + "VpcPrivateSubnet3RouteTableD98824C7", + "VpcPrivateSubnet3RouteTableAssociation16BDDC43", + "VpcPrivateSubnet3SubnetF258B56E", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "VpcPublicSubnet3DefaultRoute4697774F", + "VpcPublicSubnet3RouteTable93458DBB", + "VpcPublicSubnet3RouteTableAssociation1F1EDF02", + "VpcPublicSubnet3SubnetBE12F0B6", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterKubectlReadyBarrier200052AF": { + "Type": "AWS::SSM::Parameter", + "Properties": { + "Type": "String", + "Value": "aws:cdk:eks:kubectl-ready" + }, + "DependsOn": [ + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C" + ] + }, + "ClusterMastersRole9AA35625": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::12345678:root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ClusterAwsAuthmanifestFE51F8AE": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclusteralbcontrollertestawscdkawseksKubectlProviderframeworkonEvent4AFC769CArn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c86d8ad0bb8e20754211361dd51b3b9516ab079f0c\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + }, + "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" + ] + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c86d8ad0bb8e20754211361dd51b3b9516ab079f0c", + "Overwrite": true + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterOpenIdConnectProviderE7EB0530": { + "Type": "Custom::AWSCDKOpenIdConnectProvider", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0", + "Arn" + ] + }, + "ClientIDList": [ + "sts.amazonaws.com" + ], + "ThumbprintList": [ + "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" + ], + "Url": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "OpenIdConnectIssuerUrl" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKS_CNI_Policy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "ClusterNodegroupDefaultCapacityDA0920A3": { + "Type": "AWS::EKS::Nodegroup", + "Properties": { + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "NodeRole": { + "Fn::GetAtt": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn" + ] + }, + "Subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + { + "Ref": "VpcPrivateSubnet3SubnetF258B56E" + } + ], + "AmiType": "AL2_x86_64", + "ForceUpdateEnabled": true, + "InstanceTypes": [ + "m5.large" + ], + "ScalingConfig": { + "DesiredSize": 2, + "MaxSize": 2, + "MinSize": 2 + } + } + }, + "Clusterechoserver5815619F": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclusteralbcontrollertestawscdkawseksKubectlProviderframeworkonEvent4AFC769CArn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"apps/v1\",\"kind\":\"Deployment\",\"metadata\":{\"name\":\"hello-server-deployment-c852e88c\",\"labels\":{\"aws.cdk.eks/prune-c88b1dfeeaf63e3024ab07862029ba60fd8907fb04\":\"\"}},\"spec\":{\"replicas\":1,\"selector\":{\"matchLabels\":{\"cdk8s.deployment\":\"hello-server-Deployment-c8659a74\"}},\"template\":{\"metadata\":{\"labels\":{\"cdk8s.deployment\":\"hello-server-Deployment-c8659a74\"}},\"spec\":{\"containers\":[{\"args\":[\"-text\",\"hello\"],\"env\":[],\"image\":\"hashicorp/http-echo\",\"imagePullPolicy\":\"Always\",\"name\":\"main\",\"ports\":[{\"containerPort\":5678}],\"volumeMounts\":[]}],\"volumes\":[]}}}},{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"name\":\"hello-server-deployment-service-c8fd9c61\",\"labels\":{\"aws.cdk.eks/prune-c88b1dfeeaf63e3024ab07862029ba60fd8907fb04\":\"\"}},\"spec\":{\"externalIPs\":[],\"ports\":[{\"port\":5678,\"targetPort\":5678}],\"selector\":{\"cdk8s.deployment\":\"hello-server-Deployment-c8659a74\"},\"type\":\"NodePort\"}},{\"apiVersion\":\"networking.k8s.io/v1beta1\",\"kind\":\"Ingress\",\"metadata\":{\"annotations\":{\"kubernetes.io/ingress.class\":\"alb\",\"alb.ingress.kubernetes.io/scheme\":\"internal\",\"alb.ingress.kubernetes.io/inbound-cidrs\":\"", + { + "Fn::GetAtt": [ + "Vpc8378EB38", + "CidrBlock" + ] + }, + "\"},\"name\":\"hello-server-deployment-service-ingress-c896bd7e\",\"labels\":{\"aws.cdk.eks/prune-c88b1dfeeaf63e3024ab07862029ba60fd8907fb04\":\"\"}},\"spec\":{\"rules\":[{\"http\":{\"paths\":[{\"backend\":{\"serviceName\":\"hello-server-deployment-service-c8fd9c61\",\"servicePort\":5678},\"path\":\"/\"}]}}]}}]" + ] + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c88b1dfeeaf63e3024ab07862029ba60fd8907fb04" + }, + "DependsOn": [ + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaConditionJsonCB1A2F4A", + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsamanifestalbsaServiceAccountResourceED5FA069", + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaRoleDefaultPolicy2047BBBC", + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaRole84609927", + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControllerF943CD86", + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "Clusterhelloserverdeploymentserviceingressc896bd7eLoadBalancerAddress142F1CB0": { + "Type": "Custom::AWSCDK-EKS-KubernetesObjectValue", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclusteralbcontrollertestawscdkawseksKubectlProviderframeworkonEvent4AFC769CArn" + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "ObjectType": "ingress", + "ObjectName": "hello-server-deployment-service-ingress-c896bd7e", + "ObjectNamespace": "default", + "JsonPath": ".status.loadBalancer.ingress[0].hostname", + "TimeoutSeconds": 600 + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.test-region.", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31S3BucketBEA8E31E" + }, + "/", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31S3VersionKey86EE1B0C" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31S3VersionKey86EE1B0C" + } + ] + } + ] + } + ] + ] + }, + "Parameters": { + "referencetoawscdkeksclusteralbcontrollertestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket4FD6630ARef": { + "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681" + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKey991D5128Ref": { + "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791" + }, + "referencetoawscdkeksclusteralbcontrollertestClusterCreationRoleA16C24E9Arn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3BucketE25795A8Ref": { + "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F" + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKeyE4320F93Ref": { + "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56" + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketED32B211Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey6FD8F5E5Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.test-region.", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bS3BucketFAB8EA28" + }, + "/", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bS3VersionKey33497690" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bS3VersionKey33497690" + } + ] + } + ] + } + ] + ] + }, + "Parameters": { + "referencetoawscdkeksclusteralbcontrollertestCluster80A60A64Arn": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "Arn" + ] + }, + "referencetoawscdkeksclusteralbcontrollertestClusterCreationRoleA16C24E9Arn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3Bucket71A947E9Ref": { + "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9" + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKey515289E4Ref": { + "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421" + }, + "referencetoawscdkeksclusteralbcontrollertestVpcPrivateSubnet1Subnet7C7DBEE5Ref": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + "referencetoawscdkeksclusteralbcontrollertestVpcPrivateSubnet2Subnet7FBE197ERef": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + "referencetoawscdkeksclusteralbcontrollertestVpcPrivateSubnet3SubnetBBD14378Ref": { + "Ref": "VpcPrivateSubnet3SubnetF258B56E" + }, + "referencetoawscdkeksclusteralbcontrollertestCluster80A60A64ClusterSecurityGroupId": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "ClusterSecurityGroupId" + ] + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3Bucket6CB090A8Ref": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey980A7F7CRef": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3Bucket65F5BE5ARef": { + "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKey036DDFD3Ref": { + "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565" + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketED32B211Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + }, + "referencetoawscdkeksclusteralbcontrollertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey6FD8F5E5Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaConditionJsonCB1A2F4A": { + "Type": "Custom::AWSCDKCfnJson", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57", + "Arn" + ] + }, + "Value": { + "Fn::Join": [ + "", + [ + "{\"", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":oidc-provider/", + { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + ] + } + ] + }, + ":aud\":\"sts.amazonaws.com\",\"", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":oidc-provider/", + { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + ] + } + ] + }, + ":sub\":\"system:serviceaccount:kube-system:aws-load-balancer-controller\"}" + ] + ] + } + }, + "DependsOn": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaRole84609927": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "Fn::GetAtt": [ + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaConditionJsonCB1A2F4A", + "Value" + ] + } + }, + "Effect": "Allow", + "Principal": { + "Federated": { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + } + } + ], + "Version": "2012-10-17" + } + }, + "DependsOn": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3" + ] + }, + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaRoleDefaultPolicy2047BBBC": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:CreateSecurityGroup", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:security-group/*" + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:security-group/*" + }, + { + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + }, + { + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Effect": "Allow", + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaRoleDefaultPolicy2047BBBC", + "Roles": [ + { + "Ref": "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaRole84609927" + } + ] + }, + "DependsOn": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3" + ] + }, + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsamanifestalbsaServiceAccountResourceED5FA069": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclusteralbcontrollertestawscdkawseksKubectlProviderframeworkonEvent4AFC769CArn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"ServiceAccount\",\"metadata\":{\"name\":\"aws-load-balancer-controller\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c87ed3e4d1c4d777a5673be4909059213f1c53a6f0\":\"\",\"app.kubernetes.io/name\":\"aws-load-balancer-controller\"},\"annotations\":{\"eks.amazonaws.com/role-arn\":\"", + { + "Fn::GetAtt": [ + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaRole84609927", + "Arn" + ] + }, + "\"}}}]" + ] + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c87ed3e4d1c4d777a5673be4909059213f1c53a6f0" + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControllerF943CD86": { + "Type": "Custom::AWSCDK-EKS-HelmChart", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclusteralbcontrollertestawscdkawseksKubectlProviderframeworkonEvent4AFC769CArn" + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "Release": "aws-load-balancer-controller", + "Chart": "aws-load-balancer-controller", + "Version": "1.2.7", + "Wait": true, + "Timeout": "900s", + "Values": { + "Fn::Join": [ + "", + [ + "{\"clusterName\":\"", + { + "Ref": "Cluster9EE0221C" + }, + "\",\"serviceAccount\":{\"create\":false,\"name\":\"aws-load-balancer-controller\"},\"region\":\"test-region\",\"vpcId\":\"", + { + "Ref": "Vpc8378EB38" + }, + "\",\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.3.0\"}" + ] + ] + }, + "Namespace": "kube-system", + "Repository": "https://aws.github.io/eks-charts", + "CreateNamespace": true + }, + "DependsOn": [ + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaConditionJsonCB1A2F4A", + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsamanifestalbsaServiceAccountResourceED5FA069", + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaRoleDefaultPolicy2047BBBC", + "awscdkeksclusteralbcontrollertestCluster481F6464AlbControlleralbsaRole84609927", + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterKubectlReadyBarrier200052AF", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3", + "ClusterOpenIdConnectProviderE7EB0530" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": "*", + "Action": [ + "iam:CreateOpenIDConnectProvider", + "iam:DeleteOpenIDConnectProvider", + "iam:UpdateOpenIDConnectProviderThumbprint", + "iam:AddClientIDToOpenIDConnectProvider", + "iam:RemoveClientIDFromOpenIDConnectProvider" + ] + } + ] + } + } + ] + } + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65", + "Arn" + ] + }, + "Runtime": "nodejs12.x" + }, + "DependsOn": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65" + ] + }, + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867", + "Arn" + ] + }, + "Runtime": "nodejs12.x" + }, + "DependsOn": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867" + ] + }, + "IngressPingerFunctionServiceRoleD01E9C19": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "IngressPingerFunctionSecurityGroup77C60B1A": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Automatic security group for Lambda Function awscdkeksclusteralbcontrollertestIngressPingerFunction2F7B2C81", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "IngressPingerFunction54746D9B": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3BucketA6642550" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3VersionKeyFEC50F65" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3VersionKeyFEC50F65" + } + ] + } + ] + } + ] + ] + } + }, + "Role": { + "Fn::GetAtt": [ + "IngressPingerFunctionServiceRoleD01E9C19", + "Arn" + ] + }, + "Handler": "index.handler", + "Runtime": "python3.6", + "Timeout": 600, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "IngressPingerFunctionSecurityGroup77C60B1A", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + { + "Ref": "VpcPrivateSubnet3SubnetF258B56E" + } + ] + } + }, + "DependsOn": [ + "IngressPingerFunctionServiceRoleD01E9C19" + ] + }, + "IngressPingerProviderframeworkonEventServiceRole89300FAD": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "IngressPingerProviderframeworkonEventServiceRoleDefaultPolicy7CC73E26": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "IngressPingerFunction54746D9B", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "IngressPingerProviderframeworkonEventServiceRoleDefaultPolicy7CC73E26", + "Roles": [ + { + "Ref": "IngressPingerProviderframeworkonEventServiceRole89300FAD" + } + ] + } + }, + "IngressPingerProviderframeworkonEventEE5AD360": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + } + ] + } + ] + } + ] + ] + } + }, + "Role": { + "Fn::GetAtt": [ + "IngressPingerProviderframeworkonEventServiceRole89300FAD", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - onEvent (aws-cdk-eks-cluster-alb-controller-test/IngressPinger/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "IngressPingerFunction54746D9B", + "Arn" + ] + } + } + }, + "Handler": "framework.onEvent", + "Runtime": "nodejs12.x", + "Timeout": 900 + }, + "DependsOn": [ + "IngressPingerProviderframeworkonEventServiceRoleDefaultPolicy7CC73E26", + "IngressPingerProviderframeworkonEventServiceRole89300FAD" + ] + }, + "IngressPinger1AD9E831": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "IngressPingerProviderframeworkonEventEE5AD360", + "Arn" + ] + }, + "Url": { + "Fn::Join": [ + "", + [ + "http://", + { + "Fn::GetAtt": [ + "Clusterhelloserverdeploymentserviceingressc896bd7eLoadBalancerAddress142F1CB0", + "Value" + ] + } + ] + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Outputs": { + "ClusterConfigCommand43AAE40F": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "Cluster9EE0221C" + }, + " --region test-region --role-arn ", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + } + ] + ] + } + }, + "ClusterGetTokenCommand06AE992E": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "Cluster9EE0221C" + }, + " --region test-region --role-arn ", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + } + ] + ] + } + }, + "IngressPingerResponse": { + "Value": { + "Fn::GetAtt": [ + "IngressPinger1AD9E831", + "Value" + ] + } + } + }, + "Parameters": { + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681": { + "Type": "String", + "Description": "S3 bucket for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + }, + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791": { + "Type": "String", + "Description": "S3 key for asset version \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + }, + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665ArtifactHash9EA5AC29": { + "Type": "String", + "Description": "Artifact hash for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + }, + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F": { + "Type": "String", + "Description": "S3 bucket for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + }, + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56": { + "Type": "String", + "Description": "S3 key for asset version \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + }, + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afArtifactHash761F4689": { + "Type": "String", + "Description": "Artifact hash for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "Type": "String", + "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "Type": "String", + "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "Type": "String", + "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9": { + "Type": "String", + "Description": "S3 bucket for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421": { + "Type": "String", + "Description": "S3 key for asset version \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10ArtifactHash528547CD": { + "Type": "String", + "Description": "Artifact hash for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "Type": "String", + "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "Type": "String", + "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "Type": "String", + "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { + "Type": "String", + "Description": "S3 bucket for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565": { + "Type": "String", + "Description": "S3 key for asset version \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eArtifactHash4654D012": { + "Type": "String", + "Description": "Artifact hash for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777": { + "Type": "String", + "Description": "S3 bucket for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30": { + "Type": "String", + "Description": "S3 key for asset version \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4ArtifactHashD6EA1BC7": { + "Type": "String", + "Description": "Artifact hash for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0": { + "Type": "String", + "Description": "S3 bucket for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD": { + "Type": "String", + "Description": "S3 key for asset version \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3ArtifactHash5E61FCA5": { + "Type": "String", + "Description": "Artifact hash for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + }, + "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3BucketA6642550": { + "Type": "String", + "Description": "S3 bucket for asset \"5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636d\"" + }, + "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3VersionKeyFEC50F65": { + "Type": "String", + "Description": "S3 key for asset version \"5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636d\"" + }, + "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dArtifactHashBEC87846": { + "Type": "String", + "Description": "Artifact hash for asset \"5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636d\"" + }, + "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31S3BucketBEA8E31E": { + "Type": "String", + "Description": "S3 bucket for asset \"37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31\"" + }, + "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31S3VersionKey86EE1B0C": { + "Type": "String", + "Description": "S3 key for asset version \"37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31\"" + }, + "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31ArtifactHash4201F140": { + "Type": "String", + "Description": "Artifact hash for asset \"37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31\"" + }, + "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bS3BucketFAB8EA28": { + "Type": "String", + "Description": "S3 bucket for asset \"06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4b\"" + }, + "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bS3VersionKey33497690": { + "Type": "String", + "Description": "S3 key for asset version \"06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4b\"" + }, + "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bArtifactHash78FCAA4C": { + "Type": "String", + "Description": "Artifact hash for asset \"06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4b\"" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts new file mode 100644 index 0000000000000..ffa49a586eb6e --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.ts @@ -0,0 +1,62 @@ +/// !cdk-integ pragma:ignore-assets +import * as ec2 from '@aws-cdk/aws-ec2'; +import { App, CfnOutput, Duration } from '@aws-cdk/core'; +import * as cdk8s from 'cdk8s'; +import * as kplus from 'cdk8s-plus-21'; +import * as eks from '../lib'; +import { Pinger } from './pinger/pinger'; +import { TestStack } from './util'; + +class EksClusterAlbControllerStack extends TestStack { + + constructor(scope: App, id: string) { + super(scope, id); + + // just need one nat gateway to simplify the test + const vpc = new ec2.Vpc(this, 'Vpc', { maxAzs: 3, natGateways: 1 }); + + const cluster = new eks.Cluster(this, 'Cluster', { + vpc, + version: eks.KubernetesVersion.V1_21, + albController: { + version: eks.AlbControllerVersion.V2_3_0, + }, + }); + + const chart = new cdk8s.Chart(new cdk8s.App(), 'hello-server'); + + const ingress = new kplus.Deployment(chart, 'Deployment', { + containers: [{ image: 'hashicorp/http-echo', args: ['-text', 'hello'], port: 5678 }], + }) + .exposeViaService({ serviceType: kplus.ServiceType.NODE_PORT }) + .exposeViaIngress('/'); + + // allow vpc to access the ELB so our pinger can hit it. + ingress.metadata.addAnnotation('alb.ingress.kubernetes.io/inbound-cidrs', cluster.vpc.vpcCidrBlock); + + const echoServer = cluster.addCdk8sChart('echo-server', chart, { ingressAlb: true, ingressAlbScheme: eks.AlbScheme.INTERNAL }); + + // the deletion of `echoServer` is what instructs the controller to delete the ELB. + // so we need to make sure this happens before the controller is deleted. + echoServer.node.addDependency(cluster.albController ?? []); + + const loadBalancerAddress = cluster.getIngressLoadBalancerAddress(ingress.name, { timeout: Duration.minutes(10) }); + + // create a resource that hits the load balancer to make sure + // everything is wired properly. + const pinger = new Pinger(this, 'IngressPinger', { + url: `http://${loadBalancerAddress}`, + vpc: cluster.vpc, + }); + + // this should display the 'hello' text we gave to the server + new CfnOutput(this, 'IngressPingerResponse', { + value: pinger.response, + }); + + } +} + +const app = new App(); +new EksClusterAlbControllerStack(app, 'aws-cdk-eks-cluster-alb-controller-test'); +app.synth(); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json index 8ec7f02e4bd0c..094bd516c133e 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json @@ -696,27 +696,6 @@ "ToPort": 443 } }, - "ClusterControlPlaneSecurityGroupfromawscdkeksclustertestClusterInferenceInstancesInstanceSecurityGroup42C57C51443E3176F85": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from awscdkeksclustertestClusterInferenceInstancesInstanceSecurityGroup42C57C51:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "ClusterControlPlaneSecurityGroupD274242C", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", - "GroupId" - ] - }, - "ToPort": 443 - } - }, "ClusterCreationRole360249B6": { "Type": "AWS::IAM::Role", "Properties": { @@ -1116,27 +1095,6 @@ "ToPort": 443 } }, - "ClusterClusterSecurityGroupfromawscdkeksclustertestClusterInferenceInstancesInstanceSecurityGroup42C57C5144320402117": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from awscdkeksclustertestClusterInferenceInstancesInstanceSecurityGroup42C57C51:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "Cluster9EE0221C", - "ClusterSecurityGroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", - "GroupId" - ] - }, - "ToPort": 443 - } - }, "ClusterAwsAuthmanifestFE51F8AE": { "Type": "Custom::AWSCDK-EKS-KubernetesResource", "Properties": { @@ -1207,13 +1165,6 @@ ] }, "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]},{\\\"rolearn\\\":\\\"", - { - "Fn::GetAtt": [ - "ClusterInferenceInstancesInstanceRole59AC6F56", - "Arn" - ] - }, - "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]},{\\\"rolearn\\\":\\\"", { "Fn::GetAtt": [ "ClusterNodegroupextrangNodeGroupRole23AE23D0", @@ -2762,132 +2713,7 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-eks-cluster-test/Cluster/InferenceInstances" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclustertestClusterInferenceInstancesInstanceSecurityGroup42C57C51ALLTRAFFICB6138869": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "-1", - "Description": "from awscdkeksclustertestClusterInferenceInstancesInstanceSecurityGroup42C57C51:ALL TRAFFIC", - "GroupId": { - "Fn::GetAtt": [ - "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", - "GroupId" - ] - } - } - }, - "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclustertestClusterClusterSecurityGroupF7265A32443F6A7B9A5": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from awscdkeksclustertestClusterClusterSecurityGroupF7265A32:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "Cluster9EE0221C", - "ClusterSecurityGroupId" - ] - }, - "ToPort": 443 - } - }, - "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclustertestClusterControlPlaneSecurityGroup2F1301344437B48FD33": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from awscdkeksclustertestClusterControlPlaneSecurityGroup2F130134:443", - "FromPort": 443, - "GroupId": { - "Fn::GetAtt": [ - "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "ClusterControlPlaneSecurityGroupD274242C", - "GroupId" - ] - }, - "ToPort": 443 - } - }, - "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclustertestClusterClusterSecurityGroupF7265A321025655351C7B1E72": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from awscdkeksclustertestClusterClusterSecurityGroupF7265A32:1025-65535", - "FromPort": 1025, - "GroupId": { - "Fn::GetAtt": [ - "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "Cluster9EE0221C", - "ClusterSecurityGroupId" - ] - }, - "ToPort": 65535 - } - }, - "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclustertestClusterControlPlaneSecurityGroup2F130134102565535A460F673": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from awscdkeksclustertestClusterControlPlaneSecurityGroup2F130134:1025-65535", - "FromPort": 1025, - "GroupId": { - "Fn::GetAtt": [ - "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "ClusterControlPlaneSecurityGroupD274242C", - "GroupId" - ] - }, - "ToPort": 65535 - } - }, - "ClusterInferenceInstancesInstanceRole59AC6F56": { + "ClusterNodegroupextrangNodeGroupRole23AE23D0": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -2949,314 +2775,87 @@ ] ] } - ], - "Tags": [ - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "Cluster9EE0221C" - } - ] - ] - }, - "Value": "owned" - }, - { - "Key": "Name", - "Value": "aws-cdk-eks-cluster-test/Cluster/InferenceInstances" - } ] } }, - "ClusterInferenceInstancesInstanceProfile5A1209B4": { - "Type": "AWS::IAM::InstanceProfile", + "ClusterNodegroupextrangF9406A09": { + "Type": "AWS::EKS::Nodegroup", "Properties": { - "Roles": [ + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "NodeRole": { + "Fn::GetAtt": [ + "ClusterNodegroupextrangNodeGroupRole23AE23D0", + "Arn" + ] + }, + "Subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, { - "Ref": "ClusterInferenceInstancesInstanceRole59AC6F56" + "Ref": "VpcPrivateSubnet3SubnetF258B56E" } - ] + ], + "AmiType": "AL2_x86_64", + "ForceUpdateEnabled": true, + "InstanceTypes": [ + "t3.small" + ], + "ScalingConfig": { + "DesiredSize": 1, + "MaxSize": 1, + "MinSize": 1 + } } }, - "ClusterInferenceInstancesLaunchConfig03BF48FE": { - "Type": "AWS::AutoScaling::LaunchConfiguration", + "ClusterNodegroupextrangspotNodeGroupRoleB53B4857": { + "Type": "AWS::IAM::Role", "Properties": { - "ImageId": { - "Ref": "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2gpurecommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" - }, - "InstanceType": "inf1.2xlarge", - "IamInstanceProfile": { - "Ref": "ClusterInferenceInstancesInstanceProfile5A1209B4" + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" }, - "SecurityGroups": [ + "ManagedPolicyArns": [ { - "Fn::GetAtt": [ - "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", - "GroupId" + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] ] }, { - "Fn::GetAtt": [ - "Cluster9EE0221C", - "ClusterSecurityGroupId" - ] - } - ], - "UserData": { - "Fn::Base64": { "Fn::Join": [ "", [ - "#!/bin/bash\nset -o xtrace\n/etc/eks/bootstrap.sh ", - { - "Ref": "Cluster9EE0221C" - }, - " --kubelet-extra-args \"--node-labels lifecycle=OnDemand\" --apiserver-endpoint '", - { - "Fn::GetAtt": [ - "Cluster9EE0221C", - "Endpoint" - ] - }, - "' --b64-cluster-ca '", - { - "Fn::GetAtt": [ - "Cluster9EE0221C", - "CertificateAuthorityData" - ] - }, - "' --use-max-pods true\n/opt/aws/bin/cfn-signal --exit-code $? --stack aws-cdk-eks-cluster-test --resource ClusterInferenceInstancesASGE90717C7 --region test-region" - ] - ] - } - } - }, - "DependsOn": [ - "ClusterInferenceInstancesInstanceRole59AC6F56" - ] - }, - "ClusterInferenceInstancesASGE90717C7": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "Properties": { - "MaxSize": "1", - "MinSize": "1", - "LaunchConfigurationName": { - "Ref": "ClusterInferenceInstancesLaunchConfig03BF48FE" - }, - "Tags": [ - { - "Key": { - "Fn::Join": [ - "", - [ - "kubernetes.io/cluster/", - { - "Ref": "Cluster9EE0221C" - } - ] - ] - }, - "PropagateAtLaunch": true, - "Value": "owned" - }, - { - "Key": "Name", - "PropagateAtLaunch": true, - "Value": "aws-cdk-eks-cluster-test/Cluster/InferenceInstances" - } - ], - "VPCZoneIdentifier": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - }, - { - "Ref": "VpcPrivateSubnet3SubnetF258B56E" - } - ] - }, - "UpdatePolicy": { - "AutoScalingScheduledAction": { - "IgnoreUnmodifiedGroupSizeProperties": true - } - } - }, - "ClustermanifestNeuronDevicePlugin0B3E0D17": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awscdkeksclustertestawscdkawseksKubectlProviderframeworkonEventC681B49AArn" - ] - }, - "Manifest": "[{\"apiVersion\":\"apps/v1\",\"kind\":\"DaemonSet\",\"metadata\":{\"name\":\"neuron-device-plugin-daemonset\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c88223d575036bcf663303b6778373ae4854f1fe3b\":\"\"}},\"spec\":{\"selector\":{\"matchLabels\":{\"name\":\"neuron-device-plugin-ds\"}},\"updateStrategy\":{\"type\":\"RollingUpdate\"},\"template\":{\"metadata\":{\"annotations\":{\"scheduler.alpha.kubernetes.io/critical-pod\":\"\"},\"labels\":{\"name\":\"neuron-device-plugin-ds\"}},\"spec\":{\"tolerations\":[{\"key\":\"CriticalAddonsOnly\",\"operator\":\"Exists\"},{\"key\":\"aws.amazon.com/neuron\",\"operator\":\"Exists\",\"effect\":\"NoSchedule\"}],\"priorityClassName\":\"system-node-critical\",\"affinity\":{\"nodeAffinity\":{\"requiredDuringSchedulingIgnoredDuringExecution\":{\"nodeSelectorTerms\":[{\"matchExpressions\":[{\"key\":\"beta.kubernetes.io/instance-type\",\"operator\":\"In\",\"values\":[\"inf1.xlarge\",\"inf1.2xlarge\",\"inf1.6xlarge\",\"inf1.4xlarge\"]}]},{\"matchExpressions\":[{\"key\":\"node.kubernetes.io/instance-type\",\"operator\":\"In\",\"values\":[\"inf1.xlarge\",\"inf1.2xlarge\",\"inf1.6xlarge\",\"inf1.24xlarge\"]}]}]}}},\"containers\":[{\"image\":\"790709498068.dkr.ecr.us-west-2.amazonaws.com/neuron-device-plugin:1.0.9043.0\",\"imagePullPolicy\":\"Always\",\"name\":\"k8s-neuron-device-plugin-ctr\",\"securityContext\":{\"allowPrivilegeEscalation\":false,\"capabilities\":{\"drop\":[\"ALL\"]}},\"volumeMounts\":[{\"name\":\"device-plugin\",\"mountPath\":\"/var/lib/kubelet/device-plugins\"}]}],\"volumes\":[{\"name\":\"device-plugin\",\"hostPath\":{\"path\":\"/var/lib/kubelet/device-plugins\"}}]}}}}]", - "ClusterName": { - "Ref": "Cluster9EE0221C" - }, - "RoleArn": { - "Fn::GetAtt": [ - "ClusterCreationRole360249B6", - "Arn" - ] - }, - "PruneLabel": "aws.cdk.eks/prune-c88223d575036bcf663303b6778373ae4854f1fe3b" - }, - "DependsOn": [ - "ClusterKubectlReadyBarrier200052AF" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "ClusterNodegroupextrangNodeGroupRole23AE23D0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "ec2.", - { - "Ref": "AWS::URLSuffix" - } - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "ClusterNodegroupextrangF9406A09": { - "Type": "AWS::EKS::Nodegroup", - "Properties": { - "ClusterName": { - "Ref": "Cluster9EE0221C" - }, - "NodeRole": { - "Fn::GetAtt": [ - "ClusterNodegroupextrangNodeGroupRole23AE23D0", - "Arn" - ] - }, - "Subnets": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - }, - { - "Ref": "VpcPrivateSubnet3SubnetF258B56E" - } - ], - "AmiType": "AL2_x86_64", - "ForceUpdateEnabled": true, - "InstanceTypes": [ - "t3.small" - ], - "ScalingConfig": { - "DesiredSize": 1, - "MaxSize": 1, - "MinSize": 1 - } - } - }, - "ClusterNodegroupextrangspotNodeGroupRoleB53B4857": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "ec2.", - { - "Ref": "AWS::URLSuffix" - } - ] - ] - } - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", + "arn:", { "Ref": "AWS::Partition" }, @@ -3516,7 +3115,7 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "Clustermanifestcdk8schart6B444884": { + "Clustercdk8schartDADD257F": { "Type": "Custom::AWSCDK-EKS-KubernetesResource", "Properties": { "ServiceToken": { @@ -3529,11 +3128,11 @@ "Fn::Join": [ "", [ - "[{\"apiVersion\":\"v1\",\"data\":{\"clusterName\":\"", + "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"data\":{\"clusterName\":\"", { "Ref": "Cluster9EE0221C" }, - "\"},\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"chart-config-map-configmap-cccf3117\",\"labels\":{\"aws.cdk.eks/prune-c8cd9cb2e127e0b0375ebc544f18d8513721895a27\":\"\"}}}]" + "\"},\"metadata\":{\"name\":\"chart-config-map-c820e51c\",\"labels\":{\"aws.cdk.eks/prune-c89c99db0e333353528b2e912b1fb988b6870edc75\":\"\"}}}]" ] ] }, @@ -3546,7 +3145,7 @@ "Arn" ] }, - "PruneLabel": "aws.cdk.eks/prune-c8cd9cb2e127e0b0375ebc544f18d8513721895a27" + "PruneLabel": "aws.cdk.eks/prune-c89c99db0e333353528b2e912b1fb988b6870edc75" }, "DependsOn": [ "ClusterKubectlReadyBarrier200052AF" @@ -3755,106 +3354,8 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "ClustermanifestsimplewebpodC2D35484": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awscdkeksclustertestawscdkawseksKubectlProviderframeworkonEventC681B49AArn" - ] - }, - "Manifest": "[{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"webpod\",\"labels\":{\"aws.cdk.eks/prune-c8b6a5b3e6f9f4f1aa9dc400a13c96633da4822b2d\":\"\",\"app\":\"simple-web\"}},\"spec\":{\"containers\":[{\"name\":\"simplewebcontainer\",\"image\":\"nginx\",\"ports\":[{\"containerPort\":80}]}]}}]", - "ClusterName": { - "Ref": "Cluster9EE0221C" - }, - "RoleArn": { - "Fn::GetAtt": [ - "ClusterCreationRole360249B6", - "Arn" - ] - }, - "PruneLabel": "aws.cdk.eks/prune-c8b6a5b3e6f9f4f1aa9dc400a13c96633da4822b2d" - }, - "DependsOn": [ - "ClusterKubectlReadyBarrier200052AF" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "Clustermanifestsimplewebservice4594DB30": { - "Type": "Custom::AWSCDK-EKS-KubernetesResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awscdkeksclustertestawscdkawseksKubectlProviderframeworkonEventC681B49AArn" - ] - }, - "Manifest": { - "Fn::Join": [ - "", - [ - "[{\"kind\":\"Service\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"webservice\",\"annotations\":{\"service.beta.kubernetes.io/aws-load-balancer-internal\":\"true\",\"service.beta.kubernetes.io/aws-load-balancer-extra-security-groups\":\"", - { - "Fn::GetAtt": [ - "WebServiceSecurityGroupA556AEB5", - "GroupId" - ] - }, - "\"},\"labels\":{\"aws.cdk.eks/prune-c84c09bc8d75d4cc4d672e0d3872dcdb35f628dc2c\":\"\"}},\"spec\":{\"type\":\"LoadBalancer\",\"ports\":[{\"port\":9000,\"targetPort\":80}],\"selector\":{\"app\":\"simple-web\"}}}]" - ] - ] - }, - "ClusterName": { - "Ref": "Cluster9EE0221C" - }, - "RoleArn": { - "Fn::GetAtt": [ - "ClusterCreationRole360249B6", - "Arn" - ] - }, - "PruneLabel": "aws.cdk.eks/prune-c84c09bc8d75d4cc4d672e0d3872dcdb35f628dc2c" - }, - "DependsOn": [ - "ClusterKubectlReadyBarrier200052AF" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "ClusterwebserviceLoadBalancerAddress38B566FF": { - "Type": "Custom::AWSCDK-EKS-KubernetesObjectValue", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", - "Outputs.awscdkeksclustertestawscdkawseksKubectlProviderframeworkonEventC681B49AArn" - ] - }, - "ClusterName": { - "Ref": "Cluster9EE0221C" - }, - "RoleArn": { - "Fn::GetAtt": [ - "ClusterCreationRole360249B6", - "Arn" - ] - }, - "ObjectType": "service", - "ObjectName": "webservice", - "ObjectNamespace": "default", - "JsonPath": ".status.loadBalancer.ingress[0].hostname", - "TimeoutSeconds": 300 - }, - "DependsOn": [ - "ClusterKubectlReadyBarrier200052AF" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { - "Type": "AWS::CloudFormation::Stack", + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { + "Type": "AWS::CloudFormation::Stack", "Properties": { "TemplateURL": { "Fn::Join": [ @@ -3866,7 +3367,7 @@ }, "/", { - "Ref": "AssetParameters814bd2987aca76da9dffdab2f4cd144ebec3a7f5c35d6cd55548442ec311be8cS3Bucket43FFBFD7" + "Ref": "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eS3Bucket297B6E78" }, "/", { @@ -3876,7 +3377,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters814bd2987aca76da9dffdab2f4cd144ebec3a7f5c35d6cd55548442ec311be8cS3VersionKeyC7429316" + "Ref": "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eS3VersionKey285AE936" } ] } @@ -3889,7 +3390,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters814bd2987aca76da9dffdab2f4cd144ebec3a7f5c35d6cd55548442ec311be8cS3VersionKeyC7429316" + "Ref": "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eS3VersionKey285AE936" } ] } @@ -3899,23 +3400,23 @@ ] }, "Parameters": { + "referencetoawscdkeksclustertestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1771F046Ref": { + "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681" + }, + "referencetoawscdkeksclustertestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyDA854AFERef": { + "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791" + }, "referencetoawscdkeksclustertestClusterCreationRole95F44854Arn": { "Fn::GetAtt": [ "ClusterCreationRole360249B6", "Arn" ] }, - "referencetoawscdkeksclustertestAssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3BucketB7F30483Ref": { - "Ref": "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3Bucket5B1EB03C" + "referencetoawscdkeksclustertestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket958E1227Ref": { + "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F" }, - "referencetoawscdkeksclustertestAssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKeyC41131F8Ref": { - "Ref": "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey51E064E9" - }, - "referencetoawscdkeksclustertestAssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3BucketEA485873Ref": { - "Ref": "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3Bucket40405135" - }, - "referencetoawscdkeksclustertestAssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKey2E164B3ERef": { - "Ref": "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKey50B477EB" + "referencetoawscdkeksclustertestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKeyA985D634Ref": { + "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56" }, "referencetoawscdkeksclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket0815E7B5Ref": { "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" @@ -4258,314 +3759,6 @@ "DependsOn": [ "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867" ] - }, - "WebServiceSecurityGroupA556AEB5": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "aws-cdk-eks-cluster-test/WebServiceSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "WebServiceSecurityGroupfromawscdkeksclustertestWebServiceSecurityGroup62BA456890005BF0F34B": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "allow http 9000 access from myself", - "FromPort": 9000, - "GroupId": { - "Fn::GetAtt": [ - "WebServiceSecurityGroupA556AEB5", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "WebServiceSecurityGroupA556AEB5", - "GroupId" - ] - }, - "ToPort": 9000 - } - }, - "ServicePingerFunctionServiceRole3120191B": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" - ] - ] - } - ] - } - }, - "ServicePingerFunctionADF51BAF": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3BucketA6642550" - }, - "S3Key": { - "Fn::Join": [ - "", - [ - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3VersionKeyFEC50F65" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3VersionKeyFEC50F65" - } - ] - } - ] - } - ] - ] - } - }, - "Role": { - "Fn::GetAtt": [ - "ServicePingerFunctionServiceRole3120191B", - "Arn" - ] - }, - "Handler": "index.handler", - "Runtime": "python3.6", - "Timeout": 600, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Fn::GetAtt": [ - "WebServiceSecurityGroupA556AEB5", - "GroupId" - ] - } - ], - "SubnetIds": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - }, - { - "Ref": "VpcPrivateSubnet3SubnetF258B56E" - } - ] - } - }, - "DependsOn": [ - "ServicePingerFunctionServiceRole3120191B" - ] - }, - "ServicePingerProviderframeworkonEventServiceRole3DB083B7": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "ServicePingerProviderframeworkonEventServiceRoleDefaultPolicyD142E8F7": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "ServicePingerFunctionADF51BAF", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ServicePingerProviderframeworkonEventServiceRoleDefaultPolicyD142E8F7", - "Roles": [ - { - "Ref": "ServicePingerProviderframeworkonEventServiceRole3DB083B7" - } - ] - } - }, - "ServicePingerProviderframeworkonEventEC59DE20": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" - }, - "S3Key": { - "Fn::Join": [ - "", - [ - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" - } - ] - } - ] - } - ] - ] - } - }, - "Role": { - "Fn::GetAtt": [ - "ServicePingerProviderframeworkonEventServiceRole3DB083B7", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - onEvent (aws-cdk-eks-cluster-test/ServicePinger/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "ServicePingerFunctionADF51BAF", - "Arn" - ] - } - } - }, - "Handler": "framework.onEvent", - "Runtime": "nodejs12.x", - "Timeout": 900 - }, - "DependsOn": [ - "ServicePingerProviderframeworkonEventServiceRoleDefaultPolicyD142E8F7", - "ServicePingerProviderframeworkonEventServiceRole3DB083B7" - ] - }, - "ServicePinger01F6DA06": { - "Type": "AWS::CloudFormation::CustomResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "ServicePingerProviderframeworkonEventEC59DE20", - "Arn" - ] - }, - "Url": { - "Fn::Join": [ - "", - [ - "http://", - { - "Fn::GetAtt": [ - "ClusterwebserviceLoadBalancerAddress38B566FF", - "Value" - ] - }, - ":9000" - ] - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" } }, "Outputs": { @@ -4609,14 +3802,6 @@ ] } }, - "Response": { - "Value": { - "Fn::GetAtt": [ - "ServicePinger01F6DA06", - "Value" - ] - } - }, "ClusterEndpoint": { "Value": { "Fn::GetAtt": [ @@ -4664,29 +3849,29 @@ } }, "Parameters": { - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3Bucket5B1EB03C": { + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681": { "Type": "String", - "Description": "S3 bucket for asset \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "S3 bucket for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" }, - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey51E064E9": { + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791": { "Type": "String", - "Description": "S3 key for asset version \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "S3 key for asset version \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" }, - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4ArtifactHash26192139": { + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665ArtifactHash9EA5AC29": { "Type": "String", - "Description": "Artifact hash for asset \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "Artifact hash for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3Bucket40405135": { + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F": { "Type": "String", - "Description": "S3 bucket for asset \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "S3 bucket for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKey50B477EB": { + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56": { "Type": "String", - "Description": "S3 key for asset version \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "S3 key for asset version \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccArtifactHashCC7E7A09": { + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afArtifactHash761F4689": { "Type": "String", - "Description": "Artifact hash for asset \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "Artifact hash for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" }, "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { "Type": "String", @@ -4760,29 +3945,17 @@ "Type": "String", "Description": "Artifact hash for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" }, - "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3BucketA6642550": { - "Type": "String", - "Description": "S3 bucket for asset \"5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636d\"" - }, - "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3VersionKeyFEC50F65": { - "Type": "String", - "Description": "S3 key for asset version \"5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636d\"" - }, - "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dArtifactHashBEC87846": { - "Type": "String", - "Description": "Artifact hash for asset \"5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636d\"" - }, - "AssetParameters814bd2987aca76da9dffdab2f4cd144ebec3a7f5c35d6cd55548442ec311be8cS3Bucket43FFBFD7": { + "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eS3Bucket297B6E78": { "Type": "String", - "Description": "S3 bucket for asset \"814bd2987aca76da9dffdab2f4cd144ebec3a7f5c35d6cd55548442ec311be8c\"" + "Description": "S3 bucket for asset \"c3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563e\"" }, - "AssetParameters814bd2987aca76da9dffdab2f4cd144ebec3a7f5c35d6cd55548442ec311be8cS3VersionKeyC7429316": { + "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eS3VersionKey285AE936": { "Type": "String", - "Description": "S3 key for asset version \"814bd2987aca76da9dffdab2f4cd144ebec3a7f5c35d6cd55548442ec311be8c\"" + "Description": "S3 key for asset version \"c3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563e\"" }, - "AssetParameters814bd2987aca76da9dffdab2f4cd144ebec3a7f5c35d6cd55548442ec311be8cArtifactHash52827559": { + "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eArtifactHash5FC88E83": { "Type": "String", - "Description": "Artifact hash for asset \"814bd2987aca76da9dffdab2f4cd144ebec3a7f5c35d6cd55548442ec311be8c\"" + "Description": "Artifact hash for asset \"c3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563e\"" }, "AssetParameters8a135d8a645edaff330758972da87b3dddc295ce07475e8d9ea8fad8c35dcb22S3Bucket0782C98E": { "Type": "String", @@ -4807,10 +3980,6 @@ "SsmParameterValueawsservicebottlerocketawsk8s121x8664latestimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { "Type": "AWS::SSM::Parameter::Value", "Default": "/aws/service/bottlerocket/aws-k8s-1.21/x86_64/latest/image_id" - }, - "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2gpurecommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/aws/service/eks/optimized-ami/1.21/amazon-linux-2-gpu/recommended/image_id" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts index c39c6edfbe9a4..e25872546c4b2 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts @@ -4,11 +4,10 @@ import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; import { App, CfnOutput, Duration, Token, Fn } from '@aws-cdk/core'; import * as cdk8s from 'cdk8s'; -import * as kplus from 'cdk8s-plus'; +import * as kplus from 'cdk8s-plus-21'; import * as constructs from 'constructs'; import * as eks from '../lib'; import * as hello from './hello-k8s'; -import { Pinger } from './pinger/pinger'; import { TestStack } from './util'; @@ -49,8 +48,6 @@ class EksClusterStack extends TestStack { this.assertSpotCapacity(); - this.assertInferenceInstances(); - this.assertNodeGroupX86(); this.assertNodeGroupSpot(); @@ -71,8 +68,6 @@ class EksClusterStack extends TestStack { this.assertServiceAccount(); - this.assertServiceLoadBalancerAddress(); - new CfnOutput(this, 'ClusterEndpoint', { value: this.cluster.clusterEndpoint }); new CfnOutput(this, 'ClusterArn', { value: this.cluster.clusterArn }); new CfnOutput(this, 'ClusterCertificateAuthorityData', { value: this.cluster.clusterCertificateAuthorityData }); @@ -213,13 +208,6 @@ class EksClusterStack extends TestStack { nodeRole: this.cluster.defaultCapacity ? this.cluster.defaultCapacity.role : undefined, }); } - private assertInferenceInstances() { - // inference instances - this.cluster.addAutoScalingGroupCapacity('InferenceInstances', { - instanceType: new ec2.InstanceType('inf1.2xlarge'), - minCapacity: 1, - }); - } private assertSpotCapacity() { // spot instances (up to 10) this.cluster.addAutoScalingGroupCapacity('spot', { @@ -267,67 +255,6 @@ class EksClusterStack extends TestStack { } - private assertServiceLoadBalancerAddress() { - - const serviceName = 'webservice'; - const labels = { app: 'simple-web' }; - const containerPort = 80; - const servicePort = 9000; - - const pingerSecurityGroup = new ec2.SecurityGroup(this, 'WebServiceSecurityGroup', { - vpc: this.vpc, - }); - - pingerSecurityGroup.addIngressRule(pingerSecurityGroup, ec2.Port.tcp(servicePort), `allow http ${servicePort} access from myself`); - - this.cluster.addManifest('simple-web-pod', { - kind: 'Pod', - apiVersion: 'v1', - metadata: { name: 'webpod', labels: labels }, - spec: { - containers: [{ - name: 'simplewebcontainer', - image: 'nginx', - ports: [{ containerPort: containerPort }], - }], - }, - }); - - this.cluster.addManifest('simple-web-service', { - kind: 'Service', - apiVersion: 'v1', - metadata: { - name: serviceName, - annotations: { - // this is furtile soil for cdk8s-plus! :) - 'service.beta.kubernetes.io/aws-load-balancer-internal': 'true', - 'service.beta.kubernetes.io/aws-load-balancer-extra-security-groups': pingerSecurityGroup.securityGroupId, - }, - }, - spec: { - type: 'LoadBalancer', - ports: [{ port: servicePort, targetPort: containerPort }], - selector: labels, - }, - }); - - const loadBalancerAddress = this.cluster.getServiceLoadBalancerAddress(serviceName); - - // create a resource that hits the load balancer to make sure - // everything is wired properly. - const pinger = new Pinger(this, 'ServicePinger', { - url: `http://${loadBalancerAddress}:${servicePort}`, - securityGroup: pingerSecurityGroup, - vpc: this.vpc, - }); - - // this should display a proper nginx response - // Welcome to nginx!... - new CfnOutput(this, 'Response', { - value: pinger.response, - }); - - } } // this test uses both the bottlerocket image and the inf1 instance, which are only supported in these diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json new file mode 100644 index 0000000000000..9bd457a515881 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json @@ -0,0 +1,2424 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.0.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.32.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet3SubnetBE12F0B6": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.64.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1c", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PublicSubnet3" + } + ] + } + }, + "VpcPublicSubnet3RouteTable93458DBB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PublicSubnet3" + } + ] + } + }, + "VpcPublicSubnet3RouteTableAssociation1F1EDF02": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet3RouteTable93458DBB" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet3SubnetBE12F0B6" + } + } + }, + "VpcPublicSubnet3DefaultRoute4697774F": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet3RouteTable93458DBB" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.96.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PrivateSubnet1" + } + ] + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PrivateSubnet1" + } + ] + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.128.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PrivateSubnet2" + } + ] + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PrivateSubnet2" + } + ] + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcPrivateSubnet3SubnetF258B56E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.160.0/19", + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1c", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PrivateSubnet3" + } + ] + } + }, + "VpcPrivateSubnet3RouteTableD98824C7": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc/PrivateSubnet3" + } + ] + } + }, + "VpcPrivateSubnet3RouteTableAssociation16BDDC43": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet3RouteTableD98824C7" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet3SubnetF258B56E" + } + } + }, + "VpcPrivateSubnet3DefaultRoute94B74F0D": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet3RouteTableD98824C7" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + } + } + }, + "ClusterRoleFA261979": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSClusterPolicy" + ] + ] + } + ] + } + }, + "ClusterControlPlaneSecurityGroupD274242C": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "EKS Control Plane Security Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "ClusterControlPlaneSecurityGroupfromawscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26F443F2D42F76": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from awscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26F:443", + "FromPort": 443, + "GroupId": { + "Fn::GetAtt": [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "GroupId" + ] + }, + "ToPort": 443 + } + }, + "ClusterCreationRole360249B6": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::12345678:root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + }, + "DependsOn": [ + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPrivateSubnet3DefaultRoute94B74F0D", + "VpcPrivateSubnet3RouteTableD98824C7", + "VpcPrivateSubnet3RouteTableAssociation16BDDC43", + "VpcPrivateSubnet3SubnetF258B56E", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "VpcPublicSubnet3DefaultRoute4697774F", + "VpcPublicSubnet3RouteTable93458DBB", + "VpcPublicSubnet3RouteTableAssociation1F1EDF02", + "VpcPublicSubnet3SubnetBE12F0B6", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ] + }, + "ClusterCreationRoleDefaultPolicyE8BDFC7B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + } + }, + { + "Action": [ + "eks:CreateCluster", + "eks:DescribeCluster", + "eks:DescribeUpdate", + "eks:DeleteCluster", + "eks:UpdateClusterVersion", + "eks:UpdateClusterConfig", + "eks:CreateFargateProfile", + "eks:TagResource", + "eks:UntagResource" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "eks:DescribeFargateProfile", + "eks:DeleteFargateProfile" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:GetRole", + "iam:listAttachedRolePolicies" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables", + "ec2:DescribeDhcpOptions", + "ec2:DescribeVpcs" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "Roles": [ + { + "Ref": "ClusterCreationRole360249B6" + } + ] + }, + "DependsOn": [ + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPrivateSubnet3DefaultRoute94B74F0D", + "VpcPrivateSubnet3RouteTableD98824C7", + "VpcPrivateSubnet3RouteTableAssociation16BDDC43", + "VpcPrivateSubnet3SubnetF258B56E", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "VpcPublicSubnet3DefaultRoute4697774F", + "VpcPublicSubnet3RouteTable93458DBB", + "VpcPublicSubnet3RouteTableAssociation1F1EDF02", + "VpcPublicSubnet3SubnetBE12F0B6", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ] + }, + "Cluster9EE0221C": { + "Type": "Custom::AWSCDK-EKS-Cluster", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", + "Outputs.awscdkeksclusterinferencetestawscdkawseksClusterResourceProviderframeworkonEventD8B63F01Arn" + ] + }, + "Config": { + "version": "1.21", + "roleArn": { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + }, + "resourcesVpcConfig": { + "subnetIds": [ + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + { + "Ref": "VpcPublicSubnet3SubnetBE12F0B6" + }, + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + { + "Ref": "VpcPrivateSubnet3SubnetF258B56E" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId" + ] + } + ], + "endpointPublicAccess": true, + "endpointPrivateAccess": true + } + }, + "AssumeRoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "AttributesRevision": 2 + }, + "DependsOn": [ + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPrivateSubnet3DefaultRoute94B74F0D", + "VpcPrivateSubnet3RouteTableD98824C7", + "VpcPrivateSubnet3RouteTableAssociation16BDDC43", + "VpcPrivateSubnet3SubnetF258B56E", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "VpcPublicSubnet3DefaultRoute4697774F", + "VpcPublicSubnet3RouteTable93458DBB", + "VpcPublicSubnet3RouteTableAssociation1F1EDF02", + "VpcPublicSubnet3SubnetBE12F0B6", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterKubectlReadyBarrier200052AF": { + "Type": "AWS::SSM::Parameter", + "Properties": { + "Type": "String", + "Value": "aws:cdk:eks:kubectl-ready" + }, + "DependsOn": [ + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C" + ] + }, + "ClusterClusterSecurityGroupfromawscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26F443B80CEDBD": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from awscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26F:443", + "FromPort": 443, + "GroupId": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "ClusterSecurityGroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "GroupId" + ] + }, + "ToPort": 443 + } + }, + "ClusterMastersRole9AA35625": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::12345678:root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ClusterAwsAuthmanifestFE51F8AE": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclusterinferencetestawscdkawseksKubectlProviderframeworkonEvent96006823Arn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c82054d8b149d8310a04e51ad7e30cde4cd28cf27e\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + }, + "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]},{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterInferenceInstancesInstanceRole59AC6F56", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" + ] + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c82054d8b149d8310a04e51ad7e30cde4cd28cf27e", + "Overwrite": true + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterOpenIdConnectProviderE7EB0530": { + "Type": "Custom::AWSCDKOpenIdConnectProvider", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0", + "Arn" + ] + }, + "ClientIDList": [ + "sts.amazonaws.com" + ], + "ThumbprintList": [ + "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" + ], + "Url": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "OpenIdConnectIssuerUrl" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKS_CNI_Policy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "ClusterNodegroupDefaultCapacityDA0920A3": { + "Type": "AWS::EKS::Nodegroup", + "Properties": { + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "NodeRole": { + "Fn::GetAtt": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn" + ] + }, + "Subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + { + "Ref": "VpcPrivateSubnet3SubnetF258B56E" + } + ], + "AmiType": "AL2_x86_64", + "ForceUpdateEnabled": true, + "InstanceTypes": [ + "m5.large" + ], + "ScalingConfig": { + "DesiredSize": 2, + "MaxSize": 2, + "MinSize": 2 + } + } + }, + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-cdk-eks-cluster-inference-test/Cluster/InferenceInstances/InstanceSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Cluster/InferenceInstances" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26FALLTRAFFICE41AF78F": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "-1", + "Description": "from awscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26F:ALL TRAFFIC", + "GroupId": { + "Fn::GetAtt": [ + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "GroupId" + ] + } + } + }, + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D5044357063ABC": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from awscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D50:443", + "FromPort": 443, + "GroupId": { + "Fn::GetAtt": [ + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "ClusterSecurityGroupId" + ] + }, + "ToPort": 443 + } + }, + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F44333DD9D3A": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from awscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F:443", + "FromPort": 443, + "GroupId": { + "Fn::GetAtt": [ + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId" + ] + }, + "ToPort": 443 + } + }, + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D50102565535161321E6": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from awscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D50:1025-65535", + "FromPort": 1025, + "GroupId": { + "Fn::GetAtt": [ + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "ClusterSecurityGroupId" + ] + }, + "ToPort": 65535 + } + }, + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F102565535438D562E": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from awscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F:1025-65535", + "FromPort": 1025, + "GroupId": { + "Fn::GetAtt": [ + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId" + ] + }, + "ToPort": 65535 + } + }, + "ClusterInferenceInstancesInstanceRole59AC6F56": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKS_CNI_Policy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ], + "Tags": [ + { + "Key": { + "Fn::Join": [ + "", + [ + "kubernetes.io/cluster/", + { + "Ref": "Cluster9EE0221C" + } + ] + ] + }, + "Value": "owned" + }, + { + "Key": "Name", + "Value": "aws-cdk-eks-cluster-inference-test/Cluster/InferenceInstances" + } + ] + } + }, + "ClusterInferenceInstancesInstanceProfile5A1209B4": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "ClusterInferenceInstancesInstanceRole59AC6F56" + } + ] + } + }, + "ClusterInferenceInstancesLaunchConfig03BF48FE": { + "Type": "AWS::AutoScaling::LaunchConfiguration", + "Properties": { + "ImageId": { + "Ref": "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2gpurecommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "inf1.2xlarge", + "IamInstanceProfile": { + "Ref": "ClusterInferenceInstancesInstanceProfile5A1209B4" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "GroupId" + ] + }, + { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "ClusterSecurityGroupId" + ] + } + ], + "UserData": { + "Fn::Base64": { + "Fn::Join": [ + "", + [ + "#!/bin/bash\nset -o xtrace\n/etc/eks/bootstrap.sh ", + { + "Ref": "Cluster9EE0221C" + }, + " --kubelet-extra-args \"--node-labels lifecycle=OnDemand\" --apiserver-endpoint '", + { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "Endpoint" + ] + }, + "' --b64-cluster-ca '", + { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "CertificateAuthorityData" + ] + }, + "' --use-max-pods true\n/opt/aws/bin/cfn-signal --exit-code $? --stack aws-cdk-eks-cluster-inference-test --resource ClusterInferenceInstancesASGE90717C7 --region test-region" + ] + ] + } + } + }, + "DependsOn": [ + "ClusterInferenceInstancesInstanceRole59AC6F56" + ] + }, + "ClusterInferenceInstancesASGE90717C7": { + "Type": "AWS::AutoScaling::AutoScalingGroup", + "Properties": { + "MaxSize": "1", + "MinSize": "1", + "LaunchConfigurationName": { + "Ref": "ClusterInferenceInstancesLaunchConfig03BF48FE" + }, + "Tags": [ + { + "Key": { + "Fn::Join": [ + "", + [ + "kubernetes.io/cluster/", + { + "Ref": "Cluster9EE0221C" + } + ] + ] + }, + "PropagateAtLaunch": true, + "Value": "owned" + }, + { + "Key": "Name", + "PropagateAtLaunch": true, + "Value": "aws-cdk-eks-cluster-inference-test/Cluster/InferenceInstances" + } + ], + "VPCZoneIdentifier": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + { + "Ref": "VpcPrivateSubnet3SubnetF258B56E" + } + ] + }, + "UpdatePolicy": { + "AutoScalingScheduledAction": { + "IgnoreUnmodifiedGroupSizeProperties": true + } + } + }, + "ClustermanifestNeuronDevicePlugin0B3E0D17": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclusterinferencetestawscdkawseksKubectlProviderframeworkonEvent96006823Arn" + ] + }, + "Manifest": "[{\"apiVersion\":\"apps/v1\",\"kind\":\"DaemonSet\",\"metadata\":{\"name\":\"neuron-device-plugin-daemonset\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c863e4201358c09b3f92695ba8b0faf739f572311b\":\"\"}},\"spec\":{\"selector\":{\"matchLabels\":{\"name\":\"neuron-device-plugin-ds\"}},\"updateStrategy\":{\"type\":\"RollingUpdate\"},\"template\":{\"metadata\":{\"annotations\":{\"scheduler.alpha.kubernetes.io/critical-pod\":\"\"},\"labels\":{\"name\":\"neuron-device-plugin-ds\"}},\"spec\":{\"tolerations\":[{\"key\":\"CriticalAddonsOnly\",\"operator\":\"Exists\"},{\"key\":\"aws.amazon.com/neuron\",\"operator\":\"Exists\",\"effect\":\"NoSchedule\"}],\"priorityClassName\":\"system-node-critical\",\"affinity\":{\"nodeAffinity\":{\"requiredDuringSchedulingIgnoredDuringExecution\":{\"nodeSelectorTerms\":[{\"matchExpressions\":[{\"key\":\"beta.kubernetes.io/instance-type\",\"operator\":\"In\",\"values\":[\"inf1.xlarge\",\"inf1.2xlarge\",\"inf1.6xlarge\",\"inf1.4xlarge\"]}]},{\"matchExpressions\":[{\"key\":\"node.kubernetes.io/instance-type\",\"operator\":\"In\",\"values\":[\"inf1.xlarge\",\"inf1.2xlarge\",\"inf1.6xlarge\",\"inf1.24xlarge\"]}]}]}}},\"containers\":[{\"image\":\"790709498068.dkr.ecr.us-west-2.amazonaws.com/neuron-device-plugin:1.0.9043.0\",\"imagePullPolicy\":\"Always\",\"name\":\"k8s-neuron-device-plugin-ctr\",\"securityContext\":{\"allowPrivilegeEscalation\":false,\"capabilities\":{\"drop\":[\"ALL\"]}},\"volumeMounts\":[{\"name\":\"device-plugin\",\"mountPath\":\"/var/lib/kubelet/device-plugins\"}]}],\"volumes\":[{\"name\":\"device-plugin\",\"hostPath\":{\"path\":\"/var/lib/kubelet/device-plugins\"}}]}}}}]", + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c863e4201358c09b3f92695ba8b0faf739f572311b" + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.test-region.", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3S3BucketB433C27A" + }, + "/", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3S3VersionKey47D97053" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3S3VersionKey47D97053" + } + ] + } + ] + } + ] + ] + }, + "Parameters": { + "referencetoawscdkeksclusterinferencetestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket61E9D480Ref": { + "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681" + }, + "referencetoawscdkeksclusterinferencetestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyE5228CD2Ref": { + "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791" + }, + "referencetoawscdkeksclusterinferencetestClusterCreationRoleE75B6E1BArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "referencetoawscdkeksclusterinferencetestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket006FF27FRef": { + "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F" + }, + "referencetoawscdkeksclusterinferencetestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey6EF1226BRef": { + "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56" + }, + "referencetoawscdkeksclusterinferencetestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketE649D818Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + }, + "referencetoawscdkeksclusterinferencetestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey46F53AF7Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.test-region.", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8S3BucketCEB8731F" + }, + "/", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8S3VersionKey31DCE19E" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8S3VersionKey31DCE19E" + } + ] + } + ] + } + ] + ] + }, + "Parameters": { + "referencetoawscdkeksclusterinferencetestClusterF6AC11E0Arn": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "Arn" + ] + }, + "referencetoawscdkeksclusterinferencetestClusterCreationRoleE75B6E1BArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "referencetoawscdkeksclusterinferencetestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketF92D0EC1Ref": { + "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9" + }, + "referencetoawscdkeksclusterinferencetestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKey32B182B9Ref": { + "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421" + }, + "referencetoawscdkeksclusterinferencetestVpcPrivateSubnet1Subnet57B9547BRef": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + "referencetoawscdkeksclusterinferencetestVpcPrivateSubnet2Subnet006B3B78Ref": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + "referencetoawscdkeksclusterinferencetestVpcPrivateSubnet3Subnet36C379A4Ref": { + "Ref": "VpcPrivateSubnet3SubnetF258B56E" + }, + "referencetoawscdkeksclusterinferencetestClusterF6AC11E0ClusterSecurityGroupId": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "ClusterSecurityGroupId" + ] + }, + "referencetoawscdkeksclusterinferencetestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketA131D9DBRef": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + }, + "referencetoawscdkeksclusterinferencetestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey492BD4E4Ref": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + }, + "referencetoawscdkeksclusterinferencetestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketB71217D7Ref": { + "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" + }, + "referencetoawscdkeksclusterinferencetestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyAAC64236Ref": { + "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565" + }, + "referencetoawscdkeksclusterinferencetestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketE649D818Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + }, + "referencetoawscdkeksclusterinferencetestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey46F53AF7Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsaConditionJson1B3BEA47": { + "Type": "Custom::AWSCDKCfnJson", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57", + "Arn" + ] + }, + "Value": { + "Fn::Join": [ + "", + [ + "{\"", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":oidc-provider/", + { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + ] + } + ] + }, + ":aud\":\"sts.amazonaws.com\",\"", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":oidc-provider/", + { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + ] + } + ] + }, + ":sub\":\"system:serviceaccount:kube-system:aws-load-balancer-controller\"}" + ] + ] + } + }, + "DependsOn": [ + "ClusterInferenceInstancesASGE90717C7", + "ClusterInferenceInstancesInstanceProfile5A1209B4", + "ClusterInferenceInstancesInstanceRole59AC6F56", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D50102565535161321E6", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D5044357063ABC", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F102565535438D562E", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F44333DD9D3A", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26FALLTRAFFICE41AF78F", + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "ClusterInferenceInstancesLaunchConfig03BF48FE", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsaRole836823A9": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "Fn::GetAtt": [ + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsaConditionJson1B3BEA47", + "Value" + ] + } + }, + "Effect": "Allow", + "Principal": { + "Federated": { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + } + } + ], + "Version": "2012-10-17" + } + }, + "DependsOn": [ + "ClusterInferenceInstancesASGE90717C7", + "ClusterInferenceInstancesInstanceProfile5A1209B4", + "ClusterInferenceInstancesInstanceRole59AC6F56", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D50102565535161321E6", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D5044357063ABC", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F102565535438D562E", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F44333DD9D3A", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26FALLTRAFFICE41AF78F", + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "ClusterInferenceInstancesLaunchConfig03BF48FE", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3" + ] + }, + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsaRoleDefaultPolicyD7901D6C": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:CreateSecurityGroup", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:security-group/*" + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:security-group/*" + }, + { + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + }, + { + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Effect": "Allow", + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsaRoleDefaultPolicyD7901D6C", + "Roles": [ + { + "Ref": "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsaRole836823A9" + } + ] + }, + "DependsOn": [ + "ClusterInferenceInstancesASGE90717C7", + "ClusterInferenceInstancesInstanceProfile5A1209B4", + "ClusterInferenceInstancesInstanceRole59AC6F56", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D50102565535161321E6", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D5044357063ABC", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F102565535438D562E", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F44333DD9D3A", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26FALLTRAFFICE41AF78F", + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "ClusterInferenceInstancesLaunchConfig03BF48FE", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3" + ] + }, + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsamanifestalbsaServiceAccountResourceCB9C8B9F": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclusterinferencetestawscdkawseksKubectlProviderframeworkonEvent96006823Arn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"ServiceAccount\",\"metadata\":{\"name\":\"aws-load-balancer-controller\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c8cb19ec57bf1ebd84c9b96a69357098c59bdf4023\":\"\",\"app.kubernetes.io/name\":\"aws-load-balancer-controller\"},\"annotations\":{\"eks.amazonaws.com/role-arn\":\"", + { + "Fn::GetAtt": [ + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsaRole836823A9", + "Arn" + ] + }, + "\"}}}]" + ] + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c8cb19ec57bf1ebd84c9b96a69357098c59bdf4023" + }, + "DependsOn": [ + "ClusterInferenceInstancesASGE90717C7", + "ClusterInferenceInstancesInstanceProfile5A1209B4", + "ClusterInferenceInstancesInstanceRole59AC6F56", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D50102565535161321E6", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D5044357063ABC", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F102565535438D562E", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F44333DD9D3A", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26FALLTRAFFICE41AF78F", + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "ClusterInferenceInstancesLaunchConfig03BF48FE", + "ClusterKubectlReadyBarrier200052AF", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControllerACDC8D4F": { + "Type": "Custom::AWSCDK-EKS-HelmChart", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awscdkeksclusterinferencetestawscdkawseksKubectlProviderframeworkonEvent96006823Arn" + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "Release": "aws-load-balancer-controller", + "Chart": "aws-load-balancer-controller", + "Version": "1.2.7", + "Wait": true, + "Timeout": "900s", + "Values": { + "Fn::Join": [ + "", + [ + "{\"clusterName\":\"", + { + "Ref": "Cluster9EE0221C" + }, + "\",\"serviceAccount\":{\"create\":false,\"name\":\"aws-load-balancer-controller\"},\"region\":\"test-region\",\"vpcId\":\"", + { + "Ref": "Vpc8378EB38" + }, + "\",\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.3.0\"}" + ] + ] + }, + "Namespace": "kube-system", + "Repository": "https://aws.github.io/eks-charts", + "CreateNamespace": true + }, + "DependsOn": [ + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsaConditionJson1B3BEA47", + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsamanifestalbsaServiceAccountResourceCB9C8B9F", + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsaRoleDefaultPolicyD7901D6C", + "awscdkeksclusterinferencetestClusterEBBBA1ACAlbControlleralbsaRole836823A9", + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterInferenceInstancesASGE90717C7", + "ClusterInferenceInstancesInstanceProfile5A1209B4", + "ClusterInferenceInstancesInstanceRole59AC6F56", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D50102565535161321E6", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterClusterSecurityGroupAFDB8D5044357063ABC", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F102565535438D562E", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterControlPlaneSecurityGroupDA4CA86F44333DD9D3A", + "ClusterInferenceInstancesInstanceSecurityGroupfromawscdkeksclusterinferencetestClusterInferenceInstancesInstanceSecurityGroupAC01F26FALLTRAFFICE41AF78F", + "ClusterInferenceInstancesInstanceSecurityGroupECB3FC45", + "ClusterInferenceInstancesLaunchConfig03BF48FE", + "ClusterKubectlReadyBarrier200052AF", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3", + "ClusterOpenIdConnectProviderE7EB0530" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": "*", + "Action": [ + "iam:CreateOpenIDConnectProvider", + "iam:DeleteOpenIDConnectProvider", + "iam:UpdateOpenIDConnectProviderThumbprint", + "iam:AddClientIDToOpenIDConnectProvider", + "iam:RemoveClientIDFromOpenIDConnectProvider" + ] + } + ] + } + } + ] + } + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65", + "Arn" + ] + }, + "Runtime": "nodejs12.x" + }, + "DependsOn": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65" + ] + }, + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0" + }, + "S3Key": { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD" + } + ] + } + ] + } + ] + ] + } + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867", + "Arn" + ] + }, + "Runtime": "nodejs12.x" + }, + "DependsOn": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867" + ] + } + }, + "Outputs": { + "ClusterConfigCommand43AAE40F": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "Cluster9EE0221C" + }, + " --region test-region --role-arn ", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + } + ] + ] + } + }, + "ClusterGetTokenCommand06AE992E": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "Cluster9EE0221C" + }, + " --region test-region --role-arn ", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + } + ] + ] + } + } + }, + "Parameters": { + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681": { + "Type": "String", + "Description": "S3 bucket for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + }, + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791": { + "Type": "String", + "Description": "S3 key for asset version \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + }, + "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665ArtifactHash9EA5AC29": { + "Type": "String", + "Description": "Artifact hash for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + }, + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F": { + "Type": "String", + "Description": "S3 bucket for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + }, + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56": { + "Type": "String", + "Description": "S3 key for asset version \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + }, + "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afArtifactHash761F4689": { + "Type": "String", + "Description": "Artifact hash for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "Type": "String", + "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "Type": "String", + "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "Type": "String", + "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9": { + "Type": "String", + "Description": "S3 bucket for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421": { + "Type": "String", + "Description": "S3 key for asset version \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + }, + "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10ArtifactHash528547CD": { + "Type": "String", + "Description": "Artifact hash for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "Type": "String", + "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "Type": "String", + "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "Type": "String", + "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { + "Type": "String", + "Description": "S3 bucket for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565": { + "Type": "String", + "Description": "S3 key for asset version \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" + }, + "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eArtifactHash4654D012": { + "Type": "String", + "Description": "Artifact hash for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777": { + "Type": "String", + "Description": "S3 bucket for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30": { + "Type": "String", + "Description": "S3 key for asset version \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + }, + "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4ArtifactHashD6EA1BC7": { + "Type": "String", + "Description": "Artifact hash for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0": { + "Type": "String", + "Description": "S3 bucket for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD": { + "Type": "String", + "Description": "S3 key for asset version \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + }, + "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3ArtifactHash5E61FCA5": { + "Type": "String", + "Description": "Artifact hash for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + }, + "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3S3BucketB433C27A": { + "Type": "String", + "Description": "S3 bucket for asset \"68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3\"" + }, + "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3S3VersionKey47D97053": { + "Type": "String", + "Description": "S3 key for asset version \"68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3\"" + }, + "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3ArtifactHashDE01134B": { + "Type": "String", + "Description": "Artifact hash for asset \"68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3\"" + }, + "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8S3BucketCEB8731F": { + "Type": "String", + "Description": "S3 bucket for asset \"246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8\"" + }, + "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8S3VersionKey31DCE19E": { + "Type": "String", + "Description": "S3 key for asset version \"246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8\"" + }, + "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8ArtifactHashE4FBA459": { + "Type": "String", + "Description": "Artifact hash for asset \"246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8\"" + }, + "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2gpurecommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/aws/service/eks/optimized-ami/1.21/amazon-linux-2-gpu/recommended/image_id" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts new file mode 100644 index 0000000000000..7be581bce75ef --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.ts @@ -0,0 +1,32 @@ +/// !cdk-integ pragma:ignore-assets +import * as ec2 from '@aws-cdk/aws-ec2'; +import { App } from '@aws-cdk/core'; +import * as eks from '../lib'; +import { TestStack } from './util'; + +class EksClusterInferenceStack extends TestStack { + + constructor(scope: App, id: string) { + super(scope, id); + + // just need one nat gateway to simplify the test + const vpc = new ec2.Vpc(this, 'Vpc', { maxAzs: 3, natGateways: 1 }); + + const cluster = new eks.Cluster(this, 'Cluster', { + vpc, + version: eks.KubernetesVersion.V1_21, + albController: { + version: eks.AlbControllerVersion.V2_3_0, + }, + }); + + cluster.addAutoScalingGroupCapacity('InferenceInstances', { + instanceType: new ec2.InstanceType('inf1.2xlarge'), + minCapacity: 1, + }); + } +} + +const app = new App(); +new EksClusterInferenceStack(app, 'aws-cdk-eks-cluster-inference-test'); +app.synth(); \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 0463958567586..31fe57fd14f06 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2775,7 +2775,7 @@ buffer-crc32@^0.2.1, buffer-crc32@^0.2.13: resolved "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz#0d333e3f00eac50aa1454abd30ef8c2a5d9a7242" integrity sha1-DTM+PwDqxQqhRUq9MO+MKl2ackI= -buffer-from@^1.0.0: +buffer-from@1.x, buffer-from@^1.0.0: version "1.1.2" resolved "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz#2b146a6fd72e80b4f55d255f35ed59a3a9a41bd5" integrity sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ== @@ -2920,21 +2920,21 @@ caseless@~0.12.0: resolved "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc" integrity sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw= -cdk8s-plus@^0.33.0: - version "0.33.0" - resolved "https://registry.npmjs.org/cdk8s-plus/-/cdk8s-plus-0.33.0.tgz#b2dc56b417ab8261cd4a796f080f04dcd4fe0f66" - integrity sha512-CnvuNTQS9DH1MYEDizUObMZ3PG7BqshJaG7kkuThmwNgC8QkVGmOkLC9YP8UBDr1mKW+zfV12HCIw93SteRr3g== +cdk8s-plus-21@^1.0.0-beta.38: + version "1.0.0-beta.38" + resolved "https://registry.npmjs.org/cdk8s-plus-21/-/cdk8s-plus-21-1.0.0-beta.38.tgz#8dbe9d0941014e883819d506be0140a688c0f2ed" + integrity sha512-cIL0R5QbvKLnmBGLLheX//tsPgMa0yXheyOzA+3eJourn8/c3QXr+ZXyw125zGgMbTQBRxvwHoy84EPVBiyqGQ== dependencies: minimatch "^3.0.4" -cdk8s@^0.33.0: - version "0.33.0" - resolved "https://registry.npmjs.org/cdk8s/-/cdk8s-0.33.0.tgz#503b60b98de5fe82b22ac5dee2c351a4ba102deb" - integrity sha512-Yoo6RZWZPk6K2JZLiJA22faNVWqTE6Nv+VNgmTFTq4AC8c+eCvq6/xHKcpn78HhTLEPBmczaja7q2MiRc9LTBQ== +cdk8s@^1.00.0: + version "1.1.36" + resolved "https://registry.npmjs.org/cdk8s/-/cdk8s-1.1.36.tgz#18f4650bf1302f8db533d1380913db4187a965fb" + integrity sha512-LpjVRmypar0PCBxhbTOZ/nnWiI4L7pxSsQJ8k06uSjnVkcGVZLcPxF9kxoKCClp0/6+9MsEYdB6+GZ3h24JKZw== dependencies: - follow-redirects "^1.11.0" - json-stable-stringify "^1.0.1" - yaml "2.0.0-1" + fast-json-patch "^2.2.1" + follow-redirects "^1.14.5" + yaml "2.0.0-7" chalk@^2.0.0, chalk@^2.4.2: version "2.4.2" @@ -4724,7 +4724,7 @@ flatted@^3.1.0: resolved "https://registry.npmjs.org/flatted/-/flatted-3.2.4.tgz#28d9969ea90661b5134259f312ab6aa7929ac5e2" integrity sha512-8/sOawo8tJ4QOBX8YlQBMxL8+RLZfxMQOif9o0KUKTNTjMYElWPE0r/m5VNFxTRd0NSw8qSy8dajrwX4RYI1Hw== -follow-redirects@^1.11.0, follow-redirects@^1.14.0: +follow-redirects@^1.14.0, follow-redirects@^1.14.5: version "1.14.5" resolved "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.5.tgz#f09a5848981d3c772b5392309778523f8d85c381" integrity sha512-wtphSXy7d4/OR+MvIFbCVBDzZ5520qV8XfPklSN5QtxuMUJZ+b0Wnst1e1lCDocfzuCkHqj8k0FpZqO+UIaKNA== @@ -6537,7 +6537,7 @@ jest-snapshot@^27.3.1: pretty-format "^27.3.1" semver "^7.3.2" -jest-util@^26.6.2: +jest-util@^26.1.0, jest-util@^26.6.2: version "26.6.2" resolved "https://registry.npmjs.org/jest-util/-/jest-util-26.6.2.tgz#907535dbe4d5a6cb4c47ac9b926f6af29576cbc1" integrity sha512-MDW0fKfsn0OI7MS7Euz6h8HNDXVQ0gaM9uW6RjfDmd1DAFcaxX9OqIakHIqhbnmF08Cf2DLDG+ulq8YQQ0Lp0Q== @@ -7216,7 +7216,7 @@ lodash.uniq@^4.5.0: resolved "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773" integrity sha1-0CJTc662Uq3BvILklFM5qEJ1R3M= -lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.21, lodash@^4.7.0: +lodash@4.x, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.21, lodash@^4.7.0: version "4.17.21" resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== @@ -7609,6 +7609,11 @@ mkdirp-infer-owner@^2.0.0: infer-owner "^1.0.4" mkdirp "^1.0.3" +mkdirp@1.x, mkdirp@^1.0.3, mkdirp@^1.0.4: + version "1.0.4" + resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz#3eb5ed62622756d79a5f0e2a221dfebad75c2f7e" + integrity sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw== + mkdirp@^0.5.1, mkdirp@^0.5.5: version "0.5.5" resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz#d91cefd62d1436ca0f41620e251288d420099def" @@ -7616,11 +7621,6 @@ mkdirp@^0.5.1, mkdirp@^0.5.5: dependencies: minimist "^1.2.5" -mkdirp@^1.0.3, mkdirp@^1.0.4: - version "1.0.4" - resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz#3eb5ed62622756d79a5f0e2a221dfebad75c2f7e" - integrity sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw== - mock-fs@^4.14.0: version "4.14.0" resolved "https://registry.npmjs.org/mock-fs/-/mock-fs-4.14.0.tgz#ce5124d2c601421255985e6e94da80a7357b1b18" @@ -9761,7 +9761,7 @@ symbol-tree@^3.2.4: resolved "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz#430637d248ba77e078883951fb9aa0eed7c63fa2" integrity sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw== -table@*, table@^6.0.9, table@^6.7.3: +table@*, table@^6.0.9, table@^6.7.2, table@^6.7.3: version "6.7.3" resolved "https://registry.npmjs.org/table/-/table-6.7.3.tgz#255388439715a738391bd2ee4cbca89a4d05a9b7" integrity sha512-5DkIxeA7XERBqMwJq0aHZOdMadBx4e6eDoFRuyT5VR82J0Ycg2DwM6GfA/EQAhJ+toRTaS1lIdSQCqgrmhPnlw== @@ -9987,6 +9987,22 @@ trim-newlines@^3.0.0: resolved "https://registry.npmjs.org/trim-newlines/-/trim-newlines-3.0.1.tgz#260a5d962d8b752425b32f3a7db0dcacd176c144" integrity sha512-c1PTsA3tYrIsLGkJkzHF+w9F2EyxfXGo4UyJc4pFL++FMjnq0HJS69T3M7d//gKrFKwy429bouPescbjecU+Zw== +ts-jest@^26.5.6: + version "26.5.6" + resolved "https://registry.npmjs.org/ts-jest/-/ts-jest-26.5.6.tgz#c32e0746425274e1dfe333f43cd3c800e014ec35" + integrity sha512-rua+rCP8DxpA8b4DQD/6X2HQS8Zy/xzViVYfEs2OQu68tkCuKLV0Md8pmX55+W24uRIyAsf/BajRfxOs+R2MKA== + dependencies: + bs-logger "0.x" + buffer-from "1.x" + fast-json-stable-stringify "2.x" + jest-util "^26.1.0" + json5 "2.x" + lodash "4.x" + make-error "1.x" + mkdirp "1.x" + semver "7.x" + yargs-parser "20.x" + ts-jest@^27.0.7: version "27.0.7" resolved "https://registry.npmjs.org/ts-jest/-/ts-jest-27.0.7.tgz#fb7c8c8cb5526ab371bc1b23d06e745652cca2d0" @@ -10685,10 +10701,10 @@ yaml@*, yaml@1.10.2, yaml@^1.10.0: resolved "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz#2301c5ffbf12b467de8da2333a459e29e7920e4b" integrity sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg== -yaml@2.0.0-1: - version "2.0.0-1" - resolved "https://registry.npmjs.org/yaml/-/yaml-2.0.0-1.tgz#8c3029b3ee2028306d5bcf396980623115ff8d18" - integrity sha512-W7h5dEhywMKenDJh2iX/LABkbFnBxasD27oyXWDS/feDsxiw0dD5ncXdYXgkvAsXIY2MpW/ZKkr9IU30DBdMNQ== +yaml@2.0.0-7: + version "2.0.0-7" + resolved "https://registry.npmjs.org/yaml/-/yaml-2.0.0-7.tgz#9799d9d85dfc8f01e4cc425e18e09215364beef1" + integrity sha512-RbI2Tm3hl9AoHY4wWyWvGvJfFIbHOzuzaxum6ez1A0vve+uXgNor03Wys4t+2sgjJSVSe+B2xerd1/dnvqHlOA== yargs-parser@20.2.4: version "20.2.4"