On this page
aws_eks_clusters resource
Use the aws_eks_clusters resource to test the configuration of a collection of AWS Elastic Container Service for Kubernetes.
Syntax
describe aws_eks_clusters do
  its('names.count') { should cmp 10 }
end
Parameters
This resource does not expect any parameters.
See also the AWS documentation on EKS Clusters.
Properties
| Property | Description | 
|---|---|
| arn | The Amazon Resource Name (ARN) of the cluster. | 
| name | The name of the cluster. | 
| endpoint | The endpoint for your Kubernetes API server. | 
| status | The current status of the cluster. | 
| version | The Kubernetes server version for the cluster. | 
| certificate_authority | The certificate-authority-data for your cluster. | 
| subnets_count | The number of subnets associated with your cluster. | 
| subnet_ids | The subnets associated with your cluster. | 
| security_groups_count | The count of security groups associated with your cluster. | 
| security_group_ids | The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your worker nodes and the Kubernetes control plane. | 
| role_arn | The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | 
| vpc_id | The VPC associated with your cluster. | 
| created_at | The Unix epoch timestamp in seconds for when the cluster was created. | 
| creating | Boolean indicating whether or not the state of the cluster is CREATING. | 
| active | Boolean indicating whether or not the state of the cluster is ACTIVE. | 
| failed | Boolean indicating whether or not the state of the cluster is FAILED. | 
| deleting | Boolean indicating whether or not the state of the cluster is DELETING. | 
| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. | 
Examples
Allow at most 100 EKS Clusters on the account
describe aws_eks_clusters do
  its('entries.count') { should be <= 100}
end
Ensure a specific Cluster exists, by name
describe aws_eks_clusters do
  its('names') { should include('cluster-1') }
end
Ensure no Clusters are in a failed state
describe aws_eks_clusters.where( failed: true ) do
    it { should_not exist )
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not to test the entity should not exist.
describe aws_eks_clusters.where( <property>: <value>) do
  it { should exist }
end
describe aws_eks_clusters.where( <property>: <value>) do
  it { should_not exist }
end
AWS Permissions
Your Principal will need the eks:DescribeCluster action with Effect set to Allow.
You can find detailed documentation at Amazon EKS IAM Policies, Roles, and Permissions The documentation for EKS actions is at Policy Structure
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
 https://docs.chef.io/inspec/resources/aws_eks_clusters/