Package software.amazon.awscdk.services.eks

Class OpenIdConnectProvider

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.iam.OpenIdConnectProvider

software.amazon.awscdk.services.eks.OpenIdConnectProvider

All Implemented Interfaces:

IResource, IOpenIdConnectProvider, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.97.0 (build 729de35)",
           date="2024-04-24T21:00:29.670Z")
@Stability(Stable)
public class OpenIdConnectProvider
extends OpenIdConnectProvider

IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.

You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account.

This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster

Example:

 // or create a new one using an existing issuer url
 String issuerUrl;
 // you can import an existing provider
 IOpenIdConnectProvider provider = OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC");
 OpenIdConnectProvider provider2 = OpenIdConnectProvider.Builder.create(this, "Provider")
         .url(issuerUrl)
         .build();
 ICluster cluster = Cluster.fromClusterAttributes(this, "MyCluster", ClusterAttributes.builder()
         .clusterName("Cluster")
         .openIdConnectProvider(provider)
         .kubectlRoleArn("arn:aws:iam::123456:role/service-role/k8sservicerole")
         .build());
 ServiceAccount serviceAccount = cluster.addServiceAccount("MyServiceAccount");
 Bucket bucket = new Bucket(this, "Bucket");
 bucket.grantReadWrite(serviceAccount);
 

See Also:

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	OpenIdConnectProvider.Builder	A fluent builder for OpenIdConnectProvider.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IOpenIdConnectProvider

IOpenIdConnectProvider.Jsii$Default, IOpenIdConnectProvider.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource

IResource.Jsii$Default

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	OpenIdConnectProvider(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	OpenIdConnectProvider(software.amazon.jsii.JsiiObjectRef objRef)
	OpenIdConnectProvider(software.constructs.Construct scope, String id, OpenIdConnectProviderProps props)	Defines an OpenID Connect provider.

Method Summary

Methods inherited from class software.amazon.awscdk.services.iam.OpenIdConnectProvider

fromOpenIdConnectProviderArn, getOpenIdConnectProviderArn, getOpenIdConnectProviderIssuer, getOpenIdConnectProviderthumbprints

Methods inherited from class software.amazon.awscdk.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.awscdk.IResource

applyRemovalPolicy, getEnv, getStack

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Details

OpenIdConnectProvider

protected OpenIdConnectProvider(software.amazon.jsii.JsiiObjectRef objRef)

OpenIdConnectProvider

protected OpenIdConnectProvider(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

OpenIdConnectProvider

@Stability(Stable)
public OpenIdConnectProvider(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 OpenIdConnectProviderProps props)

Defines an OpenID Connect provider.

Parameters:

scope - The definition scope. This parameter is required.

id - Construct ID. This parameter is required.

props - Initialization properties. This parameter is required.