UpdateClusterConfig - Amazon EKS
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

UpdateClusterConfig

Updates an Amazon EKS cluster configuration. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with DescribeUpdate"/>.

You can use this API operation to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster control plane logs in the Amazon EKS User Guide .

Note

CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.

You can also use this API operation to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .

You can also use this API operation to choose different subnets and security groups for the cluster. You must specify at least two subnets that are in different Availability Zones. You can't change which VPC the subnets are from, the subnets must be in the same VPC as the subnets that the cluster was created with. For more information about the VPC requirements, see https://docs.amazonaws.cn/eks/latest/userguide/network_reqs.html in the Amazon EKS User Guide .

Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.

Request Syntax

POST /clusters/name/update-config HTTP/1.1 Content-type: application/json { "accessConfig": { "authenticationMode": "string" }, "clientRequestToken": "string", "logging": { "clusterLogging": [ { "enabled": boolean, "types": [ "string" ] } ] }, "resourcesVpcConfig": { "endpointPrivateAccess": boolean, "endpointPublicAccess": boolean, "publicAccessCidrs": [ "string" ], "securityGroupIds": [ "string" ], "subnetIds": [ "string" ] } }

URI Request Parameters

The request uses the following URI parameters.

name

The name of the Amazon EKS cluster to update.

Required: Yes

Request Body

The request accepts the following data in JSON format.

accessConfig

The access configuration for the cluster.

Type: UpdateAccessConfigRequest object

Required: No

clientRequestToken

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

Type: String

Required: No

logging

Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS cluster control plane logs in the Amazon EKS User Guide .

Note

CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.

Type: Logging object

Required: No

resourcesVpcConfig

An object representing the VPC configuration to use for an Amazon EKS cluster.

Type: VpcConfigRequest object

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "update": { "createdAt": number, "errors": [ { "errorCode": "string", "errorMessage": "string", "resourceIds": [ "string" ] } ], "id": "string", "params": [ { "type": "string", "value": "string" } ], "status": "string", "type": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

update

An object representing an asynchronous update.

Type: Update object

Errors

For information about the errors that are common to all actions, see Common Errors.

ClientException

These errors are usually caused by a client action. Actions can include using an action or resource on behalf of an IAM principal that doesn't have permissions to use the action or resource or specifying an identifier that is not valid.

HTTP Status Code: 400

InvalidParameterException

The specified parameter is invalid. Review the available parameters for the API request.

HTTP Status Code: 400

InvalidRequestException

The request is invalid given the state of the cluster. Check the state of the cluster and the associated operations.

HTTP Status Code: 400

ResourceInUseException

The specified resource is in use.

HTTP Status Code: 409

ResourceNotFoundException

The specified resource could not be found. You can view your available clusters with ListClusters. You can view your available managed node groups with ListNodegroups. Amazon EKS clusters and node groups are Amazon Web Services Region specific.

HTTP Status Code: 404

ServerException

These errors are usually caused by a server-side issue.

HTTP Status Code: 500

Examples

In the following example or examples, the Authorization header contents (AUTHPARAMS) must be replaced with an Amazon Signature Version 4 signature. For more information about creating these signatures, see Signature Version 4 Signing Process in the Amazon EKS General Reference.

You need to learn how to sign HTTP requests only if you intend to manually create them. When you use the Amazon Command Line Interface (Amazon CLI) or one of the Amazon SDKs to make requests to Amazon, these tools automatically sign the requests for you with the access key that you specify when you configure the tools. When you use these tools, you don't need to learn how to sign requests yourself.

Example

The following example disables the Amazon EKS public API server endpoint for the my-cluster cluster.

Sample Request

POST /clusters/my-cluster/update-config HTTP/1.1 Host: eks.us-west-2.amazonaws.com Accept-Encoding: identity User-Agent: aws-cli/1.16.56 Python/3.7.0 Darwin/17.7.0 botocore/1.12.46 X-Amz-Date: 20190228T215632Z Authorization: AUTHPARAMS { "resourcesVpcConfig": { "endpointPublicAccess": false }, "clientRequestToken": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" }

Sample Response

HTTP/1.1 200 OK Date: Thu, 28 Feb 2019 21:56:33 GMT Content-Type: application/json Content-Length: 254 x-amzn-RequestId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx x-amz-apigw-id: V1LanEMJPHcFvTg= X-Amzn-Trace-Id: Root=1-xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxx Connection: keep-alive { "update": { "id": "71abb011-b524-4983-b17f-c30baa1b5530", "status": "InProgress", "type": "EndpointAccessUpdate", "params": [ { "type": "EndpointPublicAccess", "value": "false" }, { "type": "EndpointPrivateAccess", "value": "true" } ], "createdAt": 1551390993.374, "errors": [] } }

Example

The following example enables exporting all cluster control plane logs to CloudWatch Logs.

Sample Request

POST /clusters/my-cluster/update-config HTTP/1.1 Host: eks.us-west-2.amazonaws.com Accept-Encoding: identity User-Agent: aws-cli/1.16.120 Python/3.7.0 Darwin/18.2.0 botocore/1.12.110 X-Amz-Date: 20190322T162335Z Authorization: AUTHPARAMS { "logging": { "clusterLogging": [ { "types": [ "api", "audit", "authenticator", "controllerManager", "scheduler" ], "enabled": true } ] }, "clientRequestToken": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" }

Sample Response

HTTP/1.1 200 OK Date: Fri, 22 Mar 2019 16:23:34 GMT Content-Type: application/json Content-Length: 313 x-amzn-RequestId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx x-amz-apigw-id: W87Q5HlCvHcFxDA= X-Amzn-Trace-Id: Root=1-xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxx Connection: keep-alive { "update": { "id": "883405c8-65c6-4758-8cee-2a7c1340a6d9", "status": "InProgress", "type": "LoggingUpdate", "params": [ { "type": "ClusterLogging", "value": "{\"clusterLogging\":[{\"types\":[\"api\",\"audit\",\"authenticator\",\"controllerManager\",\"scheduler\"],\"enabled\":true}]}" } ], "createdAt": 1553271814.684, "errors": [] } }

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: