This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html).

# AWS::EKS::Cluster Provider
<a name="aws-properties-eks-cluster-provider"></a>

Identifies the Amazon Key Management Service (Amazon KMS) key used to encrypt the secrets.

## Syntax
<a name="aws-properties-eks-cluster-provider-syntax"></a>

To declare this entity in your Amazon CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-eks-cluster-provider-syntax.json"></a>

```
{
  "[KeyArn](#cfn-eks-cluster-provider-keyarn)" : String
}
```

### YAML
<a name="aws-properties-eks-cluster-provider-syntax.yaml"></a>

```
  [KeyArn](#cfn-eks-cluster-provider-keyarn): String
```

## Properties
<a name="aws-properties-eks-cluster-provider-properties"></a>

`KeyArn`  <a name="cfn-eks-cluster-provider-keyarn"></a>
Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric and created in the same Amazon Web Services Region as the cluster. If the KMS key was created in a different account, the [IAM principal](https://docs.amazonaws.cn/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) must have access to the KMS key. For more information, see [Allowing users in other accounts to use a KMS key](https://docs.amazonaws.cn/kms/latest/developerguide/key-policy-modifying-external-accounts.html) in the *Amazon Key Management Service Developer Guide*.  
*Required*: No  
*Type*: String  
*Update requires*: [Replacement](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)