CfnIdentityProviderConfigPropsMixin
- class aws_cdk.mixins_preview.aws_eks.mixins.CfnIdentityProviderConfigPropsMixin(props, *, strategy=None)
Bases:
MixinAssociates an identity provider configuration to a cluster.
If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes
RoleandClusterRoleobjects, assign permissions to them, and then bind them to the identities using KubernetesRoleBindingandClusterRoleBindingobjects. For more information see Using RBAC Authorization in the Kubernetes documentation.- See:
- CloudformationResource:
AWS::EKS::IdentityProviderConfig
- Mixin:
true
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_eks import mixins as eks_mixins cfn_identity_provider_config_props_mixin = eks_mixins.CfnIdentityProviderConfigPropsMixin(eks_mixins.CfnIdentityProviderConfigMixinProps( cluster_name="clusterName", identity_provider_config_name="identityProviderConfigName", oidc=eks_mixins.CfnIdentityProviderConfigPropsMixin.OidcIdentityProviderConfigProperty( client_id="clientId", groups_claim="groupsClaim", groups_prefix="groupsPrefix", issuer_url="issuerUrl", required_claims=[eks_mixins.CfnIdentityProviderConfigPropsMixin.RequiredClaimProperty( key="key", value="value" )], username_claim="usernameClaim", username_prefix="usernamePrefix" ), tags=[CfnTag( key="key", value="value" )], type="type" ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::EKS::IdentityProviderConfig.- Parameters:
props (
Union[CfnIdentityProviderConfigMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['clusterName', 'identityProviderConfigName', 'oidc', 'tags', 'type']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental
OidcIdentityProviderConfigProperty
- class CfnIdentityProviderConfigPropsMixin.OidcIdentityProviderConfigProperty(*, client_id=None, groups_claim=None, groups_prefix=None, issuer_url=None, required_claims=None, username_claim=None, username_prefix=None)
Bases:
objectAn object representing the configuration for an OpenID Connect (OIDC) identity provider.
- Parameters:
client_id (
Optional[str]) – This is also known as audience . The ID of the client application that makes authentication requests to the OIDC identity provider.groups_claim (
Optional[str]) – The JSON web token (JWT) claim that the provider uses to return your groups.groups_prefix (
Optional[str]) – The prefix that is prepended to group claims to prevent clashes with existing names (such assystem:groups). For example, the valueoidc:creates group names likeoidc:engineeringandoidc:infra. The prefix can’t containsystem:issuer_url (
Optional[str]) – The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.required_claims (
Union[IResolvable,Sequence[Union[IResolvable,RequiredClaimProperty,Dict[str,Any]]],None]) – The key-value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value.username_claim (
Optional[str]) – The JSON Web token (JWT) claim that is used as the username.username_prefix (
Optional[str]) – The prefix that is prepended to username claims to prevent clashes with existing names. The prefix can’t containsystem:
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_eks import mixins as eks_mixins oidc_identity_provider_config_property = eks_mixins.CfnIdentityProviderConfigPropsMixin.OidcIdentityProviderConfigProperty( client_id="clientId", groups_claim="groupsClaim", groups_prefix="groupsPrefix", issuer_url="issuerUrl", required_claims=[eks_mixins.CfnIdentityProviderConfigPropsMixin.RequiredClaimProperty( key="key", value="value" )], username_claim="usernameClaim", username_prefix="usernamePrefix" )
Attributes
- client_id
This is also known as audience .
The ID of the client application that makes authentication requests to the OIDC identity provider.
- groups_claim
The JSON web token (JWT) claim that the provider uses to return your groups.
- groups_prefix
The prefix that is prepended to group claims to prevent clashes with existing names (such as
system:groups).For example, the value
oidc:creates group names likeoidc:engineeringandoidc:infra. The prefix can’t containsystem:
- issuer_url
The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.
- required_claims
The key-value pairs that describe required claims in the identity token.
If set, each claim is verified to be present in the token with a matching value.
- username_claim
The JSON Web token (JWT) claim that is used as the username.
- username_prefix
The prefix that is prepended to username claims to prevent clashes with existing names.
The prefix can’t contain
system:
RequiredClaimProperty
- class CfnIdentityProviderConfigPropsMixin.RequiredClaimProperty(*, key=None, value=None)
Bases:
objectA key-value pair that describes a required claim in the identity token.
If set, each claim is verified to be present in the token with a matching value.
- Parameters:
key (
Optional[str]) – The key to match from the token.value (
Optional[str]) – The value for the key from the token.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_eks import mixins as eks_mixins required_claim_property = eks_mixins.CfnIdentityProviderConfigPropsMixin.RequiredClaimProperty( key="key", value="value" )
Attributes
- key
The key to match from the token.
- value
The value for the key from the token.