Package software.amazon.awscdk.services.eks

Interface OpenIdConnectProviderProps

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

OpenIdConnectProviderProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
           date="2023-06-19T16:30:46.660Z")
@Stability(Stable)
public interface OpenIdConnectProviderProps
extends software.amazon.jsii.JsiiSerializable

Initialization properties for OpenIdConnectProvider.

Example:

 // or create a new one using an existing issuer url
 String issuerUrl;
 // you can import an existing provider
 IOpenIdConnectProvider provider = OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC");
 OpenIdConnectProvider provider2 = OpenIdConnectProvider.Builder.create(this, "Provider")
         .url(issuerUrl)
         .build();
 ICluster cluster = Cluster.fromClusterAttributes(this, "MyCluster", ClusterAttributes.builder()
         .clusterName("Cluster")
         .openIdConnectProvider(provider)
         .kubectlRoleArn("arn:aws:iam::123456:role/service-role/k8sservicerole")
         .build());
 ServiceAccount serviceAccount = cluster.addServiceAccount("MyServiceAccount");
 Bucket bucket = new Bucket(this, "Bucket");
 bucket.grantReadWrite(serviceAccount);
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	OpenIdConnectProviderProps.Builder	A builder for OpenIdConnectProviderProps
static final class	OpenIdConnectProviderProps.Jsii$Proxy	An implementation for OpenIdConnectProviderProps

Method Summary

Modifier and Type	Method	Description
static OpenIdConnectProviderProps.Builder	builder()
String	getUrl()	The URL of the identity provider.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getUrl

@Stability(Stable)
@NotNull
String getUrl()

The URL of the identity provider.

The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com.

You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text

builder

@Stability(Stable)
static OpenIdConnectProviderProps.Builder builder()

Returns:

a OpenIdConnectProviderProps.Builder of OpenIdConnectProviderProps