eks: Creating a Pod Identity service account should check if the Pod Identity Agent is already installed #32580
Labels
@aws-cdk/aws-eks
Related to Amazon Elastic Kubernetes Service
bug
This issue is a bug.
effort/small
Small work item – less than a day of effort
p2
Comments
dms486
added
bug
github-actions
bot
added
the
@aws-cdk/aws-eks
ashishdhingra
added
p2
needs-reproduction
|
Synthesizing CDK code below: import * as cdk from 'aws-cdk-lib';
import * as eks from 'aws-cdk-lib/aws-eks';
export class CdktestStackNew extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const cluster = new eks.Cluster(this, 'MyEksCluster', {
version: eks.KubernetesVersion.V1_23
});
new eks.Addon(this, 'podIdentityAgent', {
addonName: 'eks-pod-identity-agent',
cluster: cluster,
addonVersion: 'v1.3.4-eksbuild.1'
});
new eks.ServiceAccount(this, 'testServiceAccount', {
cluster: cluster,
name: 'test-sa',
namespace: 'default',
identityType: eks.IdentityType.POD_IDENTITY
});
}
}generates the below CloudFormation template: CloudFormation template{
"Resources": {
"MyEksClusterDefaultVpc88BB2293": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"InstanceTenancy": "default",
"Tags": [
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc"
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/Resource"
}
},
"MyEksClusterDefaultVpcPublicSubnet1SubnetD9A103CA": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-2a",
"CidrBlock": "10.0.0.0/19",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
},
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet1"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet1/Subnet"
}
},
"MyEksClusterDefaultVpcPublicSubnet1RouteTableC5BE4DA4": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet1"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet1/RouteTable"
}
},
"MyEksClusterDefaultVpcPublicSubnet1RouteTableAssociationF62B94CC": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet1RouteTableC5BE4DA4"
},
"SubnetId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet1SubnetD9A103CA"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet1/RouteTableAssociation"
}
},
"MyEksClusterDefaultVpcPublicSubnet1DefaultRoute4A067256": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "MyEksClusterDefaultVpcIGW561FF945"
},
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet1RouteTableC5BE4DA4"
}
},
"DependsOn": [
"MyEksClusterDefaultVpcVPCGWAD911C2D"
],
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet1/DefaultRoute"
}
},
"MyEksClusterDefaultVpcPublicSubnet1EIPDB62CB8B": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet1/EIP"
}
},
"MyEksClusterDefaultVpcPublicSubnet1NATGatewayBA4000A4": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"MyEksClusterDefaultVpcPublicSubnet1EIPDB62CB8B",
"AllocationId"
]
},
"SubnetId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet1SubnetD9A103CA"
},
"Tags": [
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet1"
}
]
},
"DependsOn": [
"MyEksClusterDefaultVpcPublicSubnet1DefaultRoute4A067256",
"MyEksClusterDefaultVpcPublicSubnet1RouteTableAssociationF62B94CC"
],
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet1/NATGateway"
}
},
"MyEksClusterDefaultVpcPublicSubnet2Subnet31E97A39": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-2b",
"CidrBlock": "10.0.32.0/19",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
},
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet2"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet2/Subnet"
}
},
"MyEksClusterDefaultVpcPublicSubnet2RouteTable58720079": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet2"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet2/RouteTable"
}
},
"MyEksClusterDefaultVpcPublicSubnet2RouteTableAssociation6714AB4D": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet2RouteTable58720079"
},
"SubnetId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet2Subnet31E97A39"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet2/RouteTableAssociation"
}
},
"MyEksClusterDefaultVpcPublicSubnet2DefaultRouteA332A30A": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "MyEksClusterDefaultVpcIGW561FF945"
},
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet2RouteTable58720079"
}
},
"DependsOn": [
"MyEksClusterDefaultVpcVPCGWAD911C2D"
],
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet2/DefaultRoute"
}
},
"MyEksClusterDefaultVpcPublicSubnet2EIP79C9CB50": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet2/EIP"
}
},
"MyEksClusterDefaultVpcPublicSubnet2NATGatewayC983D1F0": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"MyEksClusterDefaultVpcPublicSubnet2EIP79C9CB50",
"AllocationId"
]
},
"SubnetId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet2Subnet31E97A39"
},
"Tags": [
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet2"
}
]
},
"DependsOn": [
"MyEksClusterDefaultVpcPublicSubnet2DefaultRouteA332A30A",
"MyEksClusterDefaultVpcPublicSubnet2RouteTableAssociation6714AB4D"
],
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet2/NATGateway"
}
},
"MyEksClusterDefaultVpcPublicSubnet3Subnet3C23CA7B": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-2c",
"CidrBlock": "10.0.64.0/19",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
},
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet3"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet3/Subnet"
}
},
"MyEksClusterDefaultVpcPublicSubnet3RouteTable69FEA7B9": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet3"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet3/RouteTable"
}
},
"MyEksClusterDefaultVpcPublicSubnet3RouteTableAssociationDF6C9C7D": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet3RouteTable69FEA7B9"
},
"SubnetId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet3Subnet3C23CA7B"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet3/RouteTableAssociation"
}
},
"MyEksClusterDefaultVpcPublicSubnet3DefaultRoute765314D6": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "MyEksClusterDefaultVpcIGW561FF945"
},
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet3RouteTable69FEA7B9"
}
},
"DependsOn": [
"MyEksClusterDefaultVpcVPCGWAD911C2D"
],
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet3/DefaultRoute"
}
},
"MyEksClusterDefaultVpcPublicSubnet3EIP859BAB76": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet3/EIP"
}
},
"MyEksClusterDefaultVpcPublicSubnet3NATGateway07EA8091": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"MyEksClusterDefaultVpcPublicSubnet3EIP859BAB76",
"AllocationId"
]
},
"SubnetId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet3Subnet3C23CA7B"
},
"Tags": [
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet3"
}
]
},
"DependsOn": [
"MyEksClusterDefaultVpcPublicSubnet3DefaultRoute765314D6",
"MyEksClusterDefaultVpcPublicSubnet3RouteTableAssociationDF6C9C7D"
],
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PublicSubnet3/NATGateway"
}
},
"MyEksClusterDefaultVpcPrivateSubnet1SubnetBF290C17": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-2a",
"CidrBlock": "10.0.96.0/19",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
},
{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet1"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet1/Subnet"
}
},
"MyEksClusterDefaultVpcPrivateSubnet1RouteTable824A2045": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [
{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet1"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet1/RouteTable"
}
},
"MyEksClusterDefaultVpcPrivateSubnet1RouteTableAssociationF176997E": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet1RouteTable824A2045"
},
"SubnetId": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet1SubnetBF290C17"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet1/RouteTableAssociation"
}
},
"MyEksClusterDefaultVpcPrivateSubnet1DefaultRoute055FC96A": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet1NATGatewayBA4000A4"
},
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet1RouteTable824A2045"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet1/DefaultRoute"
}
},
"MyEksClusterDefaultVpcPrivateSubnet2SubnetFA39FCBA": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-2b",
"CidrBlock": "10.0.128.0/19",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
},
{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet2"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet2/Subnet"
}
},
"MyEksClusterDefaultVpcPrivateSubnet2RouteTable7D10A0A3": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [
{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet2"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet2/RouteTable"
}
},
"MyEksClusterDefaultVpcPrivateSubnet2RouteTableAssociation5D2DDE0F": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet2RouteTable7D10A0A3"
},
"SubnetId": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet2SubnetFA39FCBA"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet2/RouteTableAssociation"
}
},
"MyEksClusterDefaultVpcPrivateSubnet2DefaultRouteA0F07762": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet2NATGatewayC983D1F0"
},
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet2RouteTable7D10A0A3"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet2/DefaultRoute"
}
},
"MyEksClusterDefaultVpcPrivateSubnet3SubnetCBD7F1C2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-2c",
"CidrBlock": "10.0.160.0/19",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
},
{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet3"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet3/Subnet"
}
},
"MyEksClusterDefaultVpcPrivateSubnet3RouteTable2596EA87": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [
{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
},
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet3"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet3/RouteTable"
}
},
"MyEksClusterDefaultVpcPrivateSubnet3RouteTableAssociationD534F8FD": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet3RouteTable2596EA87"
},
"SubnetId": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet3SubnetCBD7F1C2"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet3/RouteTableAssociation"
}
},
"MyEksClusterDefaultVpcPrivateSubnet3DefaultRoute0E07F860": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "MyEksClusterDefaultVpcPublicSubnet3NATGateway07EA8091"
},
"RouteTableId": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet3RouteTable2596EA87"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/PrivateSubnet3/DefaultRoute"
}
},
"MyEksClusterDefaultVpcIGW561FF945": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "CdktestStackNew/MyEksCluster/DefaultVpc"
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/IGW"
}
},
"MyEksClusterDefaultVpcVPCGWAD911C2D": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"InternetGatewayId": {
"Ref": "MyEksClusterDefaultVpcIGW561FF945"
},
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/VPCGW"
}
},
"MyEksClusterDefaultVpcRestrictDefaultSecurityGroupCustomResource7C093B8A": {
"Type": "Custom::VpcRestrictDefaultSG",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
"Arn"
]
},
"DefaultSecurityGroupId": {
"Fn::GetAtt": [
"MyEksClusterDefaultVpc88BB2293",
"DefaultSecurityGroup"
]
},
"Account": "139480602983"
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/DefaultVpc/RestrictDefaultSecurityGroupCustomResource/Default"
}
},
"MyEksClusterKubectlHandlerRole1BA3BE4D": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
]
]
},
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
]
]
},
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
]
]
},
{
"Fn::If": [
"MyEksClusterHasEcrPublic59AD0994",
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly"
]
]
},
{
"Ref": "AWS::NoValue"
}
]
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/KubectlHandlerRole/Resource"
}
},
"MyEksClusterKubectlHandlerRoleDefaultPolicy7F6C4E18": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "eks:DescribeCluster",
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"MyEksCluster83497DF9",
"Arn"
]
}
},
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"MyEksClusterCreationRoleA5BECEC3",
"Arn"
]
}
}
],
"Version": "2012-10-17"
},
"PolicyName": "MyEksClusterKubectlHandlerRoleDefaultPolicy7F6C4E18",
"Roles": [
{
"Ref": "MyEksClusterKubectlHandlerRole1BA3BE4D"
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/KubectlHandlerRole/DefaultPolicy/Resource"
}
},
"MyEksClusterRoleA967FF83": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/AmazonEKSClusterPolicy"
]
]
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/Role/Resource"
}
},
"MyEksClusterControlPlaneSecurityGroup93161A01": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "EKS Control Plane Security Group",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1"
}
],
"VpcId": {
"Ref": "MyEksClusterDefaultVpc88BB2293"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/ControlPlaneSecurityGroup/Resource"
}
},
"MyEksClusterCreationRoleA5BECEC3": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"AWS": [
{
"Fn::GetAtt": [
"MyEksClusterKubectlHandlerRole1BA3BE4D",
"Arn"
]
},
{
"Fn::GetAtt": [
"awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454",
"Outputs.CdktestStackNewawscdkawseksClusterResourceProviderIsCompleteHandlerServiceRole3D54FA49Arn"
]
},
{
"Fn::GetAtt": [
"awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454",
"Outputs.CdktestStackNewawscdkawseksClusterResourceProviderOnEventHandlerServiceRole5424E4BDArn"
]
}
]
}
}
],
"Version": "2012-10-17"
}
},
"DependsOn": [
"MyEksClusterDefaultVpcIGW561FF945",
"MyEksClusterDefaultVpcPrivateSubnet1DefaultRoute055FC96A",
"MyEksClusterDefaultVpcPrivateSubnet1RouteTable824A2045",
"MyEksClusterDefaultVpcPrivateSubnet1RouteTableAssociationF176997E",
"MyEksClusterDefaultVpcPrivateSubnet1SubnetBF290C17",
"MyEksClusterDefaultVpcPrivateSubnet2DefaultRouteA0F07762",
"MyEksClusterDefaultVpcPrivateSubnet2RouteTable7D10A0A3",
"MyEksClusterDefaultVpcPrivateSubnet2RouteTableAssociation5D2DDE0F",
"MyEksClusterDefaultVpcPrivateSubnet2SubnetFA39FCBA",
"MyEksClusterDefaultVpcPrivateSubnet3DefaultRoute0E07F860",
"MyEksClusterDefaultVpcPrivateSubnet3RouteTable2596EA87",
"MyEksClusterDefaultVpcPrivateSubnet3RouteTableAssociationD534F8FD",
"MyEksClusterDefaultVpcPrivateSubnet3SubnetCBD7F1C2",
"MyEksClusterDefaultVpcPublicSubnet1DefaultRoute4A067256",
"MyEksClusterDefaultVpcPublicSubnet1EIPDB62CB8B",
"MyEksClusterDefaultVpcPublicSubnet1NATGatewayBA4000A4",
"MyEksClusterDefaultVpcPublicSubnet1RouteTableC5BE4DA4",
"MyEksClusterDefaultVpcPublicSubnet1RouteTableAssociationF62B94CC",
"MyEksClusterDefaultVpcPublicSubnet1SubnetD9A103CA",
"MyEksClusterDefaultVpcPublicSubnet2DefaultRouteA332A30A",
"MyEksClusterDefaultVpcPublicSubnet2EIP79C9CB50",
"MyEksClusterDefaultVpcPublicSubnet2NATGatewayC983D1F0",
"MyEksClusterDefaultVpcPublicSubnet2RouteTable58720079",
"MyEksClusterDefaultVpcPublicSubnet2RouteTableAssociation6714AB4D",
"MyEksClusterDefaultVpcPublicSubnet2Subnet31E97A39",
"MyEksClusterDefaultVpcPublicSubnet3DefaultRoute765314D6",
"MyEksClusterDefaultVpcPublicSubnet3EIP859BAB76",
"MyEksClusterDefaultVpcPublicSubnet3NATGateway07EA8091",
"MyEksClusterDefaultVpcPublicSubnet3RouteTable69FEA7B9",
"MyEksClusterDefaultVpcPublicSubnet3RouteTableAssociationDF6C9C7D",
"MyEksClusterDefaultVpcPublicSubnet3Subnet3C23CA7B",
"MyEksClusterDefaultVpc88BB2293",
"MyEksClusterDefaultVpcRestrictDefaultSecurityGroupCustomResource7C093B8A",
"MyEksClusterDefaultVpcVPCGWAD911C2D"
],
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/Resource/CreationRole/Resource"
}
},
"MyEksClusterCreationRoleDefaultPolicy40FA66E3": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"MyEksClusterRoleA967FF83",
"Arn"
]
}
},
{
"Action": [
"eks:CreateCluster",
"eks:CreateFargateProfile",
"eks:DeleteCluster",
"eks:DescribeCluster",
"eks:DescribeUpdate",
"eks:TagResource",
"eks:UntagResource",
"eks:UpdateClusterConfig",
"eks:UpdateClusterVersion"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"eks:DeleteFargateProfile",
"eks:DescribeFargateProfile"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeDhcpOptions",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"iam:CreateServiceLinkedRole",
"iam:GetRole",
"iam:listAttachedRolePolicies"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyName": "MyEksClusterCreationRoleDefaultPolicy40FA66E3",
"Roles": [
{
"Ref": "MyEksClusterCreationRoleA5BECEC3"
}
]
},
"DependsOn": [
"MyEksClusterDefaultVpcIGW561FF945",
"MyEksClusterDefaultVpcPrivateSubnet1DefaultRoute055FC96A",
"MyEksClusterDefaultVpcPrivateSubnet1RouteTable824A2045",
"MyEksClusterDefaultVpcPrivateSubnet1RouteTableAssociationF176997E",
"MyEksClusterDefaultVpcPrivateSubnet1SubnetBF290C17",
"MyEksClusterDefaultVpcPrivateSubnet2DefaultRouteA0F07762",
"MyEksClusterDefaultVpcPrivateSubnet2RouteTable7D10A0A3",
"MyEksClusterDefaultVpcPrivateSubnet2RouteTableAssociation5D2DDE0F",
"MyEksClusterDefaultVpcPrivateSubnet2SubnetFA39FCBA",
"MyEksClusterDefaultVpcPrivateSubnet3DefaultRoute0E07F860",
"MyEksClusterDefaultVpcPrivateSubnet3RouteTable2596EA87",
"MyEksClusterDefaultVpcPrivateSubnet3RouteTableAssociationD534F8FD",
"MyEksClusterDefaultVpcPrivateSubnet3SubnetCBD7F1C2",
"MyEksClusterDefaultVpcPublicSubnet1DefaultRoute4A067256",
"MyEksClusterDefaultVpcPublicSubnet1EIPDB62CB8B",
"MyEksClusterDefaultVpcPublicSubnet1NATGatewayBA4000A4",
"MyEksClusterDefaultVpcPublicSubnet1RouteTableC5BE4DA4",
"MyEksClusterDefaultVpcPublicSubnet1RouteTableAssociationF62B94CC",
"MyEksClusterDefaultVpcPublicSubnet1SubnetD9A103CA",
"MyEksClusterDefaultVpcPublicSubnet2DefaultRouteA332A30A",
"MyEksClusterDefaultVpcPublicSubnet2EIP79C9CB50",
"MyEksClusterDefaultVpcPublicSubnet2NATGatewayC983D1F0",
"MyEksClusterDefaultVpcPublicSubnet2RouteTable58720079",
"MyEksClusterDefaultVpcPublicSubnet2RouteTableAssociation6714AB4D",
"MyEksClusterDefaultVpcPublicSubnet2Subnet31E97A39",
"MyEksClusterDefaultVpcPublicSubnet3DefaultRoute765314D6",
"MyEksClusterDefaultVpcPublicSubnet3EIP859BAB76",
"MyEksClusterDefaultVpcPublicSubnet3NATGateway07EA8091",
"MyEksClusterDefaultVpcPublicSubnet3RouteTable69FEA7B9",
"MyEksClusterDefaultVpcPublicSubnet3RouteTableAssociationDF6C9C7D",
"MyEksClusterDefaultVpcPublicSubnet3Subnet3C23CA7B",
"MyEksClusterDefaultVpc88BB2293",
"MyEksClusterDefaultVpcRestrictDefaultSecurityGroupCustomResource7C093B8A",
"MyEksClusterDefaultVpcVPCGWAD911C2D"
],
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/Resource/CreationRole/DefaultPolicy/Resource"
}
},
"MyEksCluster83497DF9": {
"Type": "Custom::AWSCDK-EKS-Cluster",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454",
"Outputs.CdktestStackNewawscdkawseksClusterResourceProviderframeworkonEventAF75E0E7Arn"
]
},
"Config": {
"version": "1.23",
"roleArn": {
"Fn::GetAtt": [
"MyEksClusterRoleA967FF83",
"Arn"
]
},
"kubernetesNetworkConfig": {
"ipFamily": "ipv4"
},
"resourcesVpcConfig": {
"subnetIds": [
{
"Ref": "MyEksClusterDefaultVpcPublicSubnet1SubnetD9A103CA"
},
{
"Ref": "MyEksClusterDefaultVpcPublicSubnet2Subnet31E97A39"
},
{
"Ref": "MyEksClusterDefaultVpcPublicSubnet3Subnet3C23CA7B"
},
{
"Ref": "MyEksClusterDefaultVpcPrivateSubnet1SubnetBF290C17"
},
{
"Ref": "MyEksClusterDefaultVpcPrivateSubnet2SubnetFA39FCBA"
},
{
"Ref": "MyEksClusterDefaultVpcPrivateSubnet3SubnetCBD7F1C2"
}
],
"securityGroupIds": [
{
"Fn::GetAtt": [
"MyEksClusterControlPlaneSecurityGroup93161A01",
"GroupId"
]
}
],
"endpointPublicAccess": true,
"endpointPrivateAccess": true
},
"accessConfig": {}
},
"AssumeRoleArn": {
"Fn::GetAtt": [
"MyEksClusterCreationRoleA5BECEC3",
"Arn"
]
},
"AttributesRevision": 3
},
"DependsOn": [
"MyEksClusterDefaultVpcIGW561FF945",
"MyEksClusterDefaultVpcPrivateSubnet1DefaultRoute055FC96A",
"MyEksClusterDefaultVpcPrivateSubnet1RouteTable824A2045",
"MyEksClusterDefaultVpcPrivateSubnet1RouteTableAssociationF176997E",
"MyEksClusterDefaultVpcPrivateSubnet1SubnetBF290C17",
"MyEksClusterDefaultVpcPrivateSubnet2DefaultRouteA0F07762",
"MyEksClusterDefaultVpcPrivateSubnet2RouteTable7D10A0A3",
"MyEksClusterDefaultVpcPrivateSubnet2RouteTableAssociation5D2DDE0F",
"MyEksClusterDefaultVpcPrivateSubnet2SubnetFA39FCBA",
"MyEksClusterDefaultVpcPrivateSubnet3DefaultRoute0E07F860",
"MyEksClusterDefaultVpcPrivateSubnet3RouteTable2596EA87",
"MyEksClusterDefaultVpcPrivateSubnet3RouteTableAssociationD534F8FD",
"MyEksClusterDefaultVpcPrivateSubnet3SubnetCBD7F1C2",
"MyEksClusterDefaultVpcPublicSubnet1DefaultRoute4A067256",
"MyEksClusterDefaultVpcPublicSubnet1EIPDB62CB8B",
"MyEksClusterDefaultVpcPublicSubnet1NATGatewayBA4000A4",
"MyEksClusterDefaultVpcPublicSubnet1RouteTableC5BE4DA4",
"MyEksClusterDefaultVpcPublicSubnet1RouteTableAssociationF62B94CC",
"MyEksClusterDefaultVpcPublicSubnet1SubnetD9A103CA",
"MyEksClusterDefaultVpcPublicSubnet2DefaultRouteA332A30A",
"MyEksClusterDefaultVpcPublicSubnet2EIP79C9CB50",
"MyEksClusterDefaultVpcPublicSubnet2NATGatewayC983D1F0",
"MyEksClusterDefaultVpcPublicSubnet2RouteTable58720079",
"MyEksClusterDefaultVpcPublicSubnet2RouteTableAssociation6714AB4D",
"MyEksClusterDefaultVpcPublicSubnet2Subnet31E97A39",
"MyEksClusterDefaultVpcPublicSubnet3DefaultRoute765314D6",
"MyEksClusterDefaultVpcPublicSubnet3EIP859BAB76",
"MyEksClusterDefaultVpcPublicSubnet3NATGateway07EA8091",
"MyEksClusterDefaultVpcPublicSubnet3RouteTable69FEA7B9",
"MyEksClusterDefaultVpcPublicSubnet3RouteTableAssociationDF6C9C7D",
"MyEksClusterDefaultVpcPublicSubnet3Subnet3C23CA7B",
"MyEksClusterDefaultVpc88BB2293",
"MyEksClusterDefaultVpcRestrictDefaultSecurityGroupCustomResource7C093B8A",
"MyEksClusterDefaultVpcVPCGWAD911C2D",
"MyEksClusterCreationRoleDefaultPolicy40FA66E3",
"MyEksClusterCreationRoleA5BECEC3"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/Resource/Resource/Default"
}
},
"MyEksClusterKubectlReadyBarrierC8632D1A": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Type": "String",
"Value": "aws:cdk:eks:kubectl-ready"
},
"DependsOn": [
"MyEksClusterCreationRoleDefaultPolicy40FA66E3",
"MyEksClusterCreationRoleA5BECEC3",
"MyEksCluster83497DF9"
],
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/KubectlReadyBarrier"
}
},
"MyEksClusterNodegroupDefaultCapacityNodeGroupRoleE00CA74B": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/AmazonEKSWorkerNodePolicy"
]
]
},
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/AmazonEKS_CNI_Policy"
]
]
},
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
]
]
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/NodegroupDefaultCapacity/NodeGroupRole/Resource"
}
},
"MyEksClusterNodegroupDefaultCapacity1B7B36D7": {
"Type": "AWS::EKS::Nodegroup",
"Properties": {
"AmiType": "AL2_x86_64",
"ClusterName": {
"Ref": "MyEksCluster83497DF9"
},
"ForceUpdateEnabled": true,
"InstanceTypes": [
"m5.large"
],
"NodeRole": {
"Fn::GetAtt": [
"MyEksClusterNodegroupDefaultCapacityNodeGroupRoleE00CA74B",
"Arn"
]
},
"ScalingConfig": {
"DesiredSize": 2,
"MaxSize": 2,
"MinSize": 2
},
"Subnets": [
{
"Ref": "MyEksClusterDefaultVpcPrivateSubnet1SubnetBF290C17"
},
{
"Ref": "MyEksClusterDefaultVpcPrivateSubnet2SubnetFA39FCBA"
},
{
"Ref": "MyEksClusterDefaultVpcPrivateSubnet3SubnetCBD7F1C2"
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/NodegroupDefaultCapacity/Resource"
}
},
"MyEksClusterAwsAuthmanifestD0F5F92E": {
"Type": "Custom::AWSCDK-EKS-KubernetesResource",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B",
"Outputs.CdktestStackNewawscdkawseksKubectlProviderframeworkonEvent6BE88EC4Arn"
]
},
"Manifest": {
"Fn::Join": [
"",
[
"[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c884cfbd39b8f3d5ed0755c193575a3c3f84f36e6a\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"",
{
"Fn::GetAtt": [
"MyEksClusterNodegroupDefaultCapacityNodeGroupRoleE00CA74B",
"Arn"
]
},
"\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]"
]
]
},
"ClusterName": {
"Ref": "MyEksCluster83497DF9"
},
"RoleArn": {
"Fn::GetAtt": [
"MyEksClusterCreationRoleA5BECEC3",
"Arn"
]
},
"PruneLabel": "aws.cdk.eks/prune-c884cfbd39b8f3d5ed0755c193575a3c3f84f36e6a",
"Overwrite": true
},
"DependsOn": [
"MyEksClusterKubectlReadyBarrierC8632D1A"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/AwsAuth/manifest/Resource/Default"
}
},
"MyEksClusterEksPodIdentityAgentAddon92276F33": {
"Type": "AWS::EKS::Addon",
"Properties": {
"AddonName": "eks-pod-identity-agent",
"ClusterName": {
"Ref": "MyEksCluster83497DF9"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/EksPodIdentityAgentAddon/Resource"
}
},
"CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
]
},
"ManagedPolicyArns": [
{
"Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
],
"Policies": [
{
"PolicyName": "Inline",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:RevokeSecurityGroupEgress"
],
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:ec2:us-east-2:139480602983:security-group/",
{
"Fn::GetAtt": [
"MyEksClusterDefaultVpc88BB2293",
"DefaultSecurityGroup"
]
}
]
]
}
]
}
]
}
}
]
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role"
}
},
"CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": "cdk-hnb659fds-assets-139480602983-us-east-2",
"S3Key": "7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200.zip"
},
"Timeout": 900,
"MemorySize": 128,
"Handler": "__entrypoint__.handler",
"Role": {
"Fn::GetAtt": [
"CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
"Arn"
]
},
"Runtime": "nodejs20.x",
"Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
},
"DependsOn": [
"CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
],
"Metadata": {
"aws:cdk:path": "CdktestStackNew/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler",
"aws:asset:path": "asset.7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200",
"aws:asset:property": "Code"
}
},
"awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": {
"Type": "AWS::CloudFormation::Stack",
"Properties": {
"TemplateURL": {
"Fn::Join": [
"",
[
"https://s3.us-east-2.",
{
"Ref": "AWS::URLSuffix"
},
"/cdk-hnb659fds-assets-139480602983-us-east-2/ef5ac9a45d4e015b895e6f56ae468b71abc54fb27090406ed97bca43f575f859.json"
]
]
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "CdktestStackNew/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStack/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStackResource",
"aws:asset:path": "CdktestStackNewawscdkawseksClusterResourceProviderCB4736CD.nested.template.json",
"aws:asset:property": "TemplateURL"
}
},
"awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": {
"Type": "AWS::CloudFormation::Stack",
"Properties": {
"Parameters": {
"referencetoCdktestStackNewMyEksClusterKubectlHandlerRoleD36BE650Arn": {
"Fn::GetAtt": [
"MyEksClusterKubectlHandlerRole1BA3BE4D",
"Arn"
]
},
"referencetoCdktestStackNewMyEksClusterDefaultVpcPrivateSubnet1SubnetE110A9C6Ref": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet1SubnetBF290C17"
},
"referencetoCdktestStackNewMyEksClusterDefaultVpcPrivateSubnet2SubnetE15CD950Ref": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet2SubnetFA39FCBA"
},
"referencetoCdktestStackNewMyEksClusterDefaultVpcPrivateSubnet3SubnetF14CCAEDRef": {
"Ref": "MyEksClusterDefaultVpcPrivateSubnet3SubnetCBD7F1C2"
},
"referencetoCdktestStackNewMyEksClusterD664308DClusterSecurityGroupId": {
"Fn::GetAtt": [
"MyEksCluster83497DF9",
"ClusterSecurityGroupId"
]
}
},
"TemplateURL": {
"Fn::Join": [
"",
[
"https://s3.us-east-2.",
{
"Ref": "AWS::URLSuffix"
},
"/cdk-hnb659fds-assets-139480602983-us-east-2/22fd187618ffc72263f4be76cd9ac55787a774e0a07974a142c2ab7c133b9d8b.json"
]
]
}
},
"DependsOn": [
"MyEksClusterDefaultVpcPrivateSubnet1DefaultRoute055FC96A",
"MyEksClusterDefaultVpcPrivateSubnet1RouteTableAssociationF176997E",
"MyEksClusterDefaultVpcPrivateSubnet2DefaultRouteA0F07762",
"MyEksClusterDefaultVpcPrivateSubnet2RouteTableAssociation5D2DDE0F",
"MyEksClusterDefaultVpcPrivateSubnet3DefaultRoute0E07F860",
"MyEksClusterDefaultVpcPrivateSubnet3RouteTableAssociationD534F8FD",
"MyEksClusterKubectlHandlerRoleDefaultPolicy7F6C4E18",
"MyEksClusterKubectlHandlerRole1BA3BE4D"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "CdktestStackNew/@aws-cdk--aws-eks.KubectlProvider.NestedStack/@aws-cdk--aws-eks.KubectlProvider.NestedStackResource",
"aws:asset:path": "CdktestStackNewawscdkawseksKubectlProvider848668E9.nested.template.json",
"aws:asset:property": "TemplateURL"
}
},
"podIdentityAgent469797D3": {
"Type": "AWS::EKS::Addon",
"Properties": {
"AddonName": "eks-pod-identity-agent",
"AddonVersion": "v1.3.4-eksbuild.1",
"ClusterName": {
"Ref": "MyEksCluster83497DF9"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/podIdentityAgent/Resource"
}
},
"testServiceAccountRole11CE6092": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole",
"sts:TagSession"
],
"Effect": "Allow",
"Principal": {
"Service": "pods.eks.amazonaws.com"
}
}
],
"Version": "2012-10-17"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/testServiceAccount/Role/Resource"
}
},
"testServiceAccountAssociation3AB6AAAE": {
"Type": "AWS::EKS::PodIdentityAssociation",
"Properties": {
"ClusterName": {
"Ref": "MyEksCluster83497DF9"
},
"Namespace": "default",
"RoleArn": {
"Fn::GetAtt": [
"testServiceAccountRole11CE6092",
"Arn"
]
},
"ServiceAccount": "test-sa"
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/testServiceAccount/Association"
}
},
"testServiceAccountmanifesttestServiceAccountServiceAccountResource13B04304": {
"Type": "Custom::AWSCDK-EKS-KubernetesResource",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B",
"Outputs.CdktestStackNewawscdkawseksKubectlProviderframeworkonEvent6BE88EC4Arn"
]
},
"Manifest": {
"Fn::Join": [
"",
[
"[{\"apiVersion\":\"v1\",\"kind\":\"ServiceAccount\",\"metadata\":{\"name\":\"test-sa\",\"namespace\":\"default\",\"labels\":{\"aws.cdk.eks/prune-c86dce89d5c5136502ef223e71499324d120f1c03a\":\"\",\"app.kubernetes.io/name\":\"test-sa\"},\"annotations\":{\"eks.amazonaws.com/role-arn\":\"",
{
"Fn::GetAtt": [
"testServiceAccountRole11CE6092",
"Arn"
]
},
"\"}}}]"
]
]
},
"ClusterName": {
"Ref": "MyEksCluster83497DF9"
},
"RoleArn": {
"Fn::GetAtt": [
"MyEksClusterCreationRoleA5BECEC3",
"Arn"
]
},
"PruneLabel": "aws.cdk.eks/prune-c86dce89d5c5136502ef223e71499324d120f1c03a"
},
"DependsOn": [
"MyEksClusterKubectlReadyBarrierC8632D1A"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "CdktestStackNew/testServiceAccount/manifest-testServiceAccountServiceAccountResource/Resource/Default"
}
},
"CDKMetadata": {
"Type": "AWS::CDK::Metadata",
"Properties": {
"Analytics": "v2:deflate64:H4sIAAAAAAAA/1VR0WqDQBD8lrxfrokU2lcrJYTSIlryWs67NdlE78LtniLivxe1qcnTzgxzy8xeJLcvkdysVEtrbS7rCgvZ56z0RaiWfnq4kOyTKhCDF1/OwNG7cBVJaRcStxQHPomPUIC3wECfymIJxCI2xtnRPYMcfIMaYq1dsDzqqTN7A5aRu5jIaVSMzg4CdCT7w1WPnkOaiDQUFeo8FBamdwvKXGD4VkUFi75od0v/zSN436dTCcU7xdCqTqQeG8WwLN5bnurcDHOSPxYzK32qwbLIQQeP3O1ul3kQBoGqln3m5nzTTF2Fupvrj2gYRAbkgtcgkkDs6oWW9h4nzhqcyzz4Uu8aNODfFIGIiYBzVke0xynP+J2DsM6APNNTs32V0UY+r86EuPbBMtYgs3n+AnZaDIAQAgAA"
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/CDKMetadata/Default"
}
}
},
"Conditions": {
"MyEksClusterHasEcrPublic59AD0994": {
"Fn::Equals": [
{
"Ref": "AWS::Partition"
},
"aws"
]
}
},
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}It has two ...
"MyEksClusterEksPodIdentityAgentAddon92276F33": {
"Type": "AWS::EKS::Addon",
"Properties": {
"AddonName": "eks-pod-identity-agent",
"ClusterName": {
"Ref": "MyEksCluster83497DF9"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/MyEksCluster/EksPodIdentityAgentAddon/Resource"
}
},
...
...
"podIdentityAgent469797D3": {
"Type": "AWS::EKS::Addon",
"Properties": {
"AddonName": "eks-pod-identity-agent",
"AddonVersion": "v1.3.4-eksbuild.1",
"ClusterName": {
"Ref": "MyEksCluster83497DF9"
}
},
"Metadata": {
"aws:cdk:path": "CdktestStackNew/podIdentityAgent/Resource"
}
},
...For
|
ashishdhingra
added
effort/small
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
If the Pod Identity Agent add-on is already created
Then adding a new Pod Identity service account will fail because the add-on is already installed
Error message: "eks-pod-identity-agent already exists in stack"
Regression Issue
Last Known Working CDK Version
No response
Expected Behavior
The creation of the Pod Identity service account would detect that the Pod Identity Agent is already installed and skip that step
Current Behavior
The creation of the Pod Identity service does not detect that the Pod Identity Agent is already installed and the deployment fails
Reproduction Steps
Create the Pod Identity Agent add-on
Then add a new Pod Identity service account
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.167.1
Framework Version
No response
Node.js Version
18.20.4
OS
MacOS
Language
TypeScript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: