This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::EKS::Addon Creates an Amazon EKS add-on. Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. For more information, see [Amazon EKS add-ons](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) in the *Amazon EKS User Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::EKS::Addon", "Properties" : { "[AddonName](#cfn-eks-addon-addonname)" : String, "[AddonVersion](#cfn-eks-addon-addonversion)" : String, "[ClusterName](#cfn-eks-addon-clustername)" : String, "[ConfigurationValues](#cfn-eks-addon-configurationvalues)" : String, "[NamespaceConfig](#cfn-eks-addon-namespaceconfig)" : NamespaceConfig, "[PodIdentityAssociations](#cfn-eks-addon-podidentityassociations)" : [ PodIdentityAssociation, ... ], "[PreserveOnDelete](#cfn-eks-addon-preserveondelete)" : Boolean, "[ResolveConflicts](#cfn-eks-addon-resolveconflicts)" : String, "[ServiceAccountRoleArn](#cfn-eks-addon-serviceaccountrolearn)" : String, "[Tags](#cfn-eks-addon-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::EKS::Addon Properties: [AddonName](#cfn-eks-addon-addonname): String [AddonVersion](#cfn-eks-addon-addonversion): String [ClusterName](#cfn-eks-addon-clustername): String [ConfigurationValues](#cfn-eks-addon-configurationvalues): String [NamespaceConfig](#cfn-eks-addon-namespaceconfig): NamespaceConfig [PodIdentityAssociations](#cfn-eks-addon-podidentityassociations): - PodIdentityAssociation [PreserveOnDelete](#cfn-eks-addon-preserveondelete): Boolean [ResolveConflicts](#cfn-eks-addon-resolveconflicts): String [ServiceAccountRoleArn](#cfn-eks-addon-serviceaccountrolearn): String [Tags](#cfn-eks-addon-tags): - Tag ``` ## Properties `AddonName` The name of the add-on. *Required*: Yes *Type*: String *Minimum*: `1` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `AddonVersion` The version of the add-on. *Required*: No *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ClusterName` The name of your cluster. *Required*: Yes *Type*: String *Minimum*: `1` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `ConfigurationValues` The configuration values that you provided. *Required*: No *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NamespaceConfig` The namespace configuration for the addon. This specifies the Kubernetes namespace where the addon is installed. *Required*: No *Type*: [NamespaceConfig](aws-properties-eks-addon-namespaceconfig.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `PodIdentityAssociations` An array of EKS Pod Identity associations owned by the add-on. Each association maps a role to a service account in a namespace in the cluster. For more information, see [Attach an IAM Role to an Amazon EKS add-on using EKS Pod Identity](https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html) in the *Amazon EKS User Guide*. *Required*: No *Type*: Array of [PodIdentityAssociation](aws-properties-eks-addon-podidentityassociation.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PreserveOnDelete` Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. If an IAM account is associated with the add-on, it isn't removed. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ResolveConflicts` How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are handled based on the value you choose: + **None** – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail. + **Overwrite** – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value. + **Preserve** – This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see [https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html). If you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify. *Required*: No *Type*: String *Allowed values*: `NONE | OVERWRITE | PRESERVE` *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServiceAccountRoleArn` The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the *Amazon EKS User Guide*. To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see [Enabling IAM roles for service accounts on your cluster](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) in the *Amazon EKS User Guide*. *Required*: No *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` The metadata that you apply to the add-on to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Add-on tags do not propagate to any other resources associated with the cluster. *Required*: No *Type*: Array of [Tag](aws-properties-eks-addon-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the resource name. For example: `{ "Ref": "vpc-cni" }` For the add-on `vpc-cni`, `Ref` returns the name of the add-on. For example, `cluster-name|vpc-cni`. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The ARN of the add-on, such as `arn:aws:eks:us-west-2:111122223333:addon/1-19/vpc-cni/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`. ## See also + [Amazon EKS add-ons](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) in the *Amazon EKS User Guide*. + [https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAddon.html](https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAddon.html) in the *Amazon EKS API Reference*. # AWS::EKS::Addon NamespaceConfig The `NamespaceConfig` property type specifies Property description not available. for an [AWS::EKS::Addon](aws-resource-eks-addon.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Namespace](#cfn-eks-addon-namespaceconfig-namespace)" : String } ``` ### YAML ``` [Namespace](#cfn-eks-addon-namespaceconfig-namespace): String ``` ## Properties `Namespace` Property description not available. *Required*: Yes *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::EKS::Addon PodIdentityAssociation Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[RoleArn](#cfn-eks-addon-podidentityassociation-rolearn)" : String, "[ServiceAccount](#cfn-eks-addon-podidentityassociation-serviceaccount)" : String } ``` ### YAML ``` [RoleArn](#cfn-eks-addon-podidentityassociation-rolearn): String [ServiceAccount](#cfn-eks-addon-podidentityassociation-serviceaccount): String ``` ## Properties `RoleArn` The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the Pods that use this service account. *Required*: Yes *Type*: String *Pattern*: `^arn:aws(-cn|-us-gov|-iso(-[a-z])?)?:iam::\d{12}:(role)\/*` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServiceAccount` The name of the Kubernetes service account inside the cluster to associate the IAM credentials with. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::EKS::Addon Tag The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value. You define them. The following basic restrictions apply to tags: + Maximum number of tags per resource – 50 + For each resource, each tag key must be unique, and each tag key can have only one value. + Maximum key length – 128 Unicode characters in UTF-8 + Maximum value length – 256 Unicode characters in UTF-8 + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: \$1 - = . \$1 : / @. + Tag keys and values are case-sensitive. + Do not use `aws:`, `AWS:`, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-eks-addon-tag-key)" : String, "[Value](#cfn-eks-addon-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-eks-addon-tag-key): String [Value](#cfn-eks-addon-tag-value): String ``` ## Properties `Key` One part of a key-value pair that make up a tag. A `key` is a general label that acts like a category for more specific tag values. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `127` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The optional part of a key-value pair that make up a tag. A `value` acts as a descriptor within a tag category (key). *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `255` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples ### #### JSON ``` "Tags" : [ { "Key" : "keyname1", "Value" : "value1" }, { "Key" : "keyname2", "Value" : "value2" } ] ``` #### YAML ``` Tags: - Key: "keyname1" Value: "value1" - Key: "keyname2" Value: "value2" ``` ## See also + [Setting CloudFormation stack options](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-add-tags.html) + [Viewing CloudFormation stack data and resources on the AWS Management Console](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-view-stack-data-resources.html)