Use CreateOpenIdConnectProvider
with an Amazon SDK or command line tool
The following code examples show how to use CreateOpenIdConnectProvider
.
- CLI
-
- Amazon CLI
-
To create an OpenID Connect (OIDC) provider
To create an OpenID Connect (OIDC) provider, we recommend using the
--cli-input-json
parameter to pass a JSON file that contains the required parameters. When you create an OIDC provider, you must pass the URL of the provider, and the URL must begin withhttps://
. It can be difficult to pass the URL as a command line parameter, because the colon (:) and forward slash (/) characters have special meaning in some command line environments. Using the--cli-input-json
parameter gets around this limitation.To use the
--cli-input-json
parameter, start by using thecreate-open-id-connect-provider
command with the--generate-cli-skeleton
parameter, as in the following example.aws iam create-open-id-connect-provider \ --generate-cli-skeleton > create-open-id-connect-provider.json
The previous command creates a JSON file called create-open-id-connect-provider.json that you can use to fill in the information for a subsequent
create-open-id-connect-provider
command. For example:{ "Url": "https://server.example.com", "ClientIDList": [ "example-application-ID" ], "ThumbprintList": [ "c3768084dfb3d2b68b7897bf5f565da8eEXAMPLE" ] }
Next, to create the OpenID Connect (OIDC) provider, use the
create-open-id-connect-provider
command again, this time passing the--cli-input-json
parameter to specify your JSON file. The followingcreate-open-id-connect-provider
command uses the--cli-input-json
parameter with a JSON file called create-open-id-connect-provider.json.aws iam create-open-id-connect-provider \ --cli-input-json file://create-open-id-connect-provider.json
Output:
{ "OpenIDConnectProviderArn": "arn:aws:iam::123456789012:oidc-provider/server.example.com" }
For more information about OIDC providers, see Creating OpenID Connect (OIDC) identity providers
in the Amazon IAM User Guide. For more information about obtaining thumbprints for an OIDC provider, see Obtaining the thumbprint for an OpenID Connect Identity Provider
in the Amazon IAM User Guide. -
For API details, see CreateOpenIdConnectProvider
in Amazon CLI Command Reference.
-
- PowerShell
-
- Tools for PowerShell
-
Example 1: This example creates an IAM OIDC provider associated with the OIDC compatible provider service found at the URL
https://example.oidcprovider.com
and the client IDmy-testapp-1
. The OIDC provider supplies the thumbprint. To authenticate the thumbprint, follow the steps at http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html.New-IAMOpenIDConnectProvider -Url https://example.oidcprovider.com -ClientIDList my-testapp-1 -ThumbprintList 990F419EXAMPLEECF12DDEDA5EXAMPLE52F20D9E
Output:
arn:aws:iam::123456789012:oidc-provider/example.oidcprovider.com
-
For API details, see CreateOpenIdConnectProvider
in Amazon Tools for PowerShell Cmdlet Reference.
-
For a complete list of Amazon SDK developer guides and code examples, see Using IAM with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.