AWS::EKS::IdentityProviderConfig OidcIdentityProviderConfig
An object representing the configuration for an OpenID Connect (OIDC) identity provider.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "ClientId" :String, "GroupsClaim" :String, "GroupsPrefix" :String, "IssuerUrl" :String, "RequiredClaims" :[ RequiredClaim, ... ], "UsernameClaim" :String, "UsernamePrefix" :String}
YAML
ClientId:StringGroupsClaim:StringGroupsPrefix:StringIssuerUrl:StringRequiredClaims:- RequiredClaimUsernameClaim:StringUsernamePrefix:String
Properties
ClientId-
This is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider.
Required: Yes
Type: String
Update requires: Replacement
GroupsClaim-
The JSON web token (JWT) claim that the provider uses to return your groups.
Required: No
Type: String
Update requires: Replacement
GroupsPrefix-
The prefix that is prepended to group claims to prevent clashes with existing names (such as
system:groups). For example, the valueoidc:creates group names likeoidc:engineeringandoidc:infra. The prefix can't containsystem:Required: No
Type: String
Update requires: Replacement
IssuerUrl-
The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.
Required: Yes
Type: String
Update requires: Replacement
RequiredClaims-
The key-value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value.
Required: No
Type: Array of RequiredClaim
Update requires: Replacement
UsernameClaim-
The JSON Web token (JWT) claim that is used as the username.
Required: No
Type: String
Update requires: Replacement
UsernamePrefix-
The prefix that is prepended to username claims to prevent clashes with existing names. The prefix can't contain
system:Required: No
Type: String
Update requires: Replacement
