Class OpenIdConnectProvider
IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.
Inherited Members
Namespace: Amazon.CDK.AWS.EKS
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class OpenIdConnectProvider : OpenIdConnectProvider, IOpenIdConnectProvider, IResource
Syntax (vb)
Public Class OpenIdConnectProvider
Inherits OpenIdConnectProvider
Implements IOpenIdConnectProvider, IResource
Remarks
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account.
This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
Resource: AWS::CloudFormation::CustomResource
ExampleMetadata: infused
Examples
// or create a new one using an existing issuer url
string issuerUrl;
// you can import an existing provider
var provider = OpenIdConnectProvider.FromOpenIdConnectProviderArn(this, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC");
var provider2 = new OpenIdConnectProvider(this, "Provider", new OpenIdConnectProviderProps {
Url = issuerUrl
});
var cluster = Cluster.FromClusterAttributes(this, "MyCluster", new ClusterAttributes {
ClusterName = "Cluster",
OpenIdConnectProvider = provider,
KubectlRoleArn = "arn:aws:iam::123456:role/service-role/k8sservicerole"
});
var serviceAccount = cluster.AddServiceAccount("MyServiceAccount");
var bucket = new Bucket(this, "Bucket");
bucket.GrantReadWrite(serviceAccount);
Synopsis
Constructors
OpenIdConnectProvider(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
OpenIdConnectProvider(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
OpenIdConnectProvider(Construct, String, IOpenIdConnectProviderProps) | Defines an OpenID Connect provider. |
Constructors
OpenIdConnectProvider(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected OpenIdConnectProvider(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
OpenIdConnectProvider(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected OpenIdConnectProvider(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
OpenIdConnectProvider(Construct, String, IOpenIdConnectProviderProps)
Defines an OpenID Connect provider.
public OpenIdConnectProvider(Construct scope, string id, IOpenIdConnectProviderProps props)
Parameters
- scope Constructs.Construct
The definition scope.
- id System.String
Construct ID.
- props IOpenIdConnectProviderProps
Initialization properties.