1. Packages
  2. AWS
  3. API Docs
  4. eks
  5. Addon
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.eks.Addon

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Manages an EKS add-on.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.eks.Addon("example", {
        clusterName: exampleAwsEksCluster.name,
        addonName: "vpc-cni",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.eks.Addon("example",
        cluster_name=example_aws_eks_cluster["name"],
        addon_name="vpc-cni")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := eks.NewAddon(ctx, "example", &eks.AddonArgs{
    			ClusterName: pulumi.Any(exampleAwsEksCluster.Name),
    			AddonName:   pulumi.String("vpc-cni"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Eks.Addon("example", new()
        {
            ClusterName = exampleAwsEksCluster.Name,
            AddonName = "vpc-cni",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.eks.Addon;
    import com.pulumi.aws.eks.AddonArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Addon("example", AddonArgs.builder()
                .clusterName(exampleAwsEksCluster.name())
                .addonName("vpc-cni")
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:eks:Addon
        properties:
          clusterName: ${exampleAwsEksCluster.name}
          addonName: vpc-cni
    

    Example Update add-on usage with resolve_conflicts_on_update and PRESERVE

    resolve_conflicts_on_update with PRESERVE can be used to retain the config changes applied to the add-on with kubectl while upgrading to a newer version of the add-on.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.eks.Addon("example", {
        clusterName: exampleAwsEksCluster.name,
        addonName: "coredns",
        addonVersion: "v1.10.1-eksbuild.1",
        resolveConflictsOnUpdate: "PRESERVE",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.eks.Addon("example",
        cluster_name=example_aws_eks_cluster["name"],
        addon_name="coredns",
        addon_version="v1.10.1-eksbuild.1",
        resolve_conflicts_on_update="PRESERVE")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := eks.NewAddon(ctx, "example", &eks.AddonArgs{
    			ClusterName:              pulumi.Any(exampleAwsEksCluster.Name),
    			AddonName:                pulumi.String("coredns"),
    			AddonVersion:             pulumi.String("v1.10.1-eksbuild.1"),
    			ResolveConflictsOnUpdate: pulumi.String("PRESERVE"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Eks.Addon("example", new()
        {
            ClusterName = exampleAwsEksCluster.Name,
            AddonName = "coredns",
            AddonVersion = "v1.10.1-eksbuild.1",
            ResolveConflictsOnUpdate = "PRESERVE",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.eks.Addon;
    import com.pulumi.aws.eks.AddonArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Addon("example", AddonArgs.builder()
                .clusterName(exampleAwsEksCluster.name())
                .addonName("coredns")
                .addonVersion("v1.10.1-eksbuild.1")
                .resolveConflictsOnUpdate("PRESERVE")
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:eks:Addon
        properties:
          clusterName: ${exampleAwsEksCluster.name}
          addonName: coredns
          addonVersion: v1.10.1-eksbuild.1
          resolveConflictsOnUpdate: PRESERVE
    

    Example add-on usage with custom configuration_values

    Custom add-on configuration can be passed using configuration_values as a single JSON string while creating or updating the add-on.

    Note: configuration_values is a single JSON string should match the valid JSON schema for each add-on with specific version.

    To find the correct JSON schema for each add-on can be extracted using describe-addon-configuration call. This below is an example for extracting the configuration_values schema for coredns.

     aws eks describe-addon-configuration \
     --addon-name coredns \
     --addon-version v1.10.1-eksbuild.1
    

    Example to create a coredns managed addon with custom configuration_values.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.eks.Addon("example", {
        clusterName: "mycluster",
        addonName: "coredns",
        addonVersion: "v1.10.1-eksbuild.1",
        resolveConflictsOnCreate: "OVERWRITE",
        configurationValues: JSON.stringify({
            replicaCount: 4,
            resources: {
                limits: {
                    cpu: "100m",
                    memory: "150Mi",
                },
                requests: {
                    cpu: "100m",
                    memory: "150Mi",
                },
            },
        }),
    });
    
    import pulumi
    import json
    import pulumi_aws as aws
    
    example = aws.eks.Addon("example",
        cluster_name="mycluster",
        addon_name="coredns",
        addon_version="v1.10.1-eksbuild.1",
        resolve_conflicts_on_create="OVERWRITE",
        configuration_values=json.dumps({
            "replicaCount": 4,
            "resources": {
                "limits": {
                    "cpu": "100m",
                    "memory": "150Mi",
                },
                "requests": {
                    "cpu": "100m",
                    "memory": "150Mi",
                },
            },
        }))
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"replicaCount": 4,
    			"resources": map[string]interface{}{
    				"limits": map[string]interface{}{
    					"cpu":    "100m",
    					"memory": "150Mi",
    				},
    				"requests": map[string]interface{}{
    					"cpu":    "100m",
    					"memory": "150Mi",
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = eks.NewAddon(ctx, "example", &eks.AddonArgs{
    			ClusterName:              pulumi.String("mycluster"),
    			AddonName:                pulumi.String("coredns"),
    			AddonVersion:             pulumi.String("v1.10.1-eksbuild.1"),
    			ResolveConflictsOnCreate: pulumi.String("OVERWRITE"),
    			ConfigurationValues:      pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Eks.Addon("example", new()
        {
            ClusterName = "mycluster",
            AddonName = "coredns",
            AddonVersion = "v1.10.1-eksbuild.1",
            ResolveConflictsOnCreate = "OVERWRITE",
            ConfigurationValues = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["replicaCount"] = 4,
                ["resources"] = new Dictionary<string, object?>
                {
                    ["limits"] = new Dictionary<string, object?>
                    {
                        ["cpu"] = "100m",
                        ["memory"] = "150Mi",
                    },
                    ["requests"] = new Dictionary<string, object?>
                    {
                        ["cpu"] = "100m",
                        ["memory"] = "150Mi",
                    },
                },
            }),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.eks.Addon;
    import com.pulumi.aws.eks.AddonArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Addon("example", AddonArgs.builder()
                .clusterName("mycluster")
                .addonName("coredns")
                .addonVersion("v1.10.1-eksbuild.1")
                .resolveConflictsOnCreate("OVERWRITE")
                .configurationValues(serializeJson(
                    jsonObject(
                        jsonProperty("replicaCount", 4),
                        jsonProperty("resources", jsonObject(
                            jsonProperty("limits", jsonObject(
                                jsonProperty("cpu", "100m"),
                                jsonProperty("memory", "150Mi")
                            )),
                            jsonProperty("requests", jsonObject(
                                jsonProperty("cpu", "100m"),
                                jsonProperty("memory", "150Mi")
                            ))
                        ))
                    )))
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:eks:Addon
        properties:
          clusterName: mycluster
          addonName: coredns
          addonVersion: v1.10.1-eksbuild.1
          resolveConflictsOnCreate: OVERWRITE
          configurationValues:
            fn::toJSON:
              replicaCount: 4
              resources:
                limits:
                  cpu: 100m
                  memory: 150Mi
                requests:
                  cpu: 100m
                  memory: 150Mi
    

    Example IAM Role for EKS Addon “vpc-cni” with AWS managed policy

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    import * as std from "@pulumi/std";
    import * as tls from "@pulumi/tls";
    
    const exampleCluster = new aws.eks.Cluster("example", {});
    const example = exampleCluster.identities.apply(identities => tls.getCertificateOutput({
        url: identities[0].oidcs?.[0]?.issuer,
    }));
    const exampleOpenIdConnectProvider = new aws.iam.OpenIdConnectProvider("example", {
        clientIdLists: ["sts.amazonaws.com"],
        thumbprintLists: [example.apply(example => example.certificates?.[0]?.sha1Fingerprint)],
        url: exampleCluster.identities.apply(identities => identities[0].oidcs?.[0]?.issuer),
    });
    const exampleAssumeRolePolicy = aws.iam.getPolicyDocumentOutput({
        statements: [{
            actions: ["sts:AssumeRoleWithWebIdentity"],
            effect: "Allow",
            conditions: [{
                test: "StringEquals",
                variable: std.replaceOutput({
                    text: exampleOpenIdConnectProvider.url,
                    search: "https://",
                    replace: "",
                }).apply(invoke => `${invoke.result}:sub`),
                values: ["system:serviceaccount:kube-system:aws-node"],
            }],
            principals: [{
                identifiers: [exampleOpenIdConnectProvider.arn],
                type: "Federated",
            }],
        }],
    });
    const exampleRole = new aws.iam.Role("example", {
        assumeRolePolicy: exampleAssumeRolePolicy.apply(exampleAssumeRolePolicy => exampleAssumeRolePolicy.json),
        name: "example-vpc-cni-role",
    });
    const exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment("example", {
        policyArn: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
        role: exampleRole.name,
    });
    
    import pulumi
    import pulumi_aws as aws
    import pulumi_std as std
    import pulumi_tls as tls
    
    example_cluster = aws.eks.Cluster("example")
    example = example_cluster.identities.apply(lambda identities: tls.get_certificate_output(url=identities[0].oidcs[0].issuer))
    example_open_id_connect_provider = aws.iam.OpenIdConnectProvider("example",
        client_id_lists=["sts.amazonaws.com"],
        thumbprint_lists=[example.certificates[0].sha1_fingerprint],
        url=example_cluster.identities[0].oidcs[0].issuer)
    example_assume_role_policy = aws.iam.get_policy_document_output(statements=[{
        "actions": ["sts:AssumeRoleWithWebIdentity"],
        "effect": "Allow",
        "conditions": [{
            "test": "StringEquals",
            "variable": std.replace_output(text=example_open_id_connect_provider.url,
                search="https://",
                replace="").apply(lambda invoke: f"{invoke.result}:sub"),
            "values": ["system:serviceaccount:kube-system:aws-node"],
        }],
        "principals": [{
            "identifiers": [example_open_id_connect_provider.arn],
            "type": "Federated",
        }],
    }])
    example_role = aws.iam.Role("example",
        assume_role_policy=example_assume_role_policy.json,
        name="example-vpc-cni-role")
    example_role_policy_attachment = aws.iam.RolePolicyAttachment("example",
        policy_arn="arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
        role=example_role.name)
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleCluster, err := eks.NewCluster(ctx, "example", nil)
    		if err != nil {
    			return err
    		}
    		example := exampleCluster.Identities.ApplyT(func(identities []eks.ClusterIdentity) (tls.GetCertificateResult, error) {
    			return tls.GetCertificateResult(interface{}(tls.GetCertificateOutput(ctx, tls.GetCertificateOutputArgs{
    				Url: identities[0].Oidcs[0].Issuer,
    			}, nil))), nil
    		}).(tls.GetCertificateResultOutput)
    		exampleOpenIdConnectProvider, err := iam.NewOpenIdConnectProvider(ctx, "example", &iam.OpenIdConnectProviderArgs{
    			ClientIdLists: pulumi.StringArray{
    				pulumi.String("sts.amazonaws.com"),
    			},
    			ThumbprintLists: pulumi.StringArray{
    				pulumi.String(example.ApplyT(func(example tls.GetCertificateResult) (*string, error) {
    					return &example.Certificates[0].Sha1Fingerprint, nil
    				}).(pulumi.StringPtrOutput)),
    			},
    			Url: pulumi.String(exampleCluster.Identities.ApplyT(func(identities []eks.ClusterIdentity) (*string, error) {
    				return &identities[0].Oidcs[0].Issuer, nil
    			}).(pulumi.StringPtrOutput)),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAssumeRolePolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
    			Statements: iam.GetPolicyDocumentStatementArray{
    				&iam.GetPolicyDocumentStatementArgs{
    					Actions: pulumi.StringArray{
    						pulumi.String("sts:AssumeRoleWithWebIdentity"),
    					},
    					Effect: pulumi.String("Allow"),
    					Conditions: iam.GetPolicyDocumentStatementConditionArray{
    						&iam.GetPolicyDocumentStatementConditionArgs{
    							Test: pulumi.String("StringEquals"),
    							Variable: std.ReplaceOutput(ctx, std.ReplaceOutputArgs{
    								Text:    exampleOpenIdConnectProvider.Url,
    								Search:  pulumi.String("https://"),
    								Replace: pulumi.String(""),
    							}, nil).ApplyT(func(invoke std.ReplaceResult) (string, error) {
    								return fmt.Sprintf("%v:sub", invoke.Result), nil
    							}).(pulumi.StringOutput),
    							Values: pulumi.StringArray{
    								pulumi.String("system:serviceaccount:kube-system:aws-node"),
    							},
    						},
    					},
    					Principals: iam.GetPolicyDocumentStatementPrincipalArray{
    						&iam.GetPolicyDocumentStatementPrincipalArgs{
    							Identifiers: pulumi.StringArray{
    								exampleOpenIdConnectProvider.Arn,
    							},
    							Type: pulumi.String("Federated"),
    						},
    					},
    				},
    			},
    		}, nil)
    		exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
    			AssumeRolePolicy: pulumi.String(exampleAssumeRolePolicy.ApplyT(func(exampleAssumeRolePolicy iam.GetPolicyDocumentResult) (*string, error) {
    				return &exampleAssumeRolePolicy.Json, nil
    			}).(pulumi.StringPtrOutput)),
    			Name: pulumi.String("example-vpc-cni-role"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = iam.NewRolePolicyAttachment(ctx, "example", &iam.RolePolicyAttachmentArgs{
    			PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"),
    			Role:      exampleRole.Name,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    using Std = Pulumi.Std;
    using Tls = Pulumi.Tls;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleCluster = new Aws.Eks.Cluster("example");
    
        var example = Tls.GetCertificate.Invoke(new()
        {
            Url = exampleCluster.Identities[0].Oidcs[0]?.Issuer,
        });
    
        var exampleOpenIdConnectProvider = new Aws.Iam.OpenIdConnectProvider("example", new()
        {
            ClientIdLists = new[]
            {
                "sts.amazonaws.com",
            },
            ThumbprintLists = new[]
            {
                example.Apply(getCertificateResult => getCertificateResult.Certificates[0]?.Sha1Fingerprint),
            },
            Url = exampleCluster.Identities.Apply(identities => identities[0].Oidcs[0]?.Issuer),
        });
    
        var exampleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Actions = new[]
                    {
                        "sts:AssumeRoleWithWebIdentity",
                    },
                    Effect = "Allow",
                    Conditions = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
                        {
                            Test = "StringEquals",
                            Variable = $"{Std.Replace.Invoke(new()
                            {
                                Text = exampleOpenIdConnectProvider.Url,
                                Search = "https://",
                                Replace = "",
                            }).Result}:sub",
                            Values = new[]
                            {
                                "system:serviceaccount:kube-system:aws-node",
                            },
                        },
                    },
                    Principals = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                        {
                            Identifiers = new[]
                            {
                                exampleOpenIdConnectProvider.Arn,
                            },
                            Type = "Federated",
                        },
                    },
                },
            },
        });
    
        var exampleRole = new Aws.Iam.Role("example", new()
        {
            AssumeRolePolicy = exampleAssumeRolePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
            Name = "example-vpc-cni-role",
        });
    
        var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("example", new()
        {
            PolicyArn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
            Role = exampleRole.Name,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.eks.Cluster;
    import com.pulumi.tls.TlsFunctions;
    import com.pulumi.tls.inputs.GetCertificateArgs;
    import com.pulumi.aws.iam.OpenIdConnectProvider;
    import com.pulumi.aws.iam.OpenIdConnectProviderArgs;
    import com.pulumi.aws.iam.IamFunctions;
    import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
    import com.pulumi.aws.iam.Role;
    import com.pulumi.aws.iam.RoleArgs;
    import com.pulumi.aws.iam.RolePolicyAttachment;
    import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleCluster = new Cluster("exampleCluster");
    
            final var example = TlsFunctions.getCertificate(GetCertificateArgs.builder()
                .url(exampleCluster.identities().applyValue(identities -> identities[0].oidcs()[0].issuer()))
                .build());
    
            var exampleOpenIdConnectProvider = new OpenIdConnectProvider("exampleOpenIdConnectProvider", OpenIdConnectProviderArgs.builder()
                .clientIdLists("sts.amazonaws.com")
                .thumbprintLists(example.applyValue(getCertificateResult -> getCertificateResult).applyValue(example -> example.applyValue(getCertificateResult -> getCertificateResult.certificates()[0].sha1Fingerprint())))
                .url(exampleCluster.identities().applyValue(identities -> identities[0].oidcs()[0].issuer()))
                .build());
    
            final var exampleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(GetPolicyDocumentStatementArgs.builder()
                    .actions("sts:AssumeRoleWithWebIdentity")
                    .effect("Allow")
                    .conditions(GetPolicyDocumentStatementConditionArgs.builder()
                        .test("StringEquals")
                        .variable(StdFunctions.replace().applyValue(invoke -> String.format("%s:sub", invoke.result())))
                        .values("system:serviceaccount:kube-system:aws-node")
                        .build())
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .identifiers(exampleOpenIdConnectProvider.arn())
                        .type("Federated")
                        .build())
                    .build())
                .build());
    
            var exampleRole = new Role("exampleRole", RoleArgs.builder()
                .assumeRolePolicy(exampleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(exampleAssumeRolePolicy -> exampleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
                .name("example-vpc-cni-role")
                .build());
    
            var exampleRolePolicyAttachment = new RolePolicyAttachment("exampleRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
                .policyArn("arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy")
                .role(exampleRole.name())
                .build());
    
        }
    }
    
    resources:
      exampleCluster:
        type: aws:eks:Cluster
        name: example
      exampleOpenIdConnectProvider:
        type: aws:iam:OpenIdConnectProvider
        name: example
        properties:
          clientIdLists:
            - sts.amazonaws.com
          thumbprintLists:
            - ${example.certificates[0].sha1Fingerprint}
          url: ${exampleCluster.identities[0].oidcs[0].issuer}
      exampleRole:
        type: aws:iam:Role
        name: example
        properties:
          assumeRolePolicy: ${exampleAssumeRolePolicy.json}
          name: example-vpc-cni-role
      exampleRolePolicyAttachment:
        type: aws:iam:RolePolicyAttachment
        name: example
        properties:
          policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
          role: ${exampleRole.name}
    variables:
      example:
        fn::invoke:
          Function: tls:getCertificate
          Arguments:
            url: ${exampleCluster.identities[0].oidcs[0].issuer}
      exampleAssumeRolePolicy:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - actions:
                  - sts:AssumeRoleWithWebIdentity
                effect: Allow
                conditions:
                  - test: StringEquals
                    variable:
                      fn::join:
                        -
                        - - fn::invoke:
                              Function: std:replace
                              Arguments:
                                text: ${exampleOpenIdConnectProvider.url}
                                search: https://
                                replace:
                              Return: result
                          - :sub
                    values:
                      - system:serviceaccount:kube-system:aws-node
                principals:
                  - identifiers:
                      - ${exampleOpenIdConnectProvider.arn}
                    type: Federated
    

    Create Addon Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Addon(name: string, args: AddonArgs, opts?: CustomResourceOptions);
    @overload
    def Addon(resource_name: str,
              args: AddonArgs,
              opts: Optional[ResourceOptions] = None)
    
    @overload
    def Addon(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              addon_name: Optional[str] = None,
              cluster_name: Optional[str] = None,
              addon_version: Optional[str] = None,
              configuration_values: Optional[str] = None,
              pod_identity_associations: Optional[Sequence[AddonPodIdentityAssociationArgs]] = None,
              preserve: Optional[bool] = None,
              resolve_conflicts: Optional[str] = None,
              resolve_conflicts_on_create: Optional[str] = None,
              resolve_conflicts_on_update: Optional[str] = None,
              service_account_role_arn: Optional[str] = None,
              tags: Optional[Mapping[str, str]] = None)
    func NewAddon(ctx *Context, name string, args AddonArgs, opts ...ResourceOption) (*Addon, error)
    public Addon(string name, AddonArgs args, CustomResourceOptions? opts = null)
    public Addon(String name, AddonArgs args)
    public Addon(String name, AddonArgs args, CustomResourceOptions options)
    
    type: aws:eks:Addon
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AddonArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AddonArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AddonArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AddonArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AddonArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var addonResource = new Aws.Eks.Addon("addonResource", new()
    {
        AddonName = "string",
        ClusterName = "string",
        AddonVersion = "string",
        ConfigurationValues = "string",
        PodIdentityAssociations = new[]
        {
            new Aws.Eks.Inputs.AddonPodIdentityAssociationArgs
            {
                RoleArn = "string",
                ServiceAccount = "string",
            },
        },
        Preserve = false,
        ResolveConflictsOnCreate = "string",
        ResolveConflictsOnUpdate = "string",
        ServiceAccountRoleArn = "string",
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := eks.NewAddon(ctx, "addonResource", &eks.AddonArgs{
    	AddonName:           pulumi.String("string"),
    	ClusterName:         pulumi.String("string"),
    	AddonVersion:        pulumi.String("string"),
    	ConfigurationValues: pulumi.String("string"),
    	PodIdentityAssociations: eks.AddonPodIdentityAssociationArray{
    		&eks.AddonPodIdentityAssociationArgs{
    			RoleArn:        pulumi.String("string"),
    			ServiceAccount: pulumi.String("string"),
    		},
    	},
    	Preserve:                 pulumi.Bool(false),
    	ResolveConflictsOnCreate: pulumi.String("string"),
    	ResolveConflictsOnUpdate: pulumi.String("string"),
    	ServiceAccountRoleArn:    pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    })
    
    var addonResource = new Addon("addonResource", AddonArgs.builder()
        .addonName("string")
        .clusterName("string")
        .addonVersion("string")
        .configurationValues("string")
        .podIdentityAssociations(AddonPodIdentityAssociationArgs.builder()
            .roleArn("string")
            .serviceAccount("string")
            .build())
        .preserve(false)
        .resolveConflictsOnCreate("string")
        .resolveConflictsOnUpdate("string")
        .serviceAccountRoleArn("string")
        .tags(Map.of("string", "string"))
        .build());
    
    addon_resource = aws.eks.Addon("addonResource",
        addon_name="string",
        cluster_name="string",
        addon_version="string",
        configuration_values="string",
        pod_identity_associations=[{
            "role_arn": "string",
            "service_account": "string",
        }],
        preserve=False,
        resolve_conflicts_on_create="string",
        resolve_conflicts_on_update="string",
        service_account_role_arn="string",
        tags={
            "string": "string",
        })
    
    const addonResource = new aws.eks.Addon("addonResource", {
        addonName: "string",
        clusterName: "string",
        addonVersion: "string",
        configurationValues: "string",
        podIdentityAssociations: [{
            roleArn: "string",
            serviceAccount: "string",
        }],
        preserve: false,
        resolveConflictsOnCreate: "string",
        resolveConflictsOnUpdate: "string",
        serviceAccountRoleArn: "string",
        tags: {
            string: "string",
        },
    });
    
    type: aws:eks:Addon
    properties:
        addonName: string
        addonVersion: string
        clusterName: string
        configurationValues: string
        podIdentityAssociations:
            - roleArn: string
              serviceAccount: string
        preserve: false
        resolveConflictsOnCreate: string
        resolveConflictsOnUpdate: string
        serviceAccountRoleArn: string
        tags:
            string: string
    

    Addon Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Addon resource accepts the following input properties:

    AddonName string
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    ClusterName string

    Name of the EKS Cluster.

    The following arguments are optional:

    AddonVersion string
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    ConfigurationValues string
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    PodIdentityAssociations List<AddonPodIdentityAssociation>
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    Preserve bool
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    ResolveConflicts string
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    ResolveConflictsOnCreate string
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    ResolveConflictsOnUpdate string
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    ServiceAccountRoleArn string

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    Tags Dictionary<string, string>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    AddonName string
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    ClusterName string

    Name of the EKS Cluster.

    The following arguments are optional:

    AddonVersion string
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    ConfigurationValues string
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    PodIdentityAssociations []AddonPodIdentityAssociationArgs
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    Preserve bool
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    ResolveConflicts string
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    ResolveConflictsOnCreate string
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    ResolveConflictsOnUpdate string
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    ServiceAccountRoleArn string

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    Tags map[string]string
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    addonName String
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    clusterName String

    Name of the EKS Cluster.

    The following arguments are optional:

    addonVersion String
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    configurationValues String
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    podIdentityAssociations List<AddonPodIdentityAssociation>
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    preserve Boolean
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    resolveConflicts String
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    resolveConflictsOnCreate String
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    resolveConflictsOnUpdate String
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    serviceAccountRoleArn String

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    tags Map<String,String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    addonName string
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    clusterName string

    Name of the EKS Cluster.

    The following arguments are optional:

    addonVersion string
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    configurationValues string
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    podIdentityAssociations AddonPodIdentityAssociation[]
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    preserve boolean
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    resolveConflicts string
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    resolveConflictsOnCreate string
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    resolveConflictsOnUpdate string
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    serviceAccountRoleArn string

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    tags {[key: string]: string}
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    addon_name str
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    cluster_name str

    Name of the EKS Cluster.

    The following arguments are optional:

    addon_version str
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    configuration_values str
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    pod_identity_associations Sequence[AddonPodIdentityAssociationArgs]
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    preserve bool
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    resolve_conflicts str
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    resolve_conflicts_on_create str
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    resolve_conflicts_on_update str
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    service_account_role_arn str

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    tags Mapping[str, str]
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    addonName String
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    clusterName String

    Name of the EKS Cluster.

    The following arguments are optional:

    addonVersion String
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    configurationValues String
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    podIdentityAssociations List<Property Map>
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    preserve Boolean
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    resolveConflicts String
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    resolveConflictsOnCreate String
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    resolveConflictsOnUpdate String
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    serviceAccountRoleArn String

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    tags Map<String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Addon resource produces the following output properties:

    Arn string
    Amazon Resource Name (ARN) of the EKS add-on.
    CreatedAt string
    Date and time in RFC3339 format that the EKS add-on was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    ModifiedAt string
    Date and time in RFC3339 format that the EKS add-on was updated.
    TagsAll Dictionary<string, string>
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Arn string
    Amazon Resource Name (ARN) of the EKS add-on.
    CreatedAt string
    Date and time in RFC3339 format that the EKS add-on was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    ModifiedAt string
    Date and time in RFC3339 format that the EKS add-on was updated.
    TagsAll map[string]string
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    Amazon Resource Name (ARN) of the EKS add-on.
    createdAt String
    Date and time in RFC3339 format that the EKS add-on was created.
    id String
    The provider-assigned unique ID for this managed resource.
    modifiedAt String
    Date and time in RFC3339 format that the EKS add-on was updated.
    tagsAll Map<String,String>
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn string
    Amazon Resource Name (ARN) of the EKS add-on.
    createdAt string
    Date and time in RFC3339 format that the EKS add-on was created.
    id string
    The provider-assigned unique ID for this managed resource.
    modifiedAt string
    Date and time in RFC3339 format that the EKS add-on was updated.
    tagsAll {[key: string]: string}
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn str
    Amazon Resource Name (ARN) of the EKS add-on.
    created_at str
    Date and time in RFC3339 format that the EKS add-on was created.
    id str
    The provider-assigned unique ID for this managed resource.
    modified_at str
    Date and time in RFC3339 format that the EKS add-on was updated.
    tags_all Mapping[str, str]
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    Amazon Resource Name (ARN) of the EKS add-on.
    createdAt String
    Date and time in RFC3339 format that the EKS add-on was created.
    id String
    The provider-assigned unique ID for this managed resource.
    modifiedAt String
    Date and time in RFC3339 format that the EKS add-on was updated.
    tagsAll Map<String>
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Look up Existing Addon Resource

    Get an existing Addon resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AddonState, opts?: CustomResourceOptions): Addon
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            addon_name: Optional[str] = None,
            addon_version: Optional[str] = None,
            arn: Optional[str] = None,
            cluster_name: Optional[str] = None,
            configuration_values: Optional[str] = None,
            created_at: Optional[str] = None,
            modified_at: Optional[str] = None,
            pod_identity_associations: Optional[Sequence[AddonPodIdentityAssociationArgs]] = None,
            preserve: Optional[bool] = None,
            resolve_conflicts: Optional[str] = None,
            resolve_conflicts_on_create: Optional[str] = None,
            resolve_conflicts_on_update: Optional[str] = None,
            service_account_role_arn: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None) -> Addon
    func GetAddon(ctx *Context, name string, id IDInput, state *AddonState, opts ...ResourceOption) (*Addon, error)
    public static Addon Get(string name, Input<string> id, AddonState? state, CustomResourceOptions? opts = null)
    public static Addon get(String name, Output<String> id, AddonState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AddonName string
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    AddonVersion string
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    Arn string
    Amazon Resource Name (ARN) of the EKS add-on.
    ClusterName string

    Name of the EKS Cluster.

    The following arguments are optional:

    ConfigurationValues string
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    CreatedAt string
    Date and time in RFC3339 format that the EKS add-on was created.
    ModifiedAt string
    Date and time in RFC3339 format that the EKS add-on was updated.
    PodIdentityAssociations List<AddonPodIdentityAssociation>
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    Preserve bool
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    ResolveConflicts string
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    ResolveConflictsOnCreate string
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    ResolveConflictsOnUpdate string
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    ServiceAccountRoleArn string

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    Tags Dictionary<string, string>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    AddonName string
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    AddonVersion string
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    Arn string
    Amazon Resource Name (ARN) of the EKS add-on.
    ClusterName string

    Name of the EKS Cluster.

    The following arguments are optional:

    ConfigurationValues string
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    CreatedAt string
    Date and time in RFC3339 format that the EKS add-on was created.
    ModifiedAt string
    Date and time in RFC3339 format that the EKS add-on was updated.
    PodIdentityAssociations []AddonPodIdentityAssociationArgs
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    Preserve bool
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    ResolveConflicts string
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    ResolveConflictsOnCreate string
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    ResolveConflictsOnUpdate string
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    ServiceAccountRoleArn string

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    Tags map[string]string
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    addonName String
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    addonVersion String
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    arn String
    Amazon Resource Name (ARN) of the EKS add-on.
    clusterName String

    Name of the EKS Cluster.

    The following arguments are optional:

    configurationValues String
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    createdAt String
    Date and time in RFC3339 format that the EKS add-on was created.
    modifiedAt String
    Date and time in RFC3339 format that the EKS add-on was updated.
    podIdentityAssociations List<AddonPodIdentityAssociation>
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    preserve Boolean
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    resolveConflicts String
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    resolveConflictsOnCreate String
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    resolveConflictsOnUpdate String
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    serviceAccountRoleArn String

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    tags Map<String,String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    addonName string
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    addonVersion string
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    arn string
    Amazon Resource Name (ARN) of the EKS add-on.
    clusterName string

    Name of the EKS Cluster.

    The following arguments are optional:

    configurationValues string
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    createdAt string
    Date and time in RFC3339 format that the EKS add-on was created.
    modifiedAt string
    Date and time in RFC3339 format that the EKS add-on was updated.
    podIdentityAssociations AddonPodIdentityAssociation[]
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    preserve boolean
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    resolveConflicts string
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    resolveConflictsOnCreate string
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    resolveConflictsOnUpdate string
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    serviceAccountRoleArn string

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    tags {[key: string]: string}
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    addon_name str
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    addon_version str
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    arn str
    Amazon Resource Name (ARN) of the EKS add-on.
    cluster_name str

    Name of the EKS Cluster.

    The following arguments are optional:

    configuration_values str
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    created_at str
    Date and time in RFC3339 format that the EKS add-on was created.
    modified_at str
    Date and time in RFC3339 format that the EKS add-on was updated.
    pod_identity_associations Sequence[AddonPodIdentityAssociationArgs]
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    preserve bool
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    resolve_conflicts str
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    resolve_conflicts_on_create str
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    resolve_conflicts_on_update str
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    service_account_role_arn str

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    tags Mapping[str, str]
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    addonName String
    Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
    addonVersion String
    The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
    arn String
    Amazon Resource Name (ARN) of the EKS add-on.
    clusterName String

    Name of the EKS Cluster.

    The following arguments are optional:

    configurationValues String
    custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
    createdAt String
    Date and time in RFC3339 format that the EKS add-on was created.
    modifiedAt String
    Date and time in RFC3339 format that the EKS add-on was updated.
    podIdentityAssociations List<Property Map>
    Configuration block with EKS Pod Identity association settings. See pod_identity_association below for details.
    preserve Boolean
    Indicates if you want to preserve the created resources when deleting the EKS add-on.
    resolveConflicts String
    Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.

    Deprecated: The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead

    resolveConflictsOnCreate String
    How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
    resolveConflictsOnUpdate String
    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
    serviceAccountRoleArn String

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

    tags Map<String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Supporting Types

    AddonPodIdentityAssociation, AddonPodIdentityAssociationArgs

    RoleArn string
    The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
    ServiceAccount string
    The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
    RoleArn string
    The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
    ServiceAccount string
    The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
    roleArn String
    The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
    serviceAccount String
    The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
    roleArn string
    The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
    serviceAccount string
    The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
    role_arn str
    The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
    service_account str
    The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
    roleArn String
    The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
    serviceAccount String
    The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.

    Import

    Using pulumi import, import EKS add-on using the cluster_name and addon_name separated by a colon (:). For example:

    $ pulumi import aws:eks/addon:Addon my_eks_addon my_cluster_name:my_addon_name
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi