OidcIdentityProviderConfig - Amazon EKS

OidcIdentityProviderConfig

An object representing the configuration for an OpenID Connect (OIDC) identity provider.

Contents

clientId

This is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider.

Type: String

Required: No

clusterName

The name of your cluster.

Type: String

Required: No

groupsClaim

The JSON web token (JWT) claim that the provider uses to return your groups.

Type: String

Required: No

groupsPrefix

The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: creates group names like oidc:engineering and oidc:infra. The prefix can't contain system:

Type: String

Required: No

identityProviderConfigArn

The ARN of the configuration.

Type: String

Required: No

identityProviderConfigName

The name of the configuration.

Type: String

Required: No

issuerUrl

The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.

Type: String

Required: No

requiredClaims

The key-value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value.

Type: String to string map

Key Length Constraints: Minimum length of 1. Maximum length of 63.

Value Length Constraints: Minimum length of 1. Maximum length of 253.

Required: No

status

The status of the OIDC identity provider.

Type: String

Valid Values: CREATING | DELETING | ACTIVE

Required: No

tags

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources.

Type: String to string map

Map Entries: Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Value Length Constraints: Maximum length of 256.

Required: No

usernameClaim

The JSON Web token (JWT) claim that is used as the username.

Type: String

Required: No

usernamePrefix

The prefix that is prepended to username claims to prevent clashes with existing names. The prefix can't contain system:

Type: String

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: