No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@U010UU3CUS2> that Kubernetes guide is using our `@pulumi/eks` module which is a set of higher-level components on top of the low-level AWS resources. `@pulumi/eks` is only available for TypeScript and JavaScript currently so that representation of an EKS cluster won't match exactly what you see in Python.

The same arguments are used in the `pulumi_aws` module docs...hmm

Yea, there might be some overlap in the arguments as they ultimately get passed to the same "raw" aws resources.

The `@pulumi/eks` cluster code is at <https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cluster.ts>. You could likely find what you're looking for in there.

thanks, pretty sure I looked there already but I will double check. not feeling good about using python with pulumi given this lol :disappointed:

We do have more examples and high-level packages (EKS and AWSX) in TypeScript, but the capabilities are the same across all the languages.

To put it another way, `@pulumi/eks` comes pre-assembled, where using EKS with `pulumi-aws` requires assembly.

yeah looks like I need to use `pulumi_kubernetes.core.v1.ConfigMap` like this <https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cluster.ts#L610>

hm shit, this presents a chicken/egg problem: my eks cluster is completely private and provisioned with the VPC lol

Not sure I follow... which is the chicken and which is the egg

VPC and EKS are in the same stack, I’m running pulumi from my workstation

EKS is private thus only accessible from VPC

I may move EKS into another stack, or peer with a VPC w/bastion

so the VPC is the chicken and EKS is the egg

fffff I’m so close
```    error: resource kube-system/aws-auth was not successfully created by the Kubernetes API server : ConfigMap in version "v1" cannot be handled as a ConfigMap: v1.ConfigMap.Data: ReadString: expects " or n, but found [, error found in #10 byte of ...|apRoles":[{"groups":|..., bigger context ...|{"apiVersion":"v1","data":{"mapRoles":[{"groups":["system:masters"],"roleArn":"bastion-75|...```

hmm think I got it, just need to figure out how to update an existing ConfigMap

took a break, came back and got it:
```        config_map_data = {
            "mapRoles": pulumi.Output.all([bastion_role_arn]).apply(
                lambda x: yaml.dump(
                    [
                        {
                            "rolearn": x[0][0],
                            "username": "bastion",
                            "groups": ["system:masters"],
                        }
                    ]
                )
            )
        }

        node_access = ConfigMap(
            f"{self.name}-node-access",
            metadata={"name": "aws-auth", "namespace": "kube-system"},
            data=config_map_data,
            opts=pulumi.ResourceOptions(
                provider=self._provider(), depends_on=[self.cluster]
            ),
        )```