Help improve this page
Want to contribute to this user guide? Scroll to the bottom of this page and select Edit this page on GitHub. Your contributions will help make our user guide better for everyone.
Create an IAM OIDC provider for your cluster
Your cluster has an OpenID Connect
Prerequisites
-
An existing Amazon EKS cluster. To deploy one, see Get started with Amazon EKS.
-
Version
2.12.3
or later or version1.27.160
or later of the Amazon Command Line Interface (Amazon CLI) installed and configured on your device or Amazon CloudShell. To check your current version, use
. Package managers suchaws --version | cut -d / -f2 | cut -d ' ' -f1
yum
,apt-get
, or Homebrew for macOS are often several versions behind the latest version of the Amazon CLI. To install the latest version, see Installing, updating, and uninstalling the Amazon CLI and Quick configuration with aws configure in the Amazon Command Line Interface User Guide. The Amazon CLI version that is installed in Amazon CloudShell might also be several versions behind the latest version. To update it, see Installing Amazon CLI to your home directory in the Amazon CloudShell User Guide. -
The
kubectl
command line tool is installed on your device or Amazon CloudShell. The version can be the same as or up to one minor version earlier or later than the Kubernetes version of your cluster. For example, if your cluster version is1.29
, you can usekubectl
version1.28
,1.29
, or1.30
with it. To install or upgradekubectl
, see Set up kubectl and eksctl. -
An existing
kubectl
config
file that contains your cluster configuration. To create akubectl
config
file, see Connect kubectl to an EKS cluster by creating a kubeconfig file.
You can create an IAM OIDC provider for your cluster using eksctl
or the
Amazon Web Services Management Console.
Next step
Assign IAM roles to Kubernetes service accounts