AWS::EKS::FargateProfile - Amazon CloudFormation
SyntaxPropertiesReturn valuesRemarksExamplesSee also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::EKS::FargateProfile

Creates an Amazon Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.

The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.

When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes Role Based Access Control (RBAC) for authorization so that the kubelet that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see Pod Execution Role in the Amazon EKS User Guide.

Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.

If any Fargate profiles in a cluster are in the DELETING status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.

For more information, see Amazon Fargate profile in the Amazon EKS User Guide.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::EKS::FargateProfile",
  "Properties" : {
      "ClusterName" : String,
      "FargateProfileName" : String,
      "PodExecutionRoleArn" : String,
      "Selectors" : [ Selector, ... ],
      "Subnets" : [ String, ... ],
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::EKS::FargateProfile
Properties:
  ClusterName: String
  FargateProfileName: String
  PodExecutionRoleArn: String
  Selectors: 
    - Selector
  Subnets: 
    - String
  Tags: 
    - Tag

Properties

ClusterName

The name of your cluster.

Required: Yes

Type: String

Minimum: 1

Update requires: Replacement

FargateProfileName

The name of the Fargate profile.

Required: No

Type: String

Minimum: 1

Update requires: Replacement

PodExecutionRoleArn

The Amazon Resource Name (ARN) of the Pod execution role to use for a Pod that matches the selectors in the Fargate profile. The Pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. For more information, see Pod execution role in the Amazon EKS User Guide.

Required: Yes

Type: String

Minimum: 1

Update requires: Replacement

Selectors

The selectors to match for a Pod to use this Fargate profile. Each selector must have an associated Kubernetes namespace. Optionally, you can also specify labels for a namespace. You may specify up to five selectors in a Fargate profile.

Required: Yes

Type: Array of Selector

Minimum: 1

Update requires: Replacement

Subnets

The IDs of subnets to launch a Pod into. A Pod running on Fargate isn't assigned a public IP address, so only private subnets (with no direct route to an Internet Gateway) are accepted for this parameter.

Required: No

Type: Array of String

Update requires: Replacement

Tags

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon resources.

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name. For example:

{ "Ref": "myFargateProfile" }

For the Fargate profilemyFargateProfile, Ref returns the physical resource ID of the Fargate profile. For example, <cluster-name>/<Fargate_profile_name>.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:fargateprofile/myCluster/myFargateProfile/1cb1a11a-1dc1-1d11-cf11-1111f11fa111.

Remarks

Creating a Fargate profile and identity provider config resources in the same template.

If Amazon CloudFormation attempts to create both resources at the same time, resource creation fails. If you want to create both resources in the same template, then add the DependsOn property in your template, as shown in the examples.

Examples

Create a Fargate profile

The following example creates a Fargate profile for pods deployed to a namespace with the name my-namespace that have a label with a key value pair assigned to them. If you're not creating an EKSIdpConfig in the same template, remove the "DependsOn" line in the following example. For more information, see AWS::EKS::IdentityProviderConfig.

JSON

{
   "Resources" : {
      "EKSFargateProfile" : {
         "DependsOn" : "EKSIdpConfig",
         "Type" : "AWS::EKS::FargateProfile",
         "Properties" : {
            "FargateProfileName" : "my-fargate-profile",
            "ClusterName" : "my-cluster",
            "PodExecutionRoleArn" : "arn:aws:iam::012345678910:role/AmazonEKSFargatePodExecutionRole",
            "Subnets" : [ "subnet-6782e71e", "subnet-e7e761ac" ],
            "Selectors" : [
               {
                  "Namespace" : "my-namespace",
                  "Labels" : [
                     {
                        "Key" : "my-key",
                        "Value" : "my-value"
                     }
                  ]
               }
            ]
         }
      }
   }
}

YAML

Resources:
  EKSFargateProfile:
    DependsOn: EKSIdpConfig
    Type: 'AWS::EKS::FargateProfile'
    Properties:
      FargateProfileName: my-fargate-profile
      ClusterName: my-cluster
      PodExecutionRoleArn: 'arn:aws:iam::012345678910:role/AmazonEKSFargatePodExecutionRole'
      Subnets:
        - subnet-6782e71e
        - subnet-e7e761ac
      Selectors:
        - Namespace: my-namespace
          Labels:
            - Key: my-key
              Value: my-value

See also