This document describes the default resources that are created with an GKE on AWS cluster.
You might want to know about the resources that are created with a cluster for the following reasons:
- Resources are associated with costs.
- AWS quotas might limit the number of resources you can create.
- Your organization might have policies that dictate the resources you are allowed to launch.
Compute resources
| Resource | Quantity |
|---|---|
| AWS Virtual Private Cloud (optional) | 1 |
| EC2 instance | At least 3 |
The default number of control plane EC2 instances in a cluster is three. At least one additional instance is created for each node pool.
Storage resources
| Resource | Quantity |
|---|---|
| Main volume | 1 |
| Root volume | 1 |
Network resources
| Resource | Type | Quantity |
|---|---|---|
| NAT gateway | 3 | |
| Internet gateway | 1 | |
| Subnet | Public | 3 |
| Private | 3 | |
| Route table | Public | 3 |
| Private | 3 | |
| Route | Public internet gateway | 3 |
| Private NAT gateway | 3 | |
| Route table association | Public | 3 |
| Private | 3 | |
| Elastic IP address | NAT | 3 |
Security and IAM resources
| Resource | Quantity | Usage |
|---|---|---|
| KMS key | 6 | Database encryption Control plane configuration encryption Control plane main volume encryption Control plane root volume encryption Node pool configuration encryption Node pool root volume encryption |
| KMS alias | 6 | Database encryption Control plane configuration encryption Control plane main volume encryption Control plane root volume encryption Node pool configuration encryption Node pool root volume encryption |
| IAM role | 3 | Node pool Control plane API |
| IAM policy | 3 | Node pool Control plane API |
| IAM instance profile | 2 | Node pool Control plane |
| IAM role policy attachment | 3 | Node pool Control plane API |
If you are using a proxy, GKE on AWS needs the following resources:
| Resource | Quantity |
|---|---|
| Secret manager secret | 1 |