---
title: Getting Started with Datadog
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog
---

# aws_eks_cluster{% #aws_eks_cluster %}

## `access_config`{% #access_config %}

**Type**: `STRUCT`**Provider name**: `accessConfig`**Description**: The access configuration for the cluster.

- `authentication_mode`**Type**: `STRING`**Provider name**: `authenticationMode`**Description**: The current authentication mode of the cluster.
- `bootstrap_cluster_creator_admin_permissions`**Type**: `BOOLEAN`**Provider name**: `bootstrapClusterCreatorAdminPermissions`**Description**: Specifies whether or not the cluster creator IAM principal was set as a cluster admin access entry during cluster creation time.

## `account_id`{% #account_id %}

**Type**: `STRING`

## `arn`{% #arn %}

**Type**: `STRING`**Provider name**: `arn`**Description**: The Amazon Resource Name (ARN) of the cluster.

## `certificate_authority`{% #certificate_authority %}

**Type**: `STRUCT`**Provider name**: `certificateAuthority`**Description**: The `certificate-authority-data` for your cluster.

- `data`**Type**: `STRING`**Provider name**: `data`**Description**: The Base64-encoded certificate data required to communicate with your cluster. Add this to the `certificate-authority-data` section of the `kubeconfig` file for your cluster.

## `client_request_token`{% #client_request_token %}

**Type**: `STRING`**Provider name**: `clientRequestToken`**Description**: A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

## `compute_config`{% #compute_config %}

**Type**: `STRUCT`**Provider name**: `computeConfig`**Description**: Indicates the current configuration of the compute capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account. For more information, see EKS Auto Mode compute capability in the EKS User Guide.

- `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Indicates if the compute capability is enabled on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
- `node_pools`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `nodePools`**Description**: Indicates the current configuration of node pools in your EKS Auto Mode cluster. For more information, see EKS Auto Mode Node Pools in the EKS User Guide.
- `node_role_arn`**Type**: `STRING`**Provider name**: `nodeRoleArn`**Description**: The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster.

## `connector_config`{% #connector_config %}

**Type**: `STRUCT`**Provider name**: `connectorConfig`**Description**: The configuration used to connect to a cluster for registration.

- `activation_code`**Type**: `STRING`**Provider name**: `activationCode`**Description**: A unique code associated with the cluster for registration purposes.
- `activation_expiry`**Type**: `TIMESTAMP`**Provider name**: `activationExpiry`**Description**: The expiration time of the connected cluster. The cluster's YAML file must be applied through the native provider.
- `activation_id`**Type**: `STRING`**Provider name**: `activationId`**Description**: A unique ID associated with the cluster for registration purposes.
- `provider`**Type**: `STRING`**Provider name**: `provider`**Description**: The cluster's cloud service provider.
- `role_arn`**Type**: `STRING`**Provider name**: `roleArn`**Description**: The Amazon Resource Name (ARN) of the role to communicate with services from the connected Kubernetes cluster.

## `created_at`{% #created_at %}

**Type**: `TIMESTAMP`**Provider name**: `createdAt`**Description**: The Unix epoch timestamp at object creation.

## `encryption_config`{% #encryption_config %}

**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `encryptionConfig`**Description**: The encryption configuration for the cluster.

- `provider`**Type**: `STRUCT`**Provider name**: `provider`**Description**: Key Management Service (KMS) key. Either the ARN or the alias can be used.
  - `key_arn`**Type**: `STRING`**Provider name**: `keyArn`**Description**: Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric and created in the same Amazon Web Services Region as the cluster. If the KMS key was created in a different account, the [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) must have access to the KMS key. For more information, see [Allowing users in other accounts to use a KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html) in the Key Management Service Developer Guide.
- `resources`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `resources`**Description**: Specifies the resources to be encrypted. The only supported value is `secrets`.

## `endpoint`{% #endpoint %}

**Type**: `STRING`**Provider name**: `endpoint`**Description**: The endpoint for your Kubernetes API server.

## `health`{% #health %}

**Type**: `STRUCT`**Provider name**: `health`**Description**: An object representing the health of your Amazon EKS cluster.

- `issues`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `issues`**Description**: An object representing the health issues of your Amazon EKS cluster.
  - `code`**Type**: `STRING`**Provider name**: `code`**Description**: The error code of the issue.
  - `message`**Type**: `STRING`**Provider name**: `message`**Description**: A description of the issue.
  - `resource_ids`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `resourceIds`**Description**: The resource IDs that the issue relates to.

## `id`{% #id %}

**Type**: `STRING`**Provider name**: `id`**Description**: The ID of your local Amazon EKS cluster on an Amazon Web Services Outpost. This property isn't available for an Amazon EKS cluster on the Amazon Web Services cloud.

## `identity`{% #identity %}

**Type**: `STRUCT`**Provider name**: `identity`**Description**: The identity provider information for the cluster.

- `oidc`**Type**: `STRUCT`**Provider name**: `oidc`**Description**: An object representing the [OpenID Connect](https://openid.net/connect/) identity provider information.
  - `issuer`**Type**: `STRING`**Provider name**: `issuer`**Description**: The issuer URL for the OIDC identity provider.

## `kubernetes_network_config`{% #kubernetes_network_config %}

**Type**: `STRUCT`**Provider name**: `kubernetesNetworkConfig`**Description**: The Kubernetes network configuration for the cluster.

- `elastic_load_balancing`**Type**: `STRUCT`**Provider name**: `elasticLoadBalancing`**Description**: Indicates the current configuration of the load balancing capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled.
  - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your Amazon Web Services account.
- `ip_family`**Type**: `STRING`**Provider name**: `ipFamily`**Description**: The IP family used to assign Kubernetes `Pod` and `Service` objects IP addresses. The IP family is always `ipv4`, unless you have a `1.21` or later cluster running version `1.10.1` or later of the Amazon VPC CNI plugin for Kubernetes and specified `ipv6` when you created the cluster.
- `service_ipv4_cidr`**Type**: `STRING`**Provider name**: `serviceIpv4Cidr`**Description**: The CIDR block that Kubernetes `Pod` and `Service` object IP addresses are assigned from. Kubernetes assigns addresses from an `IPv4` CIDR block assigned to a subnet that the node is in. If you didn't specify a CIDR block when you created the cluster, then Kubernetes assigns addresses from either the `10.100.0.0/16` or `172.20.0.0/16` CIDR blocks. If this was specified, then it was specified when the cluster was created and it can't be changed.
- `service_ipv6_cidr`**Type**: `STRING`**Provider name**: `serviceIpv6Cidr`**Description**: The CIDR block that Kubernetes pod and service IP addresses are assigned from if you created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and specified `ipv6` for ipFamily when you created the cluster. Kubernetes assigns service addresses from the unique local address range (`fc00::/7`) because you can't specify a custom IPv6 CIDR block when you create the cluster.

## `logging`{% #logging %}

**Type**: `STRUCT`**Provider name**: `logging`**Description**: The logging configuration for your cluster.

- `cluster_logging`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `clusterLogging`**Description**: The cluster control plane logging configuration for your cluster.
  - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: If a log type is enabled, that log type exports its control plane logs to CloudWatch Logs. If a log type isn't enabled, that log type doesn't export its control plane logs. Each individual log type can be enabled or disabled independently.
  - `types`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `types`**Description**: The available cluster control plane log types.

## `name`{% #name %}

**Type**: `STRING`**Provider name**: `name`**Description**: The name of your cluster.

## `outpost_config`{% #outpost_config %}

**Type**: `STRUCT`**Provider name**: `outpostConfig`**Description**: An object representing the configuration of your local Amazon EKS cluster on an Amazon Web Services Outpost. This object isn't available for clusters on the Amazon Web Services cloud.

- `control_plane_instance_type`**Type**: `STRING`**Provider name**: `controlPlaneInstanceType`**Description**: The Amazon EC2 instance type used for the control plane. The instance type is the same for all control plane instances.
- `control_plane_placement`**Type**: `STRUCT`**Provider name**: `controlPlanePlacement`**Description**: An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on an Amazon Web Services Outpost. For more information, see [Capacity considerations](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html) in the Amazon EKS User Guide.
  - `group_name`**Type**: `STRING`**Provider name**: `groupName`**Description**: The name of the placement group for the Kubernetes control plane instances.
- `outpost_arns`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `outpostArns`**Description**: The ARN of the Outpost that you specified for use with your local Amazon EKS cluster on Outposts.

## `platform_version`{% #platform_version %}

**Type**: `STRING`**Provider name**: `platformVersion`**Description**: The platform version of your Amazon EKS cluster. For more information about clusters deployed on the Amazon Web Services Cloud, see [Platform versions](https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html) in the Amazon EKS User Guide . For more information about local clusters deployed on an Outpost, see [Amazon EKS local cluster platform versions](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-platform-versions.html) in the Amazon EKS User Guide .

## `remote_network_config`{% #remote_network_config %}

**Type**: `STRUCT`**Provider name**: `remoteNetworkConfig`**Description**: The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this configuration after the cluster is created.

- `remote_node_networks`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `remoteNodeNetworks`**Description**: The list of network CIDRs that can contain hybrid nodes.
  - `cidrs`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `cidrs`**Description**: A network CIDR that can contain hybrid nodes. These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator. Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16`). It must satisfy the following requirements:
    - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported.
    - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.
    - Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including Transit Gateway, Site-to-Site VPN, or Direct Connect.
    - Each host must allow outbound connection to the EKS cluster control plane on TCP ports `443` and `10250`.
    - Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations.
    - Each host must allow TCP and UDP network connectivity to and from other hosts that are running `CoreDNS` on UDP port `53` for service and pod DNS names.
- `remote_pod_networks`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `remotePodNetworks`**Description**: The list of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.
  - `cidrs`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `cidrs`**Description**: A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes. These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations. Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16`). It must satisfy the following requirements:
    - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported.
    - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

## `resources_vpc_config`{% #resources_vpc_config %}

**Type**: `STRUCT`**Provider name**: `resourcesVpcConfig`**Description**: The VPC configuration used by the cluster control plane. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see [Cluster VPC considerations](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) and [Cluster security group considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the Amazon EKS User Guide.

- `cluster_security_group_id`**Type**: `STRING`**Provider name**: `clusterSecurityGroupId`**Description**: The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.
- `endpoint_private_access`**Type**: `BOOLEAN`**Provider name**: `endpointPrivateAccess`**Description**: This parameter indicates whether the Amazon EKS private API server endpoint is enabled. If the Amazon EKS private API server endpoint is enabled, Kubernetes API requests that originate from within your cluster's VPC use the private VPC endpoint instead of traversing the internet. If this value is disabled and you have nodes or Fargate pods in the cluster, then ensure that `publicAccessCidrs` includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the Amazon EKS User Guide .
- `endpoint_public_access`**Type**: `BOOLEAN`**Provider name**: `endpointPublicAccess`**Description**: Whether the public API server endpoint is enabled.
- `public_access_cidrs`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `publicAccessCidrs`**Description**: The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.
- `security_group_ids`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `securityGroupIds`**Description**: The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your nodes and the Kubernetes control plane.
- `subnet_ids`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `subnetIds`**Description**: The subnets associated with your cluster.
- `vpc_id`**Type**: `STRING`**Provider name**: `vpcId`**Description**: The VPC associated with your cluster.

## `role_arn`{% #role_arn %}

**Type**: `STRING`**Provider name**: `roleArn`**Description**: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to Amazon Web Services API operations on your behalf.

## `status`{% #status %}

**Type**: `STRING`**Provider name**: `status`**Description**: The current status of the cluster.

## `storage_config`{% #storage_config %}

**Type**: `STRUCT`**Provider name**: `storageConfig`**Description**: Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account. For more information, see EKS Auto Mode block storage capability in the EKS User Guide.

- `block_storage`**Type**: `STRUCT`**Provider name**: `blockStorage`**Description**: Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled.
  - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account.

## `tags`{% #tags %}

**Type**: `UNORDERED_LIST_STRING`

## `upgrade_policy`{% #upgrade_policy %}

**Type**: `STRUCT`**Provider name**: `upgradePolicy`**Description**: This value indicates if extended support is enabled or disabled for the cluster. [Learn more about EKS Extended Support in the EKS User Guide.](https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html)

- `support_type`**Type**: `STRING`**Provider name**: `supportType`**Description**: If the cluster is set to `EXTENDED`, it will enter extended support at the end of standard support. If the cluster is set to `STANDARD`, it will be automatically upgraded at the end of standard support. [Learn more about EKS Extended Support in the EKS User Guide.](https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html)

## `version`{% #version %}

**Type**: `STRING`**Provider name**: `version`**Description**: The Kubernetes server version for the cluster.

## `zonal_shift_config`{% #zonal_shift_config %}

**Type**: `STRUCT`**Provider name**: `zonalShiftConfig`**Description**: The configuration for zonal shift for the cluster.

- `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Whether the zonal shift is enabled.