diff --git a/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/cluster-resource-handler/cluster.ts b/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/cluster-resource-handler/cluster.ts index f89e4f445937a..5a268236228af 100644 --- a/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/cluster-resource-handler/cluster.ts +++ b/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/cluster-resource-handler/cluster.ts @@ -129,41 +129,7 @@ export class ClusterResourceHandler extends ResourceHandler { return this.onCreate(); } - // if a version update is required, issue the version update - if (updates.updateVersion) { - if (!this.newProps.version) { - throw new Error(`Cannot remove cluster version configuration. Current version is ${this.oldProps.version}`); - } - - return this.updateClusterVersion(this.newProps.version); - } - - if (updates.updateLogging && updates.updateAccess) { - throw new Error('Cannot update logging and access at the same time'); - } - - if (updates.updateLogging || updates.updateAccess) { - const config: EKS.UpdateClusterConfigCommandInput = { - name: this.clusterName, - }; - if (updates.updateLogging) { - config.logging = this.newProps.logging; - }; - if (updates.updateAccess) { - // Updating the cluster with securityGroupIds and subnetIds (as specified in the warning here: - // https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-cluster-config.html) - // will fail, therefore we take only the access fields explicitly - config.resourcesVpcConfig = { - endpointPrivateAccess: this.newProps.resourcesVpcConfig?.endpointPrivateAccess, - endpointPublicAccess: this.newProps.resourcesVpcConfig?.endpointPublicAccess, - publicAccessCidrs: this.newProps.resourcesVpcConfig?.publicAccessCidrs, - }; - } - const updateResponse = await this.eks.updateClusterConfig(config); - - return { EksUpdateId: updateResponse.update?.id }; - } - + // Update tags if (updates.updateTags) { try { //Describe cluster to get arn and to make sure Cluster exists @@ -205,6 +171,41 @@ export class ClusterResourceHandler extends ResourceHandler { } } + // if a version update is required, issue the version update + if (updates.updateVersion) { + if (!this.newProps.version) { + throw new Error(`Cannot remove cluster version configuration. Current version is ${this.oldProps.version}`); + } + + return this.updateClusterVersion(this.newProps.version); + } + + if (updates.updateLogging && updates.updateAccess) { + throw new Error('Cannot update logging and access at the same time'); + } + + if (updates.updateLogging || updates.updateAccess) { + const config: EKS.UpdateClusterConfigCommandInput = { + name: this.clusterName, + }; + if (updates.updateLogging) { + config.logging = this.newProps.logging; + }; + if (updates.updateAccess) { + // Updating the cluster with securityGroupIds and subnetIds (as specified in the warning here: + // https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-cluster-config.html) + // will fail, therefore we take only the access fields explicitly + config.resourcesVpcConfig = { + endpointPrivateAccess: this.newProps.resourcesVpcConfig?.endpointPrivateAccess, + endpointPublicAccess: this.newProps.resourcesVpcConfig?.endpointPublicAccess, + publicAccessCidrs: this.newProps.resourcesVpcConfig?.publicAccessCidrs, + }; + } + const updateResponse = await this.eks.updateClusterConfig(config); + + return { EksUpdateId: updateResponse.update?.id }; + } + // no updates return; }