Package software.amazon.awscdk.services.eks

Class ServiceAccount

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.services.eks.ServiceAccount
All Implemented Interfaces:
IConstruct, IDependable, IGrantable, IPrincipal, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:46.662Z") @Stability(Stable) public class ServiceAccount extends Construct implements IPrincipal
Service Account.

Example: 

 // or create a new one using an existing issuer url
 String issuerUrl;
 // you can import an existing provider
 IOpenIdConnectProvider provider = OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC");
 OpenIdConnectProvider provider2 = OpenIdConnectProvider.Builder.create(this, "Provider")
         .url(issuerUrl)
         .build();
 ICluster cluster = Cluster.fromClusterAttributes(this, "MyCluster", ClusterAttributes.builder()
         .clusterName("Cluster")
         .openIdConnectProvider(provider)
         .kubectlRoleArn("arn:aws:iam::123456:role/service-role/k8sservicerole")
         .build());
 ServiceAccount serviceAccount = cluster.addServiceAccount("MyServiceAccount");
 Bucket bucket = new Bucket(this, "Bucket");
 bucket.grantReadWrite(serviceAccount);

  • Constructor Details

    • ServiceAccount

      protected ServiceAccount(software.amazon.jsii.JsiiObjectRef objRef)

    • ServiceAccount

      protected ServiceAccount(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • ServiceAccount

      @Stability(Stable) public ServiceAccount(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull ServiceAccountProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props - This parameter is required.

  • Method Details

    • addToPolicy

      @Stability(Deprecated) @Deprecated @NotNull public Boolean addToPolicy(@NotNull PolicyStatement statement)
      Deprecated.
      use addToPrincipalPolicy()
      (deprecated) Add to the policy of this principal.

      Specified by:
      addToPolicy in interface IPrincipal
      Parameters:
      statement - This parameter is required.
      Returns:
      true if the statement was added, false if the principal in question does not have a policy document to add the statement to.

    • addToPrincipalPolicy

      @Stability(Stable) @NotNull public AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull PolicyStatement statement)
      Add to the policy of this principal.

      Specified by:
      addToPrincipalPolicy in interface IPrincipal
      Parameters:
      statement - This parameter is required.

    • getAssumeRoleAction

      @Stability(Stable) @NotNull public String getAssumeRoleAction()
      When this Principal is used in an AssumeRole policy, the action to use.
      Specified by:
      getAssumeRoleAction in interface IPrincipal

    • getGrantPrincipal

      @Stability(Stable) @NotNull public IPrincipal getGrantPrincipal()
      The principal to grant permissions to.
      Specified by:
      getGrantPrincipal in interface IGrantable

    • getPolicyFragment

      @Stability(Stable) @NotNull public PrincipalPolicyFragment getPolicyFragment()
      Return the policy fragment that identifies this principal in a Policy.
      Specified by:
      getPolicyFragment in interface IPrincipal

    • getRole

      @Stability(Stable) @NotNull public IRole getRole()
      The role which is linked to the service account.

    • getServiceAccountName

      @Stability(Stable) @NotNull public String getServiceAccountName()
      The name of the service account.

    • getServiceAccountNamespace

      @Stability(Stable) @NotNull public String getServiceAccountNamespace()
      The namespace where the service account is located in.