KubectlProvider
- class aws_cdk.aws_eks.KubectlProvider(scope, id, *, cluster)
Bases:
NestedStack
Implementation of Kubectl Lambda.
- ExampleMetadata:
infused
Example:
handler_role = iam.Role.from_role_arn(self, "HandlerRole", "arn:aws:iam::123456789012:role/lambda-role") kubectl_provider = eks.KubectlProvider.from_kubectl_provider_attributes(self, "KubectlProvider", function_arn="arn:aws:lambda:us-east-2:123456789012:function:my-function:1", kubectl_role_arn="arn:aws:iam::123456789012:role/kubectl-role", handler_role=handler_role ) cluster = eks.Cluster.from_cluster_attributes(self, "Cluster", cluster_name="cluster", kubectl_provider=kubectl_provider )
Methods
- add_dependency(target, reason=None)
Add a dependency between this stack and another stack.
This can be used to define dependencies between any two stacks within an app, and also supports nested stacks.
- Parameters:
target (
Stack
) –reason (
Optional
[str
]) –
- Return type:
None
- add_docker_image_asset(*, source_hash, directory_name=None, docker_build_args=None, docker_build_target=None, docker_file=None, executable=None, network_mode=None, platform=None, repository_name=None)
(deprecated) Register a docker image asset on this Stack.
- Parameters:
source_hash (
str
) – The hash of the contents of the docker build context. This hash is used throughout the system to identify this image and avoid duplicate work in case the source did not change. NOTE: this means that if you wish to update your docker image, you must make a modification to the source (e.g. add some metadata to your Dockerfile).directory_name (
Optional
[str
]) – The directory where the Dockerfile is stored, must be relative to the cloud assembly root. Default: - Exactly one ofdirectoryName
andexecutable
is requireddocker_build_args (
Optional
[Mapping
[str
,str
]]) – Build args to pass to thedocker build
command. Since Docker build arguments are resolved before deployment, keys and values cannot refer to unresolved tokens (such aslambda.functionArn
orqueue.queueUrl
). Only allowed whendirectoryName
is specified. Default: - no build args are passeddocker_build_target (
Optional
[str
]) – Docker target to build to. Only allowed whendirectoryName
is specified. Default: - no targetdocker_file (
Optional
[str
]) – Path to the Dockerfile (relative to the directory). Only allowed whendirectoryName
is specified. Default: - no fileexecutable (
Optional
[Sequence
[str
]]) – An external command that will produce the packaged asset. The command should produce the name of a local Docker image onstdout
. Default: - Exactly one ofdirectoryName
andexecutable
is requirednetwork_mode (
Optional
[str
]) – Networking mode for the RUN commands during build. Requires Docker Engine API v1.25+. Specify this property to build images on a specific networking mode. Default: - no networking mode specifiedplatform (
Optional
[str
]) – Platform to build for. Requires Docker Buildx. Specify this property to build images on a specific platform. Default: - no platform specified (the current machine architecture will be used)repository_name (
Optional
[str
]) – (deprecated) ECR repository name. Specify this property if you need to statically address the image, e.g. from a Kubernetes Pod. Note, this is only the repository name, without the registry and the tag parts. Default: - automatically derived from the asset’s ID.
- Deprecated:
- Return type:
Use
stack.synthesizer.addDockerImageAsset()
if you are calling, and a differentIStackSynthesizer
class if you are implementing.- Stability:
deprecated
- add_file_asset(*, source_hash, executable=None, file_name=None, packaging=None)
(deprecated) Register a file asset on this Stack.
- Parameters:
source_hash (
str
) – A hash on the content source. This hash is used to uniquely identify this asset throughout the system. If this value doesn’t change, the asset will not be rebuilt or republished.executable (
Optional
[Sequence
[str
]]) – An external command that will produce the packaged asset. The command should produce the location of a ZIP file onstdout
. Default: - Exactly one ofdirectory
andexecutable
is requiredfile_name (
Optional
[str
]) – The path, relative to the root of the cloud assembly, in which this asset source resides. This can be a path to a file or a directory, depending on the packaging type. Default: - Exactly one ofdirectory
andexecutable
is requiredpackaging (
Optional
[FileAssetPackaging
]) – Which type of packaging to perform. Default: - Required iffileName
is specified.
- Deprecated:
- Return type:
Use
stack.synthesizer.addFileAsset()
if you are calling, and a different IStackSynthesizer class if you are implementing.- Stability:
deprecated
- add_transform(transform)
Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template.
Duplicate values are removed when stack is synthesized.
- Parameters:
transform (
str
) – The transform to add.- See:
- Return type:
None
Example:
# stack: Stack stack.add_transform("AWS::Serverless-2016-10-31")
- export_value(exported_value, *, name=None)
Create a CloudFormation Export for a value.
Returns a string representing the corresponding
Fn.importValue()
expression for this Export. You can control the name for the export by passing thename
option.If you don’t supply a value for
name
, the value you’re exporting must be a Resource attribute (for example:bucket.bucketName
) and it will be given the same name as the automatic cross-stack reference that would be created if you used the attribute in another Stack.One of the uses for this method is to remove the relationship between two Stacks established by automatic cross-stack references. It will temporarily ensure that the CloudFormation Export still exists while you remove the reference from the consuming stack. After that, you can remove the resource and the manual export.
Example
Here is how the process works. Let’s say there are two stacks,
producerStack
andconsumerStack
, andproducerStack
has a bucket calledbucket
, which is referenced byconsumerStack
(perhaps because an AWS Lambda Function writes into it, or something like that).It is not safe to remove
producerStack.bucket
because as the bucket is being deleted,consumerStack
might still be using it.Instead, the process takes two deployments:
Deployment 1: break the relationship
Make sure
consumerStack
no longer referencesbucket.bucketName
(maybe the consumer stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just remove the Lambda Function altogether).In the
ProducerStack
class, callthis.exportValue(this.bucket.bucketName)
. This will make sure the CloudFormation Export continues to exist while the relationship between the two stacks is being broken.Deploy (this will effectively only change the
consumerStack
, but it’s safe to deploy both).
Deployment 2: remove the bucket resource
You are now free to remove the
bucket
resource fromproducerStack
.Don’t forget to remove the
exportValue()
call as well.Deploy again (this time only the
producerStack
will be changed – the bucket will be deleted).
- Parameters:
exported_value (
Any
) –name (
Optional
[str
]) – The name of the export to create. Default: - A name is automatically chosen
- Return type:
str
- format_arn(*, resource, service, account=None, arn_format=None, partition=None, region=None, resource_name=None, sep=None)
Creates an ARN from components.
If
partition
,region
oraccount
are not specified, the stack’s partition, region and account will be used.If any component is the empty string, an empty string will be inserted into the generated ARN at the location that component corresponds to.
The ARN will be formatted as follows:
arn:{partition}:{service}:{region}:{account}:{resource}{sep}}{resource-name}
The required ARN pieces that are omitted will be taken from the stack that the ‘scope’ is attached to. If all ARN pieces are supplied, the supplied scope can be ‘undefined’.
- Parameters:
resource (
str
) – Resource type (e.g. “table”, “autoScalingGroup”, “certificate”). For some resource types, e.g. S3 buckets, this field defines the bucket name.service (
str
) – The service namespace that identifies the AWS product (for example, ‘s3’, ‘iam’, ‘codepipline’).account (
Optional
[str
]) – The ID of the AWS account that owns the resource, without the hyphens. For example, 123456789012. Note that the ARNs for some resources don’t require an account number, so this component might be omitted. Default: The account the stack is deployed to.arn_format (
Optional
[ArnFormat
]) – The specific ARN format to use for this ARN value. Default: - uses value ofsep
as the separator for formatting,ArnFormat.SLASH_RESOURCE_NAME
if that property was also not providedpartition (
Optional
[str
]) – The partition that the resource is in. For standard AWS regions, the partition is aws. If you have resources in other partitions, the partition is aws-partitionname. For example, the partition for resources in the China (Beijing) region is aws-cn. Default: The AWS partition the stack is deployed to.region (
Optional
[str
]) – The region the resource resides in. Note that the ARNs for some resources do not require a region, so this component might be omitted. Default: The region the stack is deployed to.resource_name (
Optional
[str
]) – Resource name or path within the resource (i.e. S3 bucket object key) or a wildcard such as"*"
. This is service-dependent.sep (
Optional
[str
]) – (deprecated) Separator between resource type and the resource. Can be either ‘/’, ‘:’ or an empty string. Will only be used if resourceName is defined. Default: ‘/’
- Return type:
str
- get_logical_id(element)
Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource.
This method is called when a
CfnElement
is created and used to render the initial logical identity of resources. Logical ID renames are applied at this stage.This method uses the protected method
allocateLogicalId
to render the logical ID for an element. To modify the naming scheme, extend theStack
class and override this method.- Parameters:
element (
CfnElement
) – The CloudFormation element for which a logical identity is needed.- Return type:
str
- parse_arn(arn, sep_if_token=None, has_name=None)
(deprecated) Given an ARN, parses it and returns components.
IF THE ARN IS A CONCRETE STRING…
…it will be parsed and validated. The separator (
sep
) will be set to ‘/’ if the 6th component includes a ‘/’, in which case,resource
will be set to the value before the ‘/’ andresourceName
will be the rest. In case there is no ‘/’,resource
will be set to the 6th components andresourceName
will be set to the rest of the string.IF THE ARN IS A TOKEN…
…it cannot be validated, since we don’t have the actual value yet at the time of this function call. You will have to supply
sepIfToken
and whether or not ARNs of the expected format usually have resource names in order to parse it properly. The resultingArnComponents
object will contain tokens for the subexpressions of the ARN, not string literals.If the resource name could possibly contain the separator char, the actual resource name cannot be properly parsed. This only occurs if the separator char is ‘/’, and happens for example for S3 object ARNs, IAM Role ARNs, IAM OIDC Provider ARNs, etc. To properly extract the resource name from a Tokenized ARN, you must know the resource type and call
Arn.extractResourceName
.- Parameters:
arn (
str
) – The ARN string to parse.sep_if_token (
Optional
[str
]) – The separator used to separate resource from resourceName.has_name (
Optional
[bool
]) – Whether there is a name component in the ARN at all. For example, SNS Topics ARNs have the ‘resource’ component contain the topic name, and no ‘resourceName’ component.
- Return type:
- Returns:
an ArnComponents object which allows access to the various components of the ARN.
- Deprecated:
use splitArn instead
- Stability:
deprecated
- regional_fact(fact_name, default_value=None)
Look up a fact value for the given fact for the region of this stack.
Will return a definite value only if the region of the current stack is resolved. If not, a lookup map will be added to the stack and the lookup will be done at CDK deployment time.
What regions will be included in the lookup map is controlled by the
@aws-cdk/core:target-partitions
context value: it must be set to a list of partitions, and only regions from the given partitions will be included. If no such context key is set, all regions will be included.This function is intended to be used by construct library authors. Application builders can rely on the abstractions offered by construct libraries and do not have to worry about regional facts.
If
defaultValue
is not given, it is an error if the fact is unknown for the given region.- Parameters:
fact_name (
str
) –default_value (
Optional
[str
]) –
- Return type:
str
- rename_logical_id(old_id, new_id)
Rename a generated logical identities.
To modify the naming scheme strategy, extend the
Stack
class and override theallocateLogicalId
method.- Parameters:
old_id (
str
) –new_id (
str
) –
- Return type:
None
- report_missing_context(*, key, props, provider)
(deprecated) DEPRECATED.
- Parameters:
key (
str
) – (deprecated) The missing context key.props (
Mapping
[str
,Any
]) – (deprecated) A set of provider-specific options. (This is the old untyped definition, which is necessary for backwards compatibility. See cxschema for a type definition.)provider (
str
) – (deprecated) The provider from which we expect this context key to be obtained. (This is the old untyped definition, which is necessary for backwards compatibility. See cxschema for a type definition.)
- Deprecated:
use
reportMissingContextKey()
- Stability:
deprecated
- Return type:
None
- report_missing_context_key(*, key, props, provider)
Indicate that a context key was expected.
Contains instructions which will be emitted into the cloud assembly on how the key should be supplied.
- Parameters:
key (
str
) – The missing context key.props (
Union
[AmiContextQuery
,Dict
[str
,Any
],AvailabilityZonesContextQuery
,HostedZoneContextQuery
,SSMParameterContextQuery
,VpcContextQuery
,EndpointServiceAvailabilityZonesContextQuery
,LoadBalancerContextQuery
,LoadBalancerListenerContextQuery
,SecurityGroupContextQuery
,KeyContextQuery
,PluginContextQuery
]) – A set of provider-specific options.provider (
ContextProvider
) – The provider from which we expect this context key to be obtained.
- Return type:
None
- resolve(obj)
Resolve a tokenized value in the context of the current stack.
- Parameters:
obj (
Any
) –- Return type:
Any
- set_parameter(name, value)
Assign a value to one of the nested stack parameters.
- Parameters:
name (
str
) – The parameter name (ID).value (
str
) – The value to assign.
- Return type:
None
- split_arn(arn, arn_format)
Splits the provided ARN into its components.
Works both if ‘arn’ is a string like ‘arn:aws:s3:::bucket’, and a Token representing a dynamic CloudFormation expression (in which case the returned components will also be dynamic CloudFormation expressions, encoded as Tokens).
- Parameters:
arn (
str
) – the ARN to split into its components.arn_format (
ArnFormat
) – the expected format of ‘arn’ - depends on what format the service ‘arn’ represents uses.
- Return type:
- to_json_string(obj, space=None)
Convert an object, potentially containing tokens, to a JSON string.
- Parameters:
obj (
Any
) –space (
Union
[int
,float
,None
]) –
- Return type:
str
- to_string()
Returns a string representation of this construct.
- Return type:
str
Attributes
- account
The AWS account into which this stack will be deployed.
This value is resolved according to the following rules:
The value provided to
env.account
when the stack is defined. This can either be a concerete account (e.g.585695031111
) or theAws.accountId
token.Aws.accountId
, which represents the CloudFormation intrinsic reference{ "Ref": "AWS::AccountId" }
encoded as a string token.
Preferably, you should use the return value as an opaque string and not attempt to parse it to implement your logic. If you do, you must first check that it is a concerete value an not an unresolved token. If this value is an unresolved token (
Token.isUnresolved(stack.account)
returnstrue
), this implies that the user wishes that this stack will synthesize into a account-agnostic template. In this case, your code should either fail (throw an error, emit a synth error usingAnnotations.of(construct).addError()
) or implement some other region-agnostic behavior.
- artifact_id
The ID of the cloud assembly artifact for this stack.
- availability_zones
Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack.
If the stack is environment-agnostic (either account and/or region are tokens), this property will return an array with 2 tokens that will resolve at deploy-time to the first two availability zones returned from CloudFormation’s
Fn::GetAZs
intrinsic function.If they are not available in the context, returns a set of dummy values and reports them as missing, and let the CLI resolve them by calling EC2
DescribeAvailabilityZones
on the target environment.To specify a different strategy for selecting availability zones override this method.
- bundling_required
Indicates whether the stack requires bundling or not.
- dependencies
Return the stacks this stack depends on.
- environment
The environment coordinates in which this stack is deployed.
In the form
aws://account/region
. Usestack.account
andstack.region
to obtain the specific values, no need to parse.You can use this value to determine if two stacks are targeting the same environment.
If either
stack.account
orstack.region
are not concrete values (e.g.Aws.account
orAws.region
) the special stringsunknown-account
and/orunknown-region
will be used respectively to indicate this stack is region/account-agnostic.
- handler_role
The IAM execution role of the handler.
- nested
Indicates if this is a nested stack, in which case
parentStack
will include a reference to it’s parent.
- nested_stack_parent
If this is a nested stack, returns it’s parent stack.
- nested_stack_resource
If this is a nested stack, this represents its
AWS::CloudFormation::Stack
resource.undefined
for top-level (non-nested) stacks.
- node
The construct tree node associated with this construct.
- notification_arns
Returns the list of notification Amazon Resource Names (ARNs) for the current stack.
- parent_stack
(deprecated) Returns the parent of a nested stack.
- Deprecated:
use
nestedStackParent
- Stability:
deprecated
- partition
The partition in which this stack is defined.
- region
The AWS region into which this stack will be deployed (e.g.
us-west-2
).This value is resolved according to the following rules:
The value provided to
env.region
when the stack is defined. This can either be a concerete region (e.g.us-west-2
) or theAws.region
token.Aws.region
, which is represents the CloudFormation intrinsic reference{ "Ref": "AWS::Region" }
encoded as a string token.
Preferably, you should use the return value as an opaque string and not attempt to parse it to implement your logic. If you do, you must first check that it is a concerete value an not an unresolved token. If this value is an unresolved token (
Token.isUnresolved(stack.region)
returnstrue
), this implies that the user wishes that this stack will synthesize into a region-agnostic template. In this case, your code should either fail (throw an error, emit a synth error usingAnnotations.of(construct).addError()
) or implement some other region-agnostic behavior.
- role_arn
The IAM role to assume in order to perform kubectl operations against this cluster.
- service_token
The custom resource provider’s service token.
- stack_id
An attribute that represents the ID of the stack.
This is a context aware attribute:
If this is referenced from the parent stack, it will return
{ "Ref": "LogicalIdOfNestedStackResource" }
.If this is referenced from the context of the nested stack, it will return
{ "Ref": "AWS::StackId" }
Example value:
arn:aws:cloudformation:us-east-2:123456789012:stack/mystack-mynestedstack-sggfrhxhum7w/f449b250-b969-11e0-a185-5081d0136786
- Attribute:
true
- stack_name
An attribute that represents the name of the nested stack.
This is a context aware attribute:
If this is referenced from the parent stack, it will return a token that parses the name from the stack ID.
If this is referenced from the context of the nested stack, it will return
{ "Ref": "AWS::StackName" }
Example value:
mystack-mynestedstack-sggfrhxhum7w
- Attribute:
true
- synthesizer
Synthesis method for this stack.
- tags
Tags to be applied to the stack.
- template_file
The name of the CloudFormation template file emitted to the output directory during synthesis.
Example value:
MyStack.template.json
- template_options
Options for CloudFormation template (like version, transform, description).
- termination_protection
Whether termination protection is enabled for this stack.
- url_suffix
The Amazon domain suffix for the region in which this stack is defined.
Static Methods
- classmethod from_kubectl_provider_attributes(scope, id, *, function_arn, handler_role, kubectl_role_arn)
Import an existing provider.
- Parameters:
scope (
Construct
) – Construct.id (
str
) – an id of resource.function_arn (
str
) – The kubectl provider lambda arn.handler_role (
IRole
) – The IAM execution role of the handler. This role must be able to assume kubectlRoleArnkubectl_role_arn (
str
) – The IAM role to assume in order to perform kubectl operations against this cluster.
- Return type:
- classmethod get_or_create(scope, cluster)
Take existing provider or create new based on cluster.
- Parameters:
- Return type:
- classmethod is_construct(x)
Return whether the given object is a Construct.
- Parameters:
x (
Any
) –- Return type:
bool
- classmethod is_nested_stack(x)
Checks if
x
is an object of typeNestedStack
.- Parameters:
x (
Any
) –- Return type:
bool
- classmethod is_stack(x)
Return whether the given object is a Stack.
We do attribute detection since we can’t reliably use ‘instanceof’.
- Parameters:
x (
Any
) –- Return type:
bool
- classmethod of(construct)
Looks up the first stack scope in which
construct
is defined.Fails if there is no stack up the tree.
- Parameters:
construct (
IConstruct
) – The construct to start the search from.- Return type: