AWS::EKS::IdentityProviderConfig OidcIdentityProviderConfig - AWS CloudFormation

AWS::EKS::IdentityProviderConfig OidcIdentityProviderConfig

An object representing the configuration for an OpenID Connect (OIDC) identity provider.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "ClientId" : String, "GroupsClaim" : String, "GroupsPrefix" : String, "IssuerUrl" : String, "RequiredClaims" : [ RequiredClaim, ... ], "UsernameClaim" : String, "UsernamePrefix" : String }

YAML

ClientId: String GroupsClaim: String GroupsPrefix: String IssuerUrl: String RequiredClaims: - RequiredClaim UsernameClaim: String UsernamePrefix: String

Properties

ClientId

This is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider.

Required: Yes

Type: String

Update requires: Replacement

GroupsClaim

The JSON web token (JWT) claim that the provider uses to return your groups.

Required: No

Type: String

Update requires: Replacement

GroupsPrefix

The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: creates group names like oidc:engineering and oidc:infra. The prefix can't contain system:

Required: No

Type: String

Update requires: Replacement

IssuerUrl

The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.

Required: Yes

Type: String

Update requires: Replacement

RequiredClaims

The key-value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value.

Required: No

Type: Array of RequiredClaim

Update requires: Replacement

UsernameClaim

The JSON Web token (JWT) claim that is used as the username.

Required: No

Type: String

Update requires: Replacement

UsernamePrefix

The prefix that is prepended to username claims to prevent clashes with existing names. The prefix can't contain system:

Required: No

Type: String

Update requires: Replacement