cli: Getting "unsupported resource type Custom:AWSCDK-EKS-Cluster"

[Sahand1993]

Describe the bug

I'm running the AWS CDK CLI

% cdk version  
2.177.0 (build b396961)

And I'm trying to import an already existing EKS Cluster:

cdk import EksPrivateCluster

Here's how the resource is defined in AWS CDK using Java:

  Cluster.Builder.create(this, "eks")
    .vpc(Vpc.fromLookup(this,
      "Vpc",
      VpcLookupOptions.builder().vpcId("vpc-id").build()))
    .version(KubernetesVersion.V1_29)
    .vpcSubnets(List.of(SubnetSelection.builder().subnets(List.of(Subnet.fromSubnetId(this, "vpc-ns-eu-central-1b", "subnet1-id"), Subnet.fromSubnetId(this, "vpc-ns-eu-central-1a", "subnet2-id"))).build()))
    .clusterName("test-cluster")
    .defaultCapacity(0)
    .outputClusterName(true)
    .outputConfigCommand(true)
    .outputMastersRoleArn(true)
    .build();

Here's what I see in the logs:

% cdk import EksPrivateCluster
[Warning at /EksPrivateCluster/vpc-ns-eu-central-1b] No routeTableId was provided to the subnet 'subnet1-id'. Attempting to read its .routeTable.routeTableId will return null/undefined. (More info: https://github.com/aws/aws-cdk/pull/3171) [ack: @aws-cdk/aws-ec2:noSubnetRouteTableId]
[Warning at /EksPrivateCluster/vpc-ns-eu-central-1a] No routeTableId was provided to the subnet 'subnet2-id'. Attempting to read its .routeTable.routeTableId will return null/undefined. (More info: https://github.com/aws/aws-cdk/pull/3171) [ack: @aws-cdk/aws-ec2:noSubnetRouteTableId]
[Warning at /EksPrivateCluster/eks] You created a cluster with Kubernetes Version 1.29 without specifying the kubectlLayer property. The property will become required instead of optional in 2025 Jan. Please update your CDK code to provide a kubectlLayer. [ack: @aws-cdk/aws-eks:clusterKubectlLayerNotSpecified]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet3-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet2-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet4-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet5-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet6-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet7-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet8-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet1-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet9-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet10-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet11-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet12-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet13-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
[Warning at /EksPrivateCluster/eks] Could not auto-tag private subnet subnet14-id with "kubernetes.io/role/internal-elb=1", please remember to do this manually [ack: @aws-cdk/aws-eks:clusterMustManuallyTagSubnet]
EksPrivateCluster
start: Building 936b441cc12cd5d931778a2b30a87745db2a84f7df36039590183498dbe59c99:<aws-acc-no>-eu-central-1
success: Built 936b441cc12cd5d931778a2b30a87745db2a84f7df36039590183498dbe59c99:<aws-acc-no>-eu-central-1
start: Publishing 936b441cc12cd5d931778a2b30a87745db2a84f7df36039590183498dbe59c99:<aws-acc-no>-eu-central-1
success: Published 936b441cc12cd5d931778a2b30a87745db2a84f7df36039590183498dbe59c99:<aws-acc-no>-eu-central-1
start: Building 5cf40520585ae27edc46116f4bc45682ce419f4fac601da1e05b600c25a2bf8f:<aws-acc-no>-eu-central-1
success: Built 5cf40520585ae27edc46116f4bc45682ce419f4fac601da1e05b600c25a2bf8f:<aws-acc-no>-eu-central-1
start: Publishing 5cf40520585ae27edc46116f4bc45682ce419f4fac601da1e05b600c25a2bf8f:<aws-acc-no>-eu-central-1
success: Published 5cf40520585ae27edc46116f4bc45682ce419f4fac601da1e05b600c25a2bf8f:<aws-acc-no>-eu-central-1
start: Building c7303c77fc646601409777ef856517e3143b38c53b48f596972388ec414ce29a:<aws-acc-no>-eu-central-1
success: Built c7303c77fc646601409777ef856517e3143b38c53b48f596972388ec414ce29a:<aws-acc-no>-eu-central-1
start: Publishing c7303c77fc646601409777ef856517e3143b38c53b48f596972388ec414ce29a:<aws-acc-no>-eu-central-1
success: Published c7303c77fc646601409777ef856517e3143b38c53b48f596972388ec414ce29a:<aws-acc-no>-eu-central-1
EksPrivateCluster/eks/KubectlHandlerRole/Resource (AWS::IAM::Role): enter RoleName (empty to skip): 
Skipping import of EksPrivateCluster/eks/KubectlHandlerRole/Resource
EksPrivateCluster/eks/KubectlHandlerRole/DefaultPolicy/Resource (AWS::IAM::Policy): enter Id (empty to skip): 
Skipping import of EksPrivateCluster/eks/KubectlHandlerRole/DefaultPolicy/Resource
EksPrivateCluster/eks/Role/Resource (AWS::IAM::Role): enter RoleName (empty to skip): 
Skipping import of EksPrivateCluster/eks/Role/Resource
EksPrivateCluster/eks/ControlPlaneSecurityGroup/Resource (AWS::EC2::SecurityGroup): enter Id (empty to skip): 
Skipping import of EksPrivateCluster/eks/ControlPlaneSecurityGroup/Resource
EksPrivateCluster/eks/Resource/CreationRole/Resource (AWS::IAM::Role): enter RoleName (empty to skip): 
Skipping import of EksPrivateCluster/eks/Resource/CreationRole/Resource
EksPrivateCluster/eks/Resource/CreationRole/DefaultPolicy/Resource (AWS::IAM::Policy): enter Id (empty to skip): 
Skipping import of EksPrivateCluster/eks/Resource/CreationRole/DefaultPolicy/Resource
EksPrivateCluster/eks/Resource/Resource/Default: unsupported resource type Custom::AWSCDK-EKS-Cluster, skipping import.
EksPrivateCluster/eks/KubectlReadyBarrier (AWS::SSM::Parameter): enter Name (empty to skip): 
Skipping import of EksPrivateCluster/eks/KubectlReadyBarrier
EksPrivateCluster/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStack/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStackResource (AWS::CloudFormation::Stack): enter StackId (empty to skip): 
Skipping import of EksPrivateCluster/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStack/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStackResource
EksPrivateCluster/@aws-cdk--aws-eks.KubectlProvider.NestedStack/@aws-cdk--aws-eks.KubectlProvider.NestedStackResource (AWS::CloudFormation::Stack): enter StackId (empty to skip): 
Skipping import of EksPrivateCluster/@aws-cdk--aws-eks.KubectlProvider.NestedStack/@aws-cdk--aws-eks.KubectlProvider.NestedStackResource
No resources selected for import.

Notice the line that says EksPrivateCluster/eks/Resource/Resource/Default: unsupported resource type Custom::AWSCDK-EKS-Cluster, skipping import., and also the bottom line: No resources selected for import.. Are EKS Clusters simply not supported for import yet or is this a bug?´

Regression Issue

• Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

I expected to be able to import my EKS cluster into CloudFormation.

Current Behavior

Cluster is not imported.

Reproduction Steps

PrivateClusterCdkApp:

package com.amazonaws.cdk.examples;

import software.amazon.awscdk.App;
import software.amazon.awscdk.Environment;
import software.amazon.awscdk.StackProps;

public class PrivateClusterCdkApp {
  public static void main(final String[] args) {
    App app = new App();
    StackProps stackProps = StackProps.builder()
      .env(Environment.builder()
        .account("fill out with your acc")
        .region("fill out with your region")
        .build()).build();
    new EksPrivateClusterStack(app, "EksPrivateCluster", stackProps);

    app.synth();
  }
}

EksPrivateClusterStack:

package com.amazonaws.cdk.examples;

import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awscdk.services.ec2.Subnet;
import software.amazon.awscdk.services.ec2.SubnetSelection;
import software.amazon.awscdk.services.ec2.Vpc;
import software.amazon.awscdk.services.ec2.VpcLookupOptions;
import software.amazon.awscdk.services.eks.Cluster;
import software.amazon.awscdk.services.eks.KubernetesVersion;
import software.constructs.Construct;

import java.util.List;

/**
 * Builds a private EKS cluster in isolated subnets with no Internet or NAT gateways attached.
 *
 * <p>
 */
public class EksPrivateClusterStack extends Stack {
  private Cluster cluster;

  public EksPrivateClusterStack(final Construct scope, final String id) {
    this(scope, id, null);
  }

  public EksPrivateClusterStack(final Construct scope, final String id, final StackProps props) {
    super(scope, id, props);

    createEksCluster();
  }

  private void createEksCluster() {
    this.cluster =
      Cluster.Builder.create(this, "eks")
        .vpc(Vpc.fromLookup(this,
          "Vpc",
          VpcLookupOptions.builder().vpcId("vpc-id").build()))
        .version(KubernetesVersion.V1_29)
        .vpcSubnets(List.of(SubnetSelection.builder().subnets(List.of(Subnet.fromSubnetId(this, "vpc-ns-eu-central-1b", "subnet1-id"), Subnet.fromSubnetId(this, "vpc-ns-eu-central-1a", "subnet2-id"))).build())) // Give your subnets.
        .clusterName("cluster name") // Fill out with your own cluster name
        .defaultCapacity(0)
        .outputClusterName(true)
        .outputConfigCommand(true)
        .outputMastersRoleArn(true)
        .build();
  }

  public Cluster getCluster() {
    return this.cluster;
  }
}

Run import with: cdk import EksPrivateCluster

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.177.0

Framework Version

No response

Node.js Version

v22.2.0

OS

Sonoma 14.5

Language

Java

Language Version

openjdk 17.0.12

Other information

No response

[pahud]

Per cdk import doc

You can use cdk import to import existing resources with minimal disruption to your services. For a list of supported AWS resources, see Resource type support in the AWS CloudFormation User Guide.

Custom::AWSCDK-EKS-Cluster is not supported.

[Sahand1993]

thanks for the response. I see that the resource type is not shown there. However, there is AWS::EKS::Cluster. Should I just use the L1 CFN construct to create that resource type?

[AntonioDiTuri]

Where is this

Custom::AWSCDK-EKS-Cluster is not supported.

In the docs written? Could not find the information anywhere.
Is there a list of L2 that support import? Or how to understand how this works?

[AntonioDiTuri]

@pahud Is this the doc section you are referring to?

This list is not an exhaustive list of AWS resources. If a specific resource type is not listed below, it's likely not accessible through the AWS Cloud Control API. For more information, see Resource types that support Cloud Control API in the Cloud Control API User Guide. Each individual AWS service decides which resource types to make accessible through Cloud Control API.

Does this mean that no L2 construct support import at the moment?