Commit cc059c6
authored
feat(eks): add support for EC2, HYBRID_LINUX, and HYPERPOD_LINUX access entry types (#36350)
### Issue # (if applicable)
Closes #34394.
### Reason for this change
When provisioning an EKS cluster in Auto Mode with custom node roles, users need to grant the node role access to the cluster with the `EC2` access entry type. Currently, the `grantAccess()` method doesn't support specifying the access entry type, defaulting to `STANDARD`, which prevents nodes from joining Auto Mode clusters.
Additionally, the `AccessEntryType` enum is missing three CloudFormation-supported types: `EC2`, `HYBRID_LINUX`, and `HYPERPOD_LINUX`.
### Description of changes
This PR adds support for specifying access entry types in the `grantAccess()` method and extends the `AccessEntryType` enum with missing CloudFormation-supported values.
**Changes made**:
- Extended `AccessEntryType` enum with three new values:
- `EC2` - For EKS Auto Mode node roles
- `HYBRID_LINUX` - For EKS Hybrid Nodes
- `HYPERPOD_LINUX` - For Amazon SageMaker HyperPod
- Added optional `accessEntryType` parameter to `Cluster.grantAccess()` method
- Updated private `addToAccessEntry()` method to pass type through to AccessEntry constructor
- Applied changes to both `@aws-cdk/aws-eks-v2-alpha` (alpha) and `aws-cdk-lib/aws-eks` (stable) packages
**API changes**:
```typescript
// Before (still works - backward compatible)
cluster.grantAccess('MyAccess', roleArn, [policy]);
// After (new capability)
cluster.grantAccess('MyAccess', roleArn, [policy], AccessEntryType.EC2);
```
**CloudFormation impact**:
- When `accessEntryType` is provided: `Type` property is set in `AWS::EKS::AccessEntry`
- When `accessEntryType` is not provided: `Type` property remains undefined (backward compatible)
**No breaking changes**: This is a fully backward-compatible feature addition. The new parameter is optional and placed at the end of the method signature. All existing code continues to work without modification.
### Describe any new or updated permissions being added
N/A - No new IAM permissions required. This change only exposes existing CloudFormation access entry types through the CDK L2 API.
### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*1 parent fa4cd8b commit cc059c6
File tree
56 files changed
+10639
-30
lines changed- packages
- @aws-cdk-testing/framework-integ/test/aws-eks/test
- integ.eks-grant-access-with-type.js.snapshot
- asset.0dd0dd1ef89b3038f0deba816f45170e60083713fc97684a9ba1f076d529d46e
- asset.4ca2c8a263c5ac6ec1a067fe3cf77cd51e7190eda4e69f18591c506ede77323a
- asset.d671460286b61f85906debbcec5341ea4edad148fbc432b0663593611866728e
- apply
- get
- helm
- patch
- @aws-cdk/aws-eks-v2-alpha
- lib
- test
- integ.eks-grant-access-with-type.js.snapshot
- asset.379a97e43c3d01fdb08125fcff9c80a976a33da6287e25571deb51e72b5eeda9
- apply
- get
- helm
- patch
- asset.4ca2c8a263c5ac6ec1a067fe3cf77cd51e7190eda4e69f18591c506ede77323a
- aws-cdk-lib/aws-eks
- lib
- test
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
56 files changed
+10639
-30
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments