class FargateCluster (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.EKS.FargateCluster |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awseks#FargateCluster |
 Java | software.amazon.awscdk.services.eks.FargateCluster |
 Python | aws_cdk.aws_eks.FargateCluster |
 TypeScript (source) | aws-cdk-lib » aws_eks » FargateCluster |
Implements
IConstruct, IDependable, IResource, ICluster, IConnectable
Defines an EKS cluster that runs entirely on AWS Fargate.
The cluster is created with a default Fargate Profile that matches the
"default" and "kube-system" namespaces. You can add additional profiles using
addFargateProfile.
Example
const cluster = new eks.FargateCluster(this, 'MyCluster', {
version: eks.KubernetesVersion.V1_31,
});
Initializer
new FargateCluster(scope: Construct, id: string, props: FargateClusterProps)
Parameters
- scope
Construct - id
string - props
FargateCluster Props
Construct Props
| Name | Type | Description |
|---|---|---|
| version | Kubernetes | The Kubernetes version to run in the cluster. |
| alb | Alb | Install the AWS Load Balancer Controller onto the cluster. |
| authentication | Authentication | The desired authentication mode for the cluster. |
| awscli | ILayer | An AWS Lambda layer that contains the aws CLI. |
| cluster | { [string]: string } | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. |
| cluster | ISecurity | A security group to associate with the Cluster Handler's Lambdas. |
| cluster | Cluster[] | The cluster log types which you want to enable. |
| cluster | string | Name for the cluster. |
| core | Core | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. |
| default | Fargate | Fargate Profile to create along with the cluster. |
| endpoint | Endpoint | Configure access to the Kubernetes API server endpoint.. |
| ip | Ip | Specify which IP family is used to assign Kubernetes pod and service IP addresses. |
| kubectl | { [string]: string } | Environment variables for the kubectl execution. |
| kubectl | ILayer | An AWS Lambda Layer which includes kubectl and Helm. |
| kubectl | Size | Amount of memory to allocate to the provider's lambda function. |
| masters | IRole | An IAM role that will be added to the system:masters Kubernetes RBAC group. |
| on | ILayer | An AWS Lambda Layer which includes the NPM dependency proxy-agent. |
| output | boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. |
| output | boolean | Determines whether a CloudFormation output with the aws eks update-kubeconfig command will be synthesized. |
| output | boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if mastersRole is specified). |
| place | boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the vpcSubnets selection strategy. |
| prune? | boolean | Indicates whether Kubernetes resources added through addManifest() can be automatically pruned. |
| role? | IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. |
| secrets | IKey | KMS secret for envelope encryption for Kubernetes secrets. |
| security | ISecurity | Security Group to use for Control Plane ENIs. |
| service | string | The CIDR block to assign Kubernetes service IP addresses from. |
| vpc? | IVpc | The VPC in which to create the Cluster. |
| vpc | Subnet[] | Where to place EKS Control Plane ENIs. |
version
Type:
Kubernetes
The Kubernetes version to run in the cluster.
albController?
Type:
Alb
(optional, default: The controller is not installed.)
Install the AWS Load Balancer Controller onto the cluster.
See also: https://kubernetes-sigs.github.io/aws-load-balancer-controller
authenticationMode?
Type:
Authentication
(optional, default: AuthenticationMode.CONFIG_MAP)
The desired authentication mode for the cluster.
awscliLayer?
Type:
ILayer
(optional, default: a default layer with the AWS CLI 1.x)
An AWS Lambda layer that contains the aws CLI.
The handler expects the layer to include the following executables:
/opt/awscli/aws
clusterHandlerEnvironment?
Type:
{ [string]: string }
(optional, default: No environment variables.)
Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle.
clusterHandlerSecurityGroup?
Type:
ISecurity
(optional, default: No security group.)
A security group to associate with the Cluster Handler's Lambdas.
The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.
Requires placeClusterHandlerInVpc to be set to true.
clusterLogging?
Type:
Cluster[]
(optional, default: none)
The cluster log types which you want to enable.
clusterName?
Type:
string
(optional, default: Automatically generated name)
Name for the cluster.
coreDnsComputeType?
Type:
Core
(optional, default: CoreDnsComputeType.EC2 (for FargateCluster the default is FARGATE))
Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS.
defaultProfile?
Type:
Fargate
(optional, default: A profile called "default" with 'default' and 'kube-system'
selectors will be created if this is left undefined.)
Fargate Profile to create along with the cluster.
endpointAccess?
Type:
Endpoint
(optional, default: EndpointAccess.PUBLIC_AND_PRIVATE)
Configure access to the Kubernetes API server endpoint..
See also: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
ipFamily?
Type:
Ip
(optional, default: IpFamily.IP_V4)
Specify which IP family is used to assign Kubernetes pod and service IP addresses.
kubectlEnvironment?
Type:
{ [string]: string }
(optional, default: No environment variables.)
Environment variables for the kubectl execution.
Only relevant for kubectl enabled clusters.
kubectlLayer?
Type:
ILayer
(optional, default: a default layer with Kubectl 1.20.)
An AWS Lambda Layer which includes kubectl and Helm.
This layer is used by the kubectl handler to apply manifests and install
helm charts. You must pick an appropriate releases of one of the
@aws-cdk/layer-kubectl-vXX packages, that works with the version of
Kubernetes you have chosen. If you don't supply this value kubectl
1.20 will be used, but that version is most likely too old.
The handler expects the layer to include the following executables:
/opt/helm/helm
/opt/kubectl/kubectl
kubectlMemory?
Type:
Size
(optional, default: Size.gibibytes(1))
Amount of memory to allocate to the provider's lambda function.
mastersRole?
Type:
IRole
(optional, default: no masters role.)
An IAM role that will be added to the system:masters Kubernetes RBAC group.
See also: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings
onEventLayer?
Type:
ILayer
(optional, default: a layer bundled with this module.)
An AWS Lambda Layer which includes the NPM dependency proxy-agent.
This layer is used by the onEvent handler to route AWS SDK requests through a proxy.
By default, the provider will use the layer included in the "aws-lambda-layer-node-proxy-agent" SAR application which is available in all commercial regions.
To deploy the layer locally define it in your app as follows:
const layer = new lambda.LayerVersion(this, 'proxy-agent-layer', {
code: lambda.Code.fromAsset(`${__dirname}/layer.zip`),
compatibleRuntimes: [lambda.Runtime.NODEJS_LATEST],
});
outputClusterName?
Type:
boolean
(optional, default: false)
Determines whether a CloudFormation output with the name of the cluster will be synthesized.
outputConfigCommand?
Type:
boolean
(optional, default: true)
Determines whether a CloudFormation output with the aws eks update-kubeconfig command will be synthesized.
This command will include the cluster name and, if applicable, the ARN of the masters IAM role.
outputMastersRoleArn?
Type:
boolean
(optional, default: false)
Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if mastersRole is specified).
placeClusterHandlerInVpc?
Type:
boolean
(optional, default: false)
If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the vpcSubnets selection strategy.
prune?
Type:
boolean
(optional, default: true)
Indicates whether Kubernetes resources added through addManifest() can be automatically pruned.
When this is enabled (default), prune labels will be
allocated and injected to each resource. These labels will then be used
when issuing the kubectl apply operation with the --prune switch.
role?
Type:
IRole
(optional, default: A role is automatically created for you)
Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
secretsEncryptionKey?
Type:
IKey
(optional, default: By default, Kubernetes stores all secret object data within etcd and
all etcd volumes used by Amazon EKS are encrypted at the disk-level
using AWS-Managed encryption keys.)
KMS secret for envelope encryption for Kubernetes secrets.
securityGroup?
Type:
ISecurity
(optional, default: A security group is automatically created)
Security Group to use for Control Plane ENIs.
serviceIpv4Cidr?
Type:
string
(optional, default: Kubernetes assigns addresses from either the
10.100.0.0/16 or 172.20.0.0/16 CIDR blocks)
The CIDR block to assign Kubernetes service IP addresses from.
vpc?
Type:
IVpc
(optional, default: a VPC with default configuration will be created and can be accessed through cluster.vpc.)
The VPC in which to create the Cluster.
vpcSubnets?
Type:
Subnet[]
(optional, default: All public and private subnets)
Where to place EKS Control Plane ENIs.
For example, to only select private subnets, supply the following:
vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }]
Properties
| Name | Type | Description |
|---|---|---|
| admin | Role | An IAM role with administrative permissions to create or update the cluster. |
| aws | Aws | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. |
| cluster | string | The AWS generated ARN for the Cluster resource. |
| cluster | string | The certificate-authority-data for your cluster. |
| cluster | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). |
| cluster | string | The endpoint URL for the Cluster. |
| cluster | string | The Name of the created EKS Cluster. |
| cluster | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. |
| cluster | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. |
| cluster | ISecurity | The cluster security group that was created by Amazon EKS for the cluster. |
| cluster | string | The id of the cluster security group that was created by Amazon EKS for the cluster. |
| connections | Connections | Manages connection rules (Security Group Rules) for the cluster. |
| default | Fargate | Fargate Profile that was created with the cluster. |
| env | Resource | The environment this resource belongs to. |
| node | Node | The tree node. |
| open | IOpen | An OpenIdConnectProvider resource associated with this cluster, and which can be used to link this cluster to AWS IAM. |
| prune | boolean | Determines if Kubernetes resources can be pruned automatically. |
| role | IRole | IAM role assumed by the EKS Control Plane. |
| stack | Stack | The stack in which this resource is defined. |
| vpc | IVpc | The VPC in which this Cluster was created. |
| alb | Alb | The ALB Controller construct defined for this cluster. |
| authentication | Authentication | The authentication mode for the Amazon EKS cluster. |
| awscli | ILayer | An AWS Lambda layer that contains the aws CLI. |
| cluster | ISecurity | A security group to associate with the Cluster Handler's Lambdas. |
| default | Auto | The auto scaling group that hosts the default capacity for this cluster. |
| default | Nodegroup | The node group that hosts the default capacity for this cluster. |
| eks | IAddon | Retrieves the EKS Pod Identity Agent addon for the EKS cluster. |
| ip | Ip | Specify which IP family is used to assign Kubernetes pod and service IP addresses. |
| kubectl | { [string]: string } | Custom environment variables when running kubectl against this cluster. |
| kubectl | IRole | An IAM role that can perform kubectl operations against this cluster. |
| kubectl | ILayer | An AWS Lambda layer that includes kubectl and helm. |
| kubectl | Size | The amount of memory allocated to the kubectl provider's lambda function. |
| kubectl | ISubnet[] | Subnets to host the kubectl compute resources. |
| kubectl | IRole | An IAM role that can perform kubectl operations against this cluster. |
| kubectl | ISecurity | A security group to use for kubectl execution. |
| on | ILayer | The AWS Lambda layer that contains the NPM dependency proxy-agent. |
adminRole
Type:
Role
An IAM role with administrative permissions to create or update the cluster.
This role also has systems:master permissions.
awsAuth
Type:
Aws
Lazily creates the AwsAuth resource, which manages AWS authentication mapping.
clusterArn
Type:
string
The AWS generated ARN for the Cluster resource.
For example, arn:aws:eks:us-west-2:666666666666:cluster/prod
clusterCertificateAuthorityData
Type:
string
The certificate-authority-data for your cluster.
clusterEncryptionConfigKeyArn
Type:
string
Amazon Resource Name (ARN) or alias of the customer master key (CMK).
clusterEndpoint
Type:
string
The endpoint URL for the Cluster.
This is the URL inside the kubeconfig file to use with kubectl
For example, https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com
clusterName
Type:
string
The Name of the created EKS Cluster.
clusterOpenIdConnectIssuer
Type:
string
If this cluster is kubectl-enabled, returns the OpenID Connect issuer.
This is because the values is only be retrieved by the API and not exposed
by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the
stock CfnCluster), this is undefined.
clusterOpenIdConnectIssuerUrl
Type:
string
If this cluster is kubectl-enabled, returns the OpenID Connect issuer url.
This is because the values is only be retrieved by the API and not exposed
by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the
stock CfnCluster), this is undefined.
clusterSecurityGroup
Type:
ISecurity
The cluster security group that was created by Amazon EKS for the cluster.
clusterSecurityGroupId
Type:
string
The id of the cluster security group that was created by Amazon EKS for the cluster.
connections
Type:
Connections
Manages connection rules (Security Group Rules) for the cluster.
defaultProfile
Type:
Fargate
Fargate Profile that was created with the cluster.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
openIdConnectProvider
Type:
IOpen
An OpenIdConnectProvider resource associated with this cluster, and which can be used to link this cluster to AWS IAM.
A provider will only be defined if this property is accessed (lazy initialization).
prune
Type:
boolean
Determines if Kubernetes resources can be pruned automatically.
role
Type:
IRole
IAM role assumed by the EKS Control Plane.
stack
Type:
Stack
The stack in which this resource is defined.
vpc
Type:
IVpc
The VPC in which this Cluster was created.
albController?
Type:
Alb
(optional)
The ALB Controller construct defined for this cluster.
Will be undefined if albController wasn't configured.
authenticationMode?
Type:
Authentication
(optional, default: CONFIG_MAP.)
The authentication mode for the Amazon EKS cluster.
The authentication mode determines how users and applications authenticate to the Kubernetes API server.
awscliLayer?
Type:
ILayer
(optional)
An AWS Lambda layer that contains the aws CLI.
If not defined, a default layer will be used containing the AWS CLI 1.x.
clusterHandlerSecurityGroup?
Type:
ISecurity
(optional, default: No security group.)
A security group to associate with the Cluster Handler's Lambdas.
The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.
Requires placeClusterHandlerInVpc to be set to true.
defaultCapacity?
Type:
Auto
(optional)
The auto scaling group that hosts the default capacity for this cluster.
This will be undefined if the defaultCapacityType is not EC2 or
defaultCapacityType is EC2 but default capacity is set to 0.
defaultNodegroup?
Type:
Nodegroup
(optional)
The node group that hosts the default capacity for this cluster.
This will be undefined if the defaultCapacityType is EC2 or
defaultCapacityType is NODEGROUP but default capacity is set to 0.
eksPodIdentityAgent?
Type:
IAddon
(optional)
Retrieves the EKS Pod Identity Agent addon for the EKS cluster.
The EKS Pod Identity Agent is responsible for managing the temporary credentials used by pods in the cluster to access AWS resources. It runs as a DaemonSet on each node and provides the necessary credentials to the pods based on their associated service account.
ipFamily?
Type:
Ip
(optional, default: IpFamily.IP_V4)
Specify which IP family is used to assign Kubernetes pod and service IP addresses.
kubectlEnvironment?
Type:
{ [string]: string }
(optional)
Custom environment variables when running kubectl against this cluster.
kubectlLambdaRole?
Type:
IRole
(optional, default: if not specified, the default role created by a lambda function will
be used.)
An IAM role that can perform kubectl operations against this cluster.
The role should be mapped to the system:masters Kubernetes RBAC role.
This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.
kubectlLayer?
Type:
ILayer
(optional)
An AWS Lambda layer that includes kubectl and helm.
If not defined, a default layer will be used containing Kubectl 1.20 and Helm 3.8
kubectlMemory?
Type:
Size
(optional)
The amount of memory allocated to the kubectl provider's lambda function.
kubectlPrivateSubnets?
Type:
ISubnet[]
(optional, default: If not specified, the k8s endpoint is expected to be accessible
publicly.)
Subnets to host the kubectl compute resources.
kubectlRole?
Type:
IRole
(optional)
An IAM role that can perform kubectl operations against this cluster.
The role should be mapped to the system:masters Kubernetes RBAC role.
kubectlSecurityGroup?
Type:
ISecurity
(optional, default: If not specified, the k8s endpoint is expected to be accessible
publicly.)
A security group to use for kubectl execution.
onEventLayer?
Type:
ILayer
(optional)
The AWS Lambda layer that contains the NPM dependency proxy-agent.
If undefined, a SAR app that contains this layer will be used.
Methods
| Name | Description |
|---|---|
| add | Add nodes to this EKS cluster. |
| add | Defines a CDK8s chart in this cluster. |
| add | Adds a Fargate profile to this cluster. |
| add | Defines a Helm chart in this cluster. |
| add | Defines a Kubernetes resource in this cluster. |
| add | Add managed nodegroup to this Amazon EKS cluster. |
| add | Creates a new service account with corresponding IAM Role (IRSA). |
| apply | Apply the given removal policy to this resource. |
| connect | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. |
| get | Fetch the load balancer address of an ingress backed by a load balancer. |
| get | Fetch the load balancer address of a service of type 'LoadBalancer'. |
| grant | Grants the specified IAM principal access to the EKS cluster based on the provided access policies. |
| to | Returns a string representation of this construct. |
addAutoScalingGroupCapacity(id, options)
public addAutoScalingGroupCapacity(id: string, options: AutoScalingGroupCapacityOptions): AutoScalingGroup
Parameters
- id
string - options
AutoScaling Group Capacity Options
Returns
Add nodes to this EKS cluster.
The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version.
Note that if you specify updateType: RollingUpdate or updateType: ReplacingUpdate, your nodes might be replaced at deploy
time without notice in case the recommended AMI for your machine image type has been updated by AWS.
The default behavior for updateType is None, which means only new instances will be launched using the new AMI.
Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule.
In addition, the spot interrupt handler
daemon will be installed on all spot instances to handle
EC2 Spot Instance Termination Notices.
addCdk8sChart(id, chart, options?)
public addCdk8sChart(id: string, chart: Construct, options?: KubernetesManifestOptions): KubernetesManifest
Parameters
- id
string— logical id of this chart. - chart
Construct— the cdk8s chart. - options
KubernetesManifest Options
Returns
Defines a CDK8s chart in this cluster.
addFargateProfile(id, options)
public addFargateProfile(id: string, options: FargateProfileOptions): FargateProfile
Parameters
- id
string— the id of this profile. - options
Fargate— profile options.Profile Options
Returns
Adds a Fargate profile to this cluster.
See also: https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html
addHelmChart(id, options)
public addHelmChart(id: string, options: HelmChartOptions): HelmChart
Parameters
- id
string— logical id of this chart. - options
Helm— options of this chart.Chart Options
Returns
Defines a Helm chart in this cluster.
addManifest(id, ...manifest)
public addManifest(id: string, ...manifest: { [string]: any }[]): KubernetesManifest
Parameters
- id
string— logical id of this manifest. - manifest
{ [string]: any }— a list of Kubernetes resource specifications.
Returns
Defines a Kubernetes resource in this cluster.
The manifest will be applied/deleted using kubectl as needed.
addNodegroupCapacity(id, options?)
public addNodegroupCapacity(id: string, options?: NodegroupOptions): Nodegroup
Parameters
- id
string— The ID of the nodegroup. - options
Nodegroup— options for creating a new nodegroup.Options
Returns
Add managed nodegroup to this Amazon EKS cluster.
This method will create a new managed nodegroup and add into the capacity.
See also: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
addServiceAccount(id, options?)
public addServiceAccount(id: string, options?: ServiceAccountOptions): ServiceAccount
Parameters
- id
string - options
ServiceAccount Options
Returns
Creates a new service account with corresponding IAM Role (IRSA).
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
connectAutoScalingGroupCapacity(autoScalingGroup, options)
public connectAutoScalingGroupCapacity(autoScalingGroup: AutoScalingGroup, options: AutoScalingGroupOptions): void
Parameters
- autoScalingGroup
Auto— [disable-awslint:ref-via-interface].Scaling Group - options
Auto— options for adding auto scaling groups, like customizing the bootstrap script.Scaling Group Options
Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.
The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration.
Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule.
If kubectl is enabled, the
spot interrupt handler
daemon will be installed on all spot instances to handle
EC2 Spot Instance Termination Notices.
Prefer to use addAutoScalingGroupCapacity if possible.
See also: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
getIngressLoadBalancerAddress(ingressName, options?)
public getIngressLoadBalancerAddress(ingressName: string, options?: IngressLoadBalancerAddressOptions): string
Parameters
- ingressName
string— The name of the ingress. - options
Ingress— Additional operation options.Load Balancer Address Options
Returns
string
Fetch the load balancer address of an ingress backed by a load balancer.
getServiceLoadBalancerAddress(serviceName, options?)
public getServiceLoadBalancerAddress(serviceName: string, options?: ServiceLoadBalancerAddressOptions): string
Parameters
- serviceName
string— The name of the service. - options
Service— Additional operation options.Load Balancer Address Options
Returns
string
Fetch the load balancer address of a service of type 'LoadBalancer'.
grantAccess(id, principal, accessPolicies)
public grantAccess(id: string, principal: string, accessPolicies: IAccessPolicy[]): void
Parameters
- id
string— - The ID of theAccessEntryconstruct to be created. - principal
string— - The IAM principal (role or user) to be granted access to the EKS cluster. - accessPolicies
IAccessPolicy []— - An array ofIAccessPolicyobjects that define the access permissions to be granted to the IAM principal.
Grants the specified IAM principal access to the EKS cluster based on the provided access policies.
This method creates an AccessEntry construct that grants the specified IAM principal the access permissions
defined by the provided IAccessPolicy array. This allows the IAM principal to perform the actions permitted
by the access policies within the EKS cluster.
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.