Skip to content

[release-0.18] Use only Service Linked Role for EKS clusters #2092

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cPu1 merged 3 commits into from
Apr 27, 2020
Merged

[release-0.18] Use only Service Linked Role for EKS clusters #2092

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e513240
Drop policy AmazonEKSServicePolicy from cluster role
cPu1 Mar 5, 2020
80191d8
Fix tests
cPu1 Mar 5, 2020
89354ba
Update cluster stack examples
cPu1 Mar 5, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions pkg/cfn/builder/api_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2295,9 +2295,9 @@ var _ = Describe("CloudFormation template builder API", func() {
It("should have correct own IAM resources", func() {
Expect(clusterTemplate.Resources["ServiceRole"].Properties).ToNot(BeNil())

Expect(clusterTemplate.Resources["ServiceRole"].Properties.ManagedPolicyArns).To(Equal(makePolicyARNRef(
"AmazonEKSServicePolicy", "AmazonEKSClusterPolicy",
)))
Expect(clusterTemplate.Resources["ServiceRole"].Properties.ManagedPolicyArns).To(Equal(
makePolicyARNRef("AmazonEKSClusterPolicy")),
)

checkARPD([]string{"EKS", "EKSFargatePods"}, clusterTemplate.Resources["ServiceRole"].Properties.AssumeRolePolicyDocument)

Expand Down
2 changes: 0 additions & 2 deletions pkg/cfn/builder/iam.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import (
)

const (
iamPolicyAmazonEKSServicePolicy = "AmazonEKSServicePolicy"
iamPolicyAmazonEKSClusterPolicy = "AmazonEKSClusterPolicy"

iamPolicyAmazonEKSWorkerNodePolicy = "AmazonEKSWorkerNodePolicy"
Expand Down Expand Up @@ -79,7 +78,6 @@ func (c *ClusterResourceSet) addResourcesForIAM() {
MakeServiceRef("EKSFargatePods"),
),
ManagedPolicyArns: makePolicyARNs(
iamPolicyAmazonEKSServicePolicy,
iamPolicyAmazonEKSClusterPolicy,
),
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/cfn/template/testdata/cluster-example-1.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"AWSTemplateFormatVersion":"2010-09-09","Description":"EKS cluster (dedicated VPC: true, dedicated IAM: true) [created and managed by eksctl]","Resources":{"ClusterSharedNodeSecurityGroup":{"Type":"AWS::EC2::SecurityGroup","Properties":{"GroupDescription":"Communication between all nodes in the cluster","Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/ClusterSharedNodeSecurityGroup"}}],"VpcId":{"Ref":"VPC"}}},"ControlPlane":{"Type":"AWS::EKS::Cluster","Properties":{"Name":"wonderful-party-1565212003","ResourcesVpcConfig":{"SecurityGroupIds":[{"Ref":"ControlPlaneSecurityGroup"}],"SubnetIds":[{"Ref":"SubnetPublicUSWEST2B"},{"Ref":"SubnetPublicUSWEST2D"},{"Ref":"SubnetPublicUSWEST2C"},{"Ref":"SubnetPrivateUSWEST2B"},{"Ref":"SubnetPrivateUSWEST2D"},{"Ref":"SubnetPrivateUSWEST2C"}]},"RoleArn":{"Fn::GetAtt":"ServiceRole.Arn"},"Version":"1.13"}},"ControlPlaneSecurityGroup":{"Type":"AWS::EC2::SecurityGroup","Properties":{"GroupDescription":"Communication between the control plane and worker nodegroups","Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/ControlPlaneSecurityGroup"}}],"VpcId":{"Ref":"VPC"}}},"IngressInterNodeGroupSG":{"Type":"AWS::EC2::SecurityGroupIngress","Properties":{"Description":"Allow nodes to communicate with each other (all ports)","FromPort":0,"GroupId":{"Ref":"ClusterSharedNodeSecurityGroup"},"IpProtocol":"-1","SourceSecurityGroupId":{"Ref":"ClusterSharedNodeSecurityGroup"},"ToPort":65535}},"InternetGateway":{"Type":"AWS::EC2::InternetGateway","Properties":{"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/InternetGateway"}}]}},"NATGateway":{"Type":"AWS::EC2::NatGateway","Properties":{"AllocationId":{"Fn::GetAtt":"NATIP.AllocationId"},"SubnetId":{"Ref":"SubnetPublicUSWEST2B"},"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/NATGateway"}}]}},"NATIP":{"Type":"AWS::EC2::EIP","Properties":{"Domain":"vpc"}},"NATPrivateSubnetRouteUSWEST2B":{"Type":"AWS::EC2::Route","Properties":{"DestinationCidrBlock":"0.0.0.0/0","NatGatewayId":{"Ref":"NATGateway"},"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2B"}}},"NATPrivateSubnetRouteUSWEST2C":{"Type":"AWS::EC2::Route","Properties":{"DestinationCidrBlock":"0.0.0.0/0","NatGatewayId":{"Ref":"NATGateway"},"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2C"}}},"NATPrivateSubnetRouteUSWEST2D":{"Type":"AWS::EC2::Route","Properties":{"DestinationCidrBlock":"0.0.0.0/0","NatGatewayId":{"Ref":"NATGateway"},"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2D"}}},"PolicyCloudWatchMetrics":{"Type":"AWS::IAM::Policy","Properties":{"PolicyDocument":{"Statement":[{"Action":["cloudwatch:PutMetricData"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"PolicyName":{"Fn::Sub":"${AWS::StackName}-PolicyCloudWatchMetrics"},"Roles":[{"Ref":"ServiceRole"}]}},"PolicyNLB":{"Type":"AWS::IAM::Policy","Properties":{"PolicyDocument":{"Statement":[{"Action":["elasticloadbalancing:*","ec2:CreateSecurityGroup","ec2:Describe*"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"PolicyName":{"Fn::Sub":"${AWS::StackName}-PolicyNLB"},"Roles":[{"Ref":"ServiceRole"}]}},"PrivateRouteTableUSWEST2B":{"Type":"AWS::EC2::RouteTable","Properties":{"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/PrivateRouteTableUSWEST2B"}}],"VpcId":{"Ref":"VPC"}}},"PrivateRouteTableUSWEST2C":{"Type":"AWS::EC2::RouteTable","Properties":{"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/PrivateRouteTableUSWEST2C"}}],"VpcId":{"Ref":"VPC"}}},"PrivateRouteTableUSWEST2D":{"Type":"AWS::EC2::RouteTable","Properties":{"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/PrivateRouteTableUSWEST2D"}}],"VpcId":{"Ref":"VPC"}}},"PublicRouteTable":{"Type":"AWS::EC2::RouteTable","Properties":{"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/PublicRouteTable"}}],"VpcId":{"Ref":"VPC"}}},"PublicSubnetRoute":{"Type":"AWS::EC2::Route","Properties":{"DestinationCidrBlock":"0.0.0.0/0","GatewayId":{"Ref":"InternetGateway"},"RouteTableId":{"Ref":"PublicRouteTable"}}},"RouteTableAssociationPrivateUSWEST2B":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2B"},"SubnetId":{"Ref":"SubnetPrivateUSWEST2B"}}},"RouteTableAssociationPrivateUSWEST2C":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2C"},"SubnetId":{"Ref":"SubnetPrivateUSWEST2C"}}},"RouteTableAssociationPrivateUSWEST2D":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2D"},"SubnetId":{"Ref":"SubnetPrivateUSWEST2D"}}},"RouteTableAssociationPublicUSWEST2B":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PublicRouteTable"},"SubnetId":{"Ref":"SubnetPublicUSWEST2B"}}},"RouteTableAssociationPublicUSWEST2C":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PublicRouteTable"},"SubnetId":{"Ref":"SubnetPublicUSWEST2C"}}},"RouteTableAssociationPublicUSWEST2D":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PublicRouteTable"},"SubnetId":{"Ref":"SubnetPublicUSWEST2D"}}},"ServiceRole":{"Type":"AWS::IAM::Role","Properties":{"AssumeRolePolicyDocument":{"Statement":[{"Action":["sts:AssumeRole"],"Effect":"Allow","Principal":{"Service":["eks.amazonaws.com"]}}],"Version":"2012-10-17"},"ManagedPolicyArns":["arn:aws:iam::aws:policy/AmazonEKSServicePolicy","arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"]}},"SubnetPrivateUSWEST2B":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2b","CidrBlock":"192.168.96.0/19","Tags":[{"Key":"kubernetes.io/role/internal-elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPrivateUSWEST2B"}}],"VpcId":{"Ref":"VPC"}}},"SubnetPrivateUSWEST2C":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2c","CidrBlock":"192.168.160.0/19","Tags":[{"Key":"kubernetes.io/role/internal-elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPrivateUSWEST2C"}}],"VpcId":{"Ref":"VPC"}}},"SubnetPrivateUSWEST2D":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2d","CidrBlock":"192.168.128.0/19","Tags":[{"Key":"kubernetes.io/role/internal-elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPrivateUSWEST2D"}}],"VpcId":{"Ref":"VPC"}}},"SubnetPublicUSWEST2B":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2b","CidrBlock":"192.168.0.0/19","Tags":[{"Key":"kubernetes.io/role/elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPublicUSWEST2B"}}],"VpcId":{"Ref":"VPC"}}},"SubnetPublicUSWEST2C":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2c","CidrBlock":"192.168.64.0/19","Tags":[{"Key":"kubernetes.io/role/elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPublicUSWEST2C"}}],"VpcId":{"Ref":"VPC"}}},"SubnetPublicUSWEST2D":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2d","CidrBlock":"192.168.32.0/19","Tags":[{"Key":"kubernetes.io/role/elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPublicUSWEST2D"}}],"VpcId":{"Ref":"VPC"}}},"VPC":{"Type":"AWS::EC2::VPC","Properties":{"CidrBlock":"192.168.0.0/16","EnableDnsHostnames":true,"EnableDnsSupport":true,"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/VPC"}}]}},"VPCGatewayAttachment":{"Type":"AWS::EC2::VPCGatewayAttachment","Properties":{"InternetGatewayId":{"Ref":"InternetGateway"},"VpcId":{"Ref":"VPC"}}}},"Outputs":{"ARN":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::ARN"}},"Value":{"Fn::GetAtt":"ControlPlane.Arn"}},"CertificateAuthorityData":{"Value":{"Fn::GetAtt":"ControlPlane.CertificateAuthorityData"}},"ClusterStackName":{"Value":{"Ref":"AWS::StackName"}},"Endpoint":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::Endpoint"}},"Value":{"Fn::GetAtt":"ControlPlane.Endpoint"}},"FeatureNATMode":{"Value":"Single"},"SecurityGroup":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::SecurityGroup"}},"Value":{"Ref":"ControlPlaneSecurityGroup"}},"ServiceRoleARN":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::ServiceRoleARN"}},"Value":{"Fn::GetAtt":"ServiceRole.Arn"}},"SharedNodeSecurityGroup":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::SharedNodeSecurityGroup"}},"Value":{"Ref":"ClusterSharedNodeSecurityGroup"}},"SubnetsPrivate":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::SubnetsPrivate"}},"Value":{"Fn::Join":[",",[{"Ref":"SubnetPrivateUSWEST2B"},{"Ref":"SubnetPrivateUSWEST2D"},{"Ref":"SubnetPrivateUSWEST2C"}]]}},"SubnetsPublic":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::SubnetsPublic"}},"Value":{"Fn::Join":[",",[{"Ref":"SubnetPublicUSWEST2B"},{"Ref":"SubnetPublicUSWEST2D"},{"Ref":"SubnetPublicUSWEST2C"}]]}},"VPC":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::VPC"}},"Value":{"Ref":"VPC"}}}}
{"AWSTemplateFormatVersion":"2010-09-09","Description":"EKS cluster (dedicated VPC: true, dedicated IAM: true) [created and managed by eksctl]","Resources":{"ClusterSharedNodeSecurityGroup":{"Type":"AWS::EC2::SecurityGroup","Properties":{"GroupDescription":"Communication between all nodes in the cluster","Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/ClusterSharedNodeSecurityGroup"}}],"VpcId":{"Ref":"VPC"}}},"ControlPlane":{"Type":"AWS::EKS::Cluster","Properties":{"Name":"wonderful-party-1565212003","ResourcesVpcConfig":{"SecurityGroupIds":[{"Ref":"ControlPlaneSecurityGroup"}],"SubnetIds":[{"Ref":"SubnetPublicUSWEST2B"},{"Ref":"SubnetPublicUSWEST2D"},{"Ref":"SubnetPublicUSWEST2C"},{"Ref":"SubnetPrivateUSWEST2B"},{"Ref":"SubnetPrivateUSWEST2D"},{"Ref":"SubnetPrivateUSWEST2C"}]},"RoleArn":{"Fn::GetAtt":"ServiceRole.Arn"},"Version":"1.13"}},"ControlPlaneSecurityGroup":{"Type":"AWS::EC2::SecurityGroup","Properties":{"GroupDescription":"Communication between the control plane and worker nodegroups","Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/ControlPlaneSecurityGroup"}}],"VpcId":{"Ref":"VPC"}}},"IngressInterNodeGroupSG":{"Type":"AWS::EC2::SecurityGroupIngress","Properties":{"Description":"Allow nodes to communicate with each other (all ports)","FromPort":0,"GroupId":{"Ref":"ClusterSharedNodeSecurityGroup"},"IpProtocol":"-1","SourceSecurityGroupId":{"Ref":"ClusterSharedNodeSecurityGroup"},"ToPort":65535}},"InternetGateway":{"Type":"AWS::EC2::InternetGateway","Properties":{"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/InternetGateway"}}]}},"NATGateway":{"Type":"AWS::EC2::NatGateway","Properties":{"AllocationId":{"Fn::GetAtt":"NATIP.AllocationId"},"SubnetId":{"Ref":"SubnetPublicUSWEST2B"},"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/NATGateway"}}]}},"NATIP":{"Type":"AWS::EC2::EIP","Properties":{"Domain":"vpc"}},"NATPrivateSubnetRouteUSWEST2B":{"Type":"AWS::EC2::Route","Properties":{"DestinationCidrBlock":"0.0.0.0/0","NatGatewayId":{"Ref":"NATGateway"},"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2B"}}},"NATPrivateSubnetRouteUSWEST2C":{"Type":"AWS::EC2::Route","Properties":{"DestinationCidrBlock":"0.0.0.0/0","NatGatewayId":{"Ref":"NATGateway"},"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2C"}}},"NATPrivateSubnetRouteUSWEST2D":{"Type":"AWS::EC2::Route","Properties":{"DestinationCidrBlock":"0.0.0.0/0","NatGatewayId":{"Ref":"NATGateway"},"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2D"}}},"PolicyCloudWatchMetrics":{"Type":"AWS::IAM::Policy","Properties":{"PolicyDocument":{"Statement":[{"Action":["cloudwatch:PutMetricData"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"PolicyName":{"Fn::Sub":"${AWS::StackName}-PolicyCloudWatchMetrics"},"Roles":[{"Ref":"ServiceRole"}]}},"PolicyNLB":{"Type":"AWS::IAM::Policy","Properties":{"PolicyDocument":{"Statement":[{"Action":["elasticloadbalancing:*","ec2:CreateSecurityGroup","ec2:Describe*"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"PolicyName":{"Fn::Sub":"${AWS::StackName}-PolicyNLB"},"Roles":[{"Ref":"ServiceRole"}]}},"PrivateRouteTableUSWEST2B":{"Type":"AWS::EC2::RouteTable","Properties":{"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/PrivateRouteTableUSWEST2B"}}],"VpcId":{"Ref":"VPC"}}},"PrivateRouteTableUSWEST2C":{"Type":"AWS::EC2::RouteTable","Properties":{"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/PrivateRouteTableUSWEST2C"}}],"VpcId":{"Ref":"VPC"}}},"PrivateRouteTableUSWEST2D":{"Type":"AWS::EC2::RouteTable","Properties":{"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/PrivateRouteTableUSWEST2D"}}],"VpcId":{"Ref":"VPC"}}},"PublicRouteTable":{"Type":"AWS::EC2::RouteTable","Properties":{"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/PublicRouteTable"}}],"VpcId":{"Ref":"VPC"}}},"PublicSubnetRoute":{"Type":"AWS::EC2::Route","Properties":{"DestinationCidrBlock":"0.0.0.0/0","GatewayId":{"Ref":"InternetGateway"},"RouteTableId":{"Ref":"PublicRouteTable"}}},"RouteTableAssociationPrivateUSWEST2B":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2B"},"SubnetId":{"Ref":"SubnetPrivateUSWEST2B"}}},"RouteTableAssociationPrivateUSWEST2C":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2C"},"SubnetId":{"Ref":"SubnetPrivateUSWEST2C"}}},"RouteTableAssociationPrivateUSWEST2D":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PrivateRouteTableUSWEST2D"},"SubnetId":{"Ref":"SubnetPrivateUSWEST2D"}}},"RouteTableAssociationPublicUSWEST2B":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PublicRouteTable"},"SubnetId":{"Ref":"SubnetPublicUSWEST2B"}}},"RouteTableAssociationPublicUSWEST2C":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PublicRouteTable"},"SubnetId":{"Ref":"SubnetPublicUSWEST2C"}}},"RouteTableAssociationPublicUSWEST2D":{"Type":"AWS::EC2::SubnetRouteTableAssociation","Properties":{"RouteTableId":{"Ref":"PublicRouteTable"},"SubnetId":{"Ref":"SubnetPublicUSWEST2D"}}},"ServiceRole":{"Type":"AWS::IAM::Role","Properties":{"AssumeRolePolicyDocument":{"Statement":[{"Action":["sts:AssumeRole"],"Effect":"Allow","Principal":{"Service":["eks.amazonaws.com"]}}],"Version":"2012-10-17"},"ManagedPolicyArns":["arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"]}},"SubnetPrivateUSWEST2B":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2b","CidrBlock":"192.168.96.0/19","Tags":[{"Key":"kubernetes.io/role/internal-elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPrivateUSWEST2B"}}],"VpcId":{"Ref":"VPC"}}},"SubnetPrivateUSWEST2C":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2c","CidrBlock":"192.168.160.0/19","Tags":[{"Key":"kubernetes.io/role/internal-elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPrivateUSWEST2C"}}],"VpcId":{"Ref":"VPC"}}},"SubnetPrivateUSWEST2D":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2d","CidrBlock":"192.168.128.0/19","Tags":[{"Key":"kubernetes.io/role/internal-elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPrivateUSWEST2D"}}],"VpcId":{"Ref":"VPC"}}},"SubnetPublicUSWEST2B":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2b","CidrBlock":"192.168.0.0/19","Tags":[{"Key":"kubernetes.io/role/elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPublicUSWEST2B"}}],"VpcId":{"Ref":"VPC"}}},"SubnetPublicUSWEST2C":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2c","CidrBlock":"192.168.64.0/19","Tags":[{"Key":"kubernetes.io/role/elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPublicUSWEST2C"}}],"VpcId":{"Ref":"VPC"}}},"SubnetPublicUSWEST2D":{"Type":"AWS::EC2::Subnet","Properties":{"AvailabilityZone":"us-west-2d","CidrBlock":"192.168.32.0/19","Tags":[{"Key":"kubernetes.io/role/elb","Value":"1"},{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/SubnetPublicUSWEST2D"}}],"VpcId":{"Ref":"VPC"}}},"VPC":{"Type":"AWS::EC2::VPC","Properties":{"CidrBlock":"192.168.0.0/16","EnableDnsHostnames":true,"EnableDnsSupport":true,"Tags":[{"Key":"Name","Value":{"Fn::Sub":"${AWS::StackName}/VPC"}}]}},"VPCGatewayAttachment":{"Type":"AWS::EC2::VPCGatewayAttachment","Properties":{"InternetGatewayId":{"Ref":"InternetGateway"},"VpcId":{"Ref":"VPC"}}}},"Outputs":{"ARN":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::ARN"}},"Value":{"Fn::GetAtt":"ControlPlane.Arn"}},"CertificateAuthorityData":{"Value":{"Fn::GetAtt":"ControlPlane.CertificateAuthorityData"}},"ClusterStackName":{"Value":{"Ref":"AWS::StackName"}},"Endpoint":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::Endpoint"}},"Value":{"Fn::GetAtt":"ControlPlane.Endpoint"}},"FeatureNATMode":{"Value":"Single"},"SecurityGroup":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::SecurityGroup"}},"Value":{"Ref":"ControlPlaneSecurityGroup"}},"ServiceRoleARN":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::ServiceRoleARN"}},"Value":{"Fn::GetAtt":"ServiceRole.Arn"}},"SharedNodeSecurityGroup":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::SharedNodeSecurityGroup"}},"Value":{"Ref":"ClusterSharedNodeSecurityGroup"}},"SubnetsPrivate":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::SubnetsPrivate"}},"Value":{"Fn::Join":[",",[{"Ref":"SubnetPrivateUSWEST2B"},{"Ref":"SubnetPrivateUSWEST2D"},{"Ref":"SubnetPrivateUSWEST2C"}]]}},"SubnetsPublic":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::SubnetsPublic"}},"Value":{"Fn::Join":[",",[{"Ref":"SubnetPublicUSWEST2B"},{"Ref":"SubnetPublicUSWEST2D"},{"Ref":"SubnetPublicUSWEST2C"}]]}},"VPC":{"Export":{"Name":{"Fn::Sub":"${AWS::StackName}::VPC"}},"Value":{"Ref":"VPC"}}}}
Loading