--- title: Getting Started with Datadog description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog --- # gcp_gkemulticloud_aws_cluster{% #gcp_gkemulticloud_aws_cluster %} ## `ancestors`{% #ancestors %} **Type**: `UNORDERED_LIST_STRING` ## `annotations`{% #annotations %} **Type**: `MAP_STRING_STRING`**Provider name**: `annotations`**Description**: Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. ## `authorization`{% #authorization %} **Type**: `STRUCT`**Provider name**: `authorization`**Description**: Required. Configuration related to the cluster RBAC settings. - `admin_groups`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `adminGroups`**Description**: Optional. Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) - `group`**Type**: `STRING`**Provider name**: `group`**Description**: Required. The name of the group, e.g. `my-group@domain.com`. - `admin_users`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `adminUsers`**Description**: Optional. Users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) - `username`**Type**: `STRING`**Provider name**: `username`**Description**: Required. The name of the user, e.g. `my-gcp-id@gmail.com`. ## `aws_region`{% #aws_region %} **Type**: `STRING`**Provider name**: `awsRegion`**Description**: Required. The AWS region where the cluster runs. Each Google Cloud region supports a subset of nearby AWS regions. You can call GetAwsServerConfig to list all supported AWS regions within a given Google Cloud region. ## `binary_authorization`{% #binary_authorization %} **Type**: `STRUCT`**Provider name**: `binaryAuthorization`**Description**: Optional. Binary Authorization configuration for this cluster. - `evaluation_mode`**Type**: `STRING`**Provider name**: `evaluationMode`**Description**: Mode of operation for binauthz policy evaluation. If unspecified, defaults to DISABLED.**Possible values**: - `EVALUATION_MODE_UNSPECIFIED` - Default value - `DISABLED` - Disable BinaryAuthorization - `PROJECT_SINGLETON_POLICY_ENFORCE` - Enforce Kubernetes admission requests with BinaryAuthorization using the project's singleton policy. ## `cluster_ca_certificate`{% #cluster_ca_certificate %} **Type**: `STRING`**Provider name**: `clusterCaCertificate`**Description**: Output only. PEM encoded x509 certificate of the cluster root of trust. ## `control_plane`{% #control_plane %} **Type**: `STRUCT`**Provider name**: `controlPlane`**Description**: Required. Configuration related to the cluster control plane. - `aws_services_authentication`**Type**: `STRUCT`**Provider name**: `awsServicesAuthentication`**Description**: Required. Authentication configuration for management of AWS resources. - `role_arn`**Type**: `STRING`**Provider name**: `roleArn`**Description**: Required. The Amazon Resource Name (ARN) of the role that the Anthos Multi-Cloud API will assume when managing AWS resources on your account. - `role_session_name`**Type**: `STRING`**Provider name**: `roleSessionName`**Description**: Optional. An identifier for the assumed role session. When unspecified, it defaults to `multicloud-service-agent`. - `config_encryption`**Type**: `STRUCT`**Provider name**: `configEncryption`**Description**: Required. Config encryption for user data. - `kms_key_arn`**Type**: `STRING`**Provider name**: `kmsKeyArn`**Description**: Required. The ARN of the AWS KMS key used to encrypt user data. - `database_encryption`**Type**: `STRUCT`**Provider name**: `databaseEncryption`**Description**: Required. The ARN of the AWS KMS key used to encrypt cluster secrets. - `kms_key_arn`**Type**: `STRING`**Provider name**: `kmsKeyArn`**Description**: Required. The ARN of the AWS KMS key used to encrypt cluster secrets. - `iam_instance_profile`**Type**: `STRING`**Provider name**: `iamInstanceProfile`**Description**: Required. The name or ARN of the AWS IAM instance profile to assign to each control plane replica. - `instance_placement`**Type**: `STRUCT`**Provider name**: `instancePlacement`**Description**: Optional. The placement to use on control plane instances. When unspecified, the VPC's default tenancy will be used. - `tenancy`**Type**: `STRING`**Provider name**: `tenancy`**Description**: Required. The tenancy for instance.**Possible values**: - `TENANCY_UNSPECIFIED` - Not set. - `DEFAULT` - Use default VPC tenancy. - `DEDICATED` - Run a dedicated instance. - `HOST` - Launch this instance to a dedicated host. - `instance_type`**Type**: `STRING`**Provider name**: `instanceType`**Description**: Optional. The AWS instance type. When unspecified, it uses a default based on the cluster's version. - `main_volume`**Type**: `STRUCT`**Provider name**: `mainVolume`**Description**: Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 8 GiB with the GP2 volume type. - `iops`**Type**: `INT32`**Provider name**: `iops`**Description**: Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume. - `kms_key_arn`**Type**: `STRING`**Provider name**: `kmsKeyArn`**Description**: Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used. - `size_gib`**Type**: `INT32`**Provider name**: `sizeGib`**Description**: Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource. - `throughput`**Type**: `INT32`**Provider name**: `throughput`**Description**: Optional. The throughput that the volume supports, in MiB/s. Only valid if volume_type is GP3. If the volume_type is GP3 and this is not specified, it defaults to 125. - `volume_type`**Type**: `STRING`**Provider name**: `volumeType`**Description**: Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume.**Possible values**: - `VOLUME_TYPE_UNSPECIFIED` - Not set. - `GP2` - GP2 (General Purpose SSD volume type). - `GP3` - GP3 (General Purpose SSD volume type). - `proxy_config`**Type**: `STRUCT`**Provider name**: `proxyConfig`**Description**: Optional. Proxy configuration for outbound HTTP(S) traffic. - `secret_arn`**Type**: `STRING`**Provider name**: `secretArn`**Description**: The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration. The secret must be a JSON encoded proxy configuration as described in [https://cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/how-to/use-a-proxy#create_a_proxy_configuration_file](https://cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/how-to/use-a-proxy#create_a_proxy_configuration_file) - `secret_version`**Type**: `STRING`**Provider name**: `secretVersion`**Description**: The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration. - `root_volume`**Type**: `STRUCT`**Provider name**: `rootVolume`**Description**: Optional. Configuration related to the root volume provisioned for each control plane replica. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type. - `iops`**Type**: `INT32`**Provider name**: `iops`**Description**: Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume. - `kms_key_arn`**Type**: `STRING`**Provider name**: `kmsKeyArn`**Description**: Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used. - `size_gib`**Type**: `INT32`**Provider name**: `sizeGib`**Description**: Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource. - `throughput`**Type**: `INT32`**Provider name**: `throughput`**Description**: Optional. The throughput that the volume supports, in MiB/s. Only valid if volume_type is GP3. If the volume_type is GP3 and this is not specified, it defaults to 125. - `volume_type`**Type**: `STRING`**Provider name**: `volumeType`**Description**: Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume.**Possible values**: - `VOLUME_TYPE_UNSPECIFIED` - Not set. - `GP2` - GP2 (General Purpose SSD volume type). - `GP3` - GP3 (General Purpose SSD volume type). - `security_group_ids`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `securityGroupIds`**Description**: Optional. The IDs of additional security groups to add to control plane replicas. The Anthos Multi-Cloud API will automatically create and manage security groups with the minimum rules needed for a functioning cluster. - `ssh_config`**Type**: `STRUCT`**Provider name**: `sshConfig`**Description**: Optional. SSH configuration for how to access the underlying control plane machines. - `ec2_key_pair`**Type**: `STRING`**Provider name**: `ec2KeyPair`**Description**: Required. The name of the EC2 key pair used to login into cluster machines. - `subnet_ids`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `subnetIds`**Description**: Required. The list of subnets where control plane replicas will run. A replica will be provisioned on each subnet and up to three values can be provided. Each subnet must be in a different AWS Availability Zone (AZ). - `version`**Type**: `STRING`**Provider name**: `version`**Description**: Required. The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAwsServerConfig. ## `create_time`{% #create_time %} **Type**: `TIMESTAMP`**Provider name**: `createTime`**Description**: Output only. The time at which this cluster was created. ## `description`{% #description %} **Type**: `STRING`**Provider name**: `description`**Description**: Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes. ## `endpoint`{% #endpoint %} **Type**: `STRING`**Provider name**: `endpoint`**Description**: Output only. The endpoint of the cluster's API server. ## `errors`{% #errors %} **Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `errors`**Description**: Output only. A set of errors found in the cluster. - `message`**Type**: `STRING`**Provider name**: `message`**Description**: Human-friendly description of the error. ## `etag`{% #etag %} **Type**: `STRING`**Provider name**: `etag`**Description**: Allows clients to perform consistent read-modify-writes through optimistic concurrency control. Can be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. ## `fleet`{% #fleet %} **Type**: `STRUCT`**Provider name**: `fleet`**Description**: Required. Fleet configuration. - `membership`**Type**: `STRING`**Provider name**: `membership`**Description**: Output only. The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as `projects//locations/global/membership/`. - `project`**Type**: `STRING`**Provider name**: `project`**Description**: Required. The name of the Fleet host project where this cluster will be registered. Project names are formatted as `projects/`. ## `labels`{% #labels %} **Type**: `UNORDERED_LIST_STRING` ## `logging_config`{% #logging_config %} **Type**: `STRUCT`**Provider name**: `loggingConfig`**Description**: Optional. Logging configuration for this cluster. - `component_config`**Type**: `STRUCT`**Provider name**: `componentConfig`**Description**: The configuration of the logging components; - `enable_components`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `enableComponents`**Description**: The components to be enabled. ## `monitoring_config`{% #monitoring_config %} **Type**: `STRUCT`**Provider name**: `monitoringConfig`**Description**: Optional. Monitoring configuration for this cluster. - `cloud_monitoring_config`**Type**: `STRUCT`**Provider name**: `cloudMonitoringConfig`**Description**: Optionally enable GKE metrics. Only for Attached Clusters. - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Enable GKE-native logging and metrics. Only for Attached Clusters. - `managed_prometheus_config`**Type**: `STRUCT`**Provider name**: `managedPrometheusConfig`**Description**: Enable Google Cloud Managed Service for Prometheus in the cluster. - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Enable Managed Collection. ## `name`{% #name %} **Type**: `STRING`**Provider name**: `name`**Description**: The name of this resource. Cluster names are formatted as `projects//locations//awsClusters/`. See [Resource Names](https://cloud.google.com/apis/design/resource_names) for more details on Google Cloud Platform resource names. ## `networking`{% #networking %} **Type**: `STRUCT`**Provider name**: `networking`**Description**: Required. Cluster-wide networking configuration. - `per_node_pool_sg_rules_disabled`**Type**: `BOOLEAN`**Provider name**: `perNodePoolSgRulesDisabled`**Description**: Optional. Disable the per node pool subnet security group rules on the control plane security group. When set to true, you must also provide one or more security groups that ensure node pools are able to send requests to the control plane on TCP/443 and TCP/8132. Failure to do so may result in unavailable node pools. - `pod_address_cidr_blocks`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `podAddressCidrBlocks`**Description**: Required. All pods in the cluster are assigned an IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation. - `service_address_cidr_blocks`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `serviceAddressCidrBlocks`**Description**: Required. All services in the cluster are assigned an IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation. - `vpc_id`**Type**: `STRING`**Provider name**: `vpcId`**Description**: Required. The VPC associated with the cluster. All component clusters (i.e. control plane and node pools) run on a single VPC. This field cannot be changed after creation. ## `organization_id`{% #organization_id %} **Type**: `STRING` ## `parent`{% #parent %} **Type**: `STRING` ## `project_id`{% #project_id %} **Type**: `STRING` ## `project_number`{% #project_number %} **Type**: `STRING` ## `reconciling`{% #reconciling %} **Type**: `BOOLEAN`**Provider name**: `reconciling`**Description**: Output only. If set, there are currently changes in flight to the cluster. ## `region_id`{% #region_id %} **Type**: `STRING` ## `resource_name`{% #resource_name %} **Type**: `STRING` ## `state`{% #state %} **Type**: `STRING`**Provider name**: `state`**Description**: Output only. The current state of the cluster.**Possible values**: - `STATE_UNSPECIFIED` - Not set. - `PROVISIONING` - The PROVISIONING state indicates the cluster is being created. - `RUNNING` - The RUNNING state indicates the cluster has been created and is fully usable. - `RECONCILING` - The RECONCILING state indicates that some work is actively being done on the cluster, such as upgrading the control plane replicas. - `STOPPING` - The STOPPING state indicates the cluster is being deleted. - `ERROR` - The ERROR state indicates the cluster is in a broken unrecoverable state. - `DEGRADED` - The DEGRADED state indicates the cluster requires user action to restore full functionality. ## `tags`{% #tags %} **Type**: `UNORDERED_LIST_STRING` ## `uid`{% #uid %} **Type**: `STRING`**Provider name**: `uid`**Description**: Output only. A globally unique identifier for the cluster. ## `update_time`{% #update_time %} **Type**: `TIMESTAMP`**Provider name**: `updateTime`**Description**: Output only. The time at which this cluster was last updated. ## `workload_identity_config`{% #workload_identity_config %} **Type**: `STRUCT`**Provider name**: `workloadIdentityConfig`**Description**: Output only. Workload Identity settings. - `identity_provider`**Type**: `STRING`**Provider name**: `identityProvider`**Description**: The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool. - `issuer_uri`**Type**: `STRING`**Provider name**: `issuerUri`**Description**: The OIDC issuer URL for this cluster. - `workload_pool`**Type**: `STRING`**Provider name**: `workloadPool`**Description**: The Workload Identity Pool associated to the cluster. ## `zone_id`{% #zone_id %} **Type**: `STRING`