There are several steps to this process:

* GitLab assumes the role provided by the user and stores
  a set of temporary credentials on the provider record. By default
  these credentials are valid for one hour.

* A CloudFormation stack is created, based on the template in
  vendor/aws/cloudformation/eks_cluster.yaml. This triggers creation
  of all resources required for an EKS cluster.

* GitLab polls the status of the stack until all resources are ready,
  which takes somewhere between 10 and 15 minutes in most cases.

* When the cluster is ready, GitLab stores the cluster details and
  fetches another set of temporary credentials, this time to allow
  connecting to the cluster via Kubeclient. These credentials
  are valid for one minute.

* GitLab configures the worker nodes so that they are able to
  authenticate to the cluster, and creates a service account for
  itself for future operations.

* Finally, all details and credentials that are no longer required
  are removed.