chore(eks): improve the doc on updating clusters (#29283)

pahud · web-flow · commit 1f30b5d873b7 · 2024-02-27T18:11:24.000Z
### Issue # (if applicable) As described in #29282 , when renaming the cluster, an additional temporary IAM policy will be required. I am proposing the doc update to clarify this with this PR. Closes #29282 #24174 ### Reason for this change To address this use case. ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/aws-cdk-lib/aws-eks/README.md b/packages/aws-cdk-lib/aws-eks/README.md
@@ -15,6 +15,7 @@ In addition, the library also supports defining Kubernetes resource manifests wi
       - [Node Groups with IPv6 Support](#node-groups-with-ipv6-support)
       - [Spot Instances Support](#spot-instances-support)
       - [Launch Template Support](#launch-template-support)
+    - [Update clusters](#update-clusters)
     - [Fargate profiles](#fargate-profiles)
     - [Self-managed nodes](#self-managed-nodes)
       - [Spot Instances](#spot-instances)
@@ -366,6 +367,29 @@ You may specify one `instanceType` in the launch template or multiple `instanceT
 Graviton 2 instance types are supported including `c6g`, `m6g`, `r6g` and `t4g`.
 Graviton 3 instance types are supported including `c7g`.
 
+### Update clusters
+
+When you rename the cluster name and redeploy the stack, the cluster replacement will be triggered and
+the existing one will be deleted after the new one is provisioned. As the cluster resource ARN has been changed, 
+the cluster resource handler would not be able to delete the old one as the resource ARN in the IAM policy
+has been changed. As a workaround, you need to add a temporary policy to the cluster admin role for 
+successful replacement. Consider this example if you are renaming the cluster from `foo` to `bar`:
+
+```ts
+const cluster = new eks.Cluster(this, 'cluster-to-rename', {
+  clusterName: 'foo', // rename this to 'bar'
+  version: eks.KubernetesVersion.V1_29,
+});
+
+// allow the cluster admin role to delete the cluster 'foo'
+cluster.adminRole.addToPolicy(new iam.PolicyStatement({
+  actions: ['eks:DeleteCluster'],
+  resources: [ 
+    Stack.of(this).formatArn({ service: 'eks', resource: 'cluster', resourceName: 'foo' }),
+]
+}))
+```
+
 ### Fargate profiles
 
 AWS Fargate is a technology that provides on-demand, right-sized compute
