OpenIdConnectProviderProps
- class aws_cdk.aws_eks.OpenIdConnectProviderProps(*, url)
Bases:
object
Initialization properties for
OpenIdConnectProvider
.- Parameters:
url (
str
) – The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider’s OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster –name %cluster_name% –query “cluster.identity.oidc.issuer” –output text- ExampleMetadata:
infused
Example:
# or create a new one using an existing issuer url # issuer_url: str # you can import an existing provider provider = eks.OpenIdConnectProvider.from_open_id_connect_provider_arn(self, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC") provider2 = eks.OpenIdConnectProvider(self, "Provider", url=issuer_url ) cluster = eks.Cluster.from_cluster_attributes(self, "MyCluster", cluster_name="Cluster", open_id_connect_provider=provider, kubectl_role_arn="arn:aws:iam::123456:role/service-role/k8sservicerole" ) service_account = cluster.add_service_account("MyServiceAccount") bucket = s3.Bucket(self, "Bucket") bucket.grant_read_write(service_account)
Attributes
- url
The URL of the identity provider.
The URL must begin with https:// and should correspond to the iss claim in the provider’s OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com.
You can find your OIDC Issuer URL by: aws eks describe-cluster –name %cluster_name% –query “cluster.identity.oidc.issuer” –output text