Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Use CreateOpenIdConnectProvider with a CLI

PDF
RSS
Focus mode
Use CreateOpenIdConnectProvider with a CLI - AWS Identity and Access Management

The following code examples show how to use CreateOpenIdConnectProvider.

CLI
AWS CLI

To create an OpenID Connect (OIDC) provider

To create an OpenID Connect (OIDC) provider, we recommend using the --cli-input-json parameter to pass a JSON file that contains the required parameters. When you create an OIDC provider, you must pass the URL of the provider, and the URL must begin with https://. It can be difficult to pass the URL as a command line parameter, because the colon (:) and forward slash (/) characters have special meaning in some command line environments. Using the --cli-input-json parameter gets around this limitation.

To use the --cli-input-json parameter, start by using the create-open-id-connect-provider command with the --generate-cli-skeleton parameter, as in the following example.

aws iam create-open-id-connect-provider \
    --generate-cli-skeleton > create-open-id-connect-provider.json

The previous command creates a JSON file called create-open-id-connect-provider.json that you can use to fill in the information for a subsequent create-open-id-connect-provider command. For example:

{
    "Url": "https://server.example.com",
    "ClientIDList": [
        "example-application-ID"
    ],
    "ThumbprintList": [
        "c3768084dfb3d2b68b7897bf5f565da8eEXAMPLE"
    ]
}

Next, to create the OpenID Connect (OIDC) provider, use the create-open-id-connect-provider command again, this time passing the --cli-input-json parameter to specify your JSON file. The following create-open-id-connect-provider command uses the --cli-input-json parameter with a JSON file called create-open-id-connect-provider.json.

aws iam create-open-id-connect-provider \
    --cli-input-json file://create-open-id-connect-provider.json

Output:

{
    "OpenIDConnectProviderArn": "arn:aws:iam::123456789012:oidc-provider/server.example.com"
}

For more information about OIDC providers, see Creating OpenID Connect (OIDC) identity providers in the AWS IAM User Guide.

For more information about obtaining thumbprints for an OIDC provider, see Obtaining the thumbprint for an OpenID Connect Identity Provider in the AWS IAM User Guide.

PowerShell
Tools for PowerShell

Example 1: This example creates an IAM OIDC provider associated with the OIDC compatible provider service found at the URL https://example.oidcprovider.com and the client ID my-testapp-1. The OIDC provider supplies the thumbprint. To authenticate the thumbprint, follow the steps at http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html.

New-IAMOpenIDConnectProvider -Url https://example.oidcprovider.com -ClientIDList my-testapp-1 -ThumbprintList 990F419EXAMPLEECF12DDEDA5EXAMPLE52F20D9E

Output:

arn:aws:iam::123456789012:oidc-provider/example.oidcprovider.com
anchoranchor
AWS CLI

To create an OpenID Connect (OIDC) provider

To create an OpenID Connect (OIDC) provider, we recommend using the --cli-input-json parameter to pass a JSON file that contains the required parameters. When you create an OIDC provider, you must pass the URL of the provider, and the URL must begin with https://. It can be difficult to pass the URL as a command line parameter, because the colon (:) and forward slash (/) characters have special meaning in some command line environments. Using the --cli-input-json parameter gets around this limitation.

To use the --cli-input-json parameter, start by using the create-open-id-connect-provider command with the --generate-cli-skeleton parameter, as in the following example.

aws iam create-open-id-connect-provider \
    --generate-cli-skeleton > create-open-id-connect-provider.json

The previous command creates a JSON file called create-open-id-connect-provider.json that you can use to fill in the information for a subsequent create-open-id-connect-provider command. For example:

{
    "Url": "https://server.example.com",
    "ClientIDList": [
        "example-application-ID"
    ],
    "ThumbprintList": [
        "c3768084dfb3d2b68b7897bf5f565da8eEXAMPLE"
    ]
}

Next, to create the OpenID Connect (OIDC) provider, use the create-open-id-connect-provider command again, this time passing the --cli-input-json parameter to specify your JSON file. The following create-open-id-connect-provider command uses the --cli-input-json parameter with a JSON file called create-open-id-connect-provider.json.

aws iam create-open-id-connect-provider \
    --cli-input-json file://create-open-id-connect-provider.json

Output:

{
    "OpenIDConnectProviderArn": "arn:aws:iam::123456789012:oidc-provider/server.example.com"
}

For more information about OIDC providers, see Creating OpenID Connect (OIDC) identity providers in the AWS IAM User Guide.

For more information about obtaining thumbprints for an OIDC provider, see Obtaining the thumbprint for an OpenID Connect Identity Provider in the AWS IAM User Guide.

For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.

Related resources

AWS Identity and Access Management API Reference
AWS CLI commands for AWS Identity and Access Management
SDKs & Tools 

Related resources

AWS Identity and Access Management API Reference
AWS CLI commands for AWS Identity and Access Management
SDKs & Tools 
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.