OpenIdConnectProviderProps

class aws_cdk.aws_eks.OpenIdConnectProviderProps(*, url)

Bases: object

Initialization properties for OpenIdConnectProvider.

Parameters:

url (str) – The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider’s OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster –name %cluster_name% –query “cluster.identity.oidc.issuer” –output text

ExampleMetadata:

infused

Example:

# or create a new one using an existing issuer url
# issuer_url: str
# you can import an existing provider
provider = eks.OpenIdConnectProvider.from_open_id_connect_provider_arn(self, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC")
provider2 = eks.OpenIdConnectProvider(self, "Provider",
    url=issuer_url
)

cluster = eks.Cluster.from_cluster_attributes(self, "MyCluster",
    cluster_name="Cluster",
    open_id_connect_provider=provider,
    kubectl_role_arn="arn:aws:iam::123456:role/service-role/k8sservicerole"
)

service_account = cluster.add_service_account("MyServiceAccount")

bucket = s3.Bucket(self, "Bucket")
bucket.grant_read_write(service_account)

Attributes

url

The URL of the identity provider.

The URL must begin with https:// and should correspond to the iss claim in the provider’s OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com.

You can find your OIDC Issuer URL by: aws eks describe-cluster –name %cluster_name% –query “cluster.identity.oidc.issuer” –output text