Class OpenIdConnectProvider
IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class OpenIdConnectProvider : Resource, IOpenIdConnectProvider, IResource, IOIDCProviderRef, IConstruct, IDependable, IEnvironmentAwareSyntax (vb)
Public Class OpenIdConnectProvider Inherits Resource Implements IOpenIdConnectProvider, IResource, IOIDCProviderRef, IConstruct, IDependable, IEnvironmentAwareRemarks
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.
⚠️ IMPORTANT NOTICE FOR CONTRIBUTORS ⚠️
DO NOT ADD NEW FEATURES TO THIS CONSTRUCT
This construct uses a custom resource with Lambda functions and is maintained for backward compatibility only. We cannot deprecate it due to its usage in existing services like EKS (see https://github.com/aws/aws-cdk/pull/28634#discussion_r1842962697).
For new functionality, developers should use OidcProviderNative instead, which
utilizes the native CloudFormation resource AWS::IAM::OIDCProvider and provides
the same functionality with less complexity.
If you are considering adding features to this construct, please:
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
Resource: AWS::CloudFormation::CustomResource
ExampleMetadata: infused
Examples
var provider = new OpenIdConnectProvider(this, "MyProvider", new OpenIdConnectProviderProps {
Url = "https://openid/connect",
ClientIds = new [] { "myclient1", "myclient2" }
});Synopsis
Constructors
| OpenIdConnectProvider(Construct, string, IOpenIdConnectProviderProps) | Defines an OpenID Connect provider. |
Properties
| OidcProviderRef | A reference to a OIDCProvider resource. |
| OpenIdConnectProviderArn | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. |
| OpenIdConnectProviderIssuer | The issuer for OIDC Provider. |
| OpenIdConnectProviderthumbprints | The thumbprints configured for this provider. |
| PROPERTY_INJECTION_ID | Uniquely identifies this class. |
Methods
| FromOpenIdConnectProviderArn(Construct, string, string) | Imports an Open ID connect provider from an ARN. |
Constructors
OpenIdConnectProvider(Construct, string, IOpenIdConnectProviderProps)
Defines an OpenID Connect provider.
public OpenIdConnectProvider(Construct scope, string id, IOpenIdConnectProviderProps props)Parameters
- scope Construct
The definition scope.
- id string
Construct ID.
- props IOpenIdConnectProviderProps
Initialization properties.
Remarks
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.
⚠️ IMPORTANT NOTICE FOR CONTRIBUTORS ⚠️
DO NOT ADD NEW FEATURES TO THIS CONSTRUCT
This construct uses a custom resource with Lambda functions and is maintained for backward compatibility only. We cannot deprecate it due to its usage in existing services like EKS (see https://github.com/aws/aws-cdk/pull/28634#discussion_r1842962697).
For new functionality, developers should use OidcProviderNative instead, which
utilizes the native CloudFormation resource AWS::IAM::OIDCProvider and provides
the same functionality with less complexity.
If you are considering adding features to this construct, please:
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
Resource: AWS::CloudFormation::CustomResource
ExampleMetadata: infused
Properties
OidcProviderRef
A reference to a OIDCProvider resource.
public virtual IOIDCProviderReference OidcProviderRef { get; }Property Value
Remarks
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.
⚠️ IMPORTANT NOTICE FOR CONTRIBUTORS ⚠️
DO NOT ADD NEW FEATURES TO THIS CONSTRUCT
This construct uses a custom resource with Lambda functions and is maintained for backward compatibility only. We cannot deprecate it due to its usage in existing services like EKS (see https://github.com/aws/aws-cdk/pull/28634#discussion_r1842962697).
For new functionality, developers should use OidcProviderNative instead, which
utilizes the native CloudFormation resource AWS::IAM::OIDCProvider and provides
the same functionality with less complexity.
If you are considering adding features to this construct, please:
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
Resource: AWS::CloudFormation::CustomResource
ExampleMetadata: infused
OpenIdConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect provider.
public virtual string OpenIdConnectProviderArn { get; }Property Value
Remarks
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.
⚠️ IMPORTANT NOTICE FOR CONTRIBUTORS ⚠️
DO NOT ADD NEW FEATURES TO THIS CONSTRUCT
This construct uses a custom resource with Lambda functions and is maintained for backward compatibility only. We cannot deprecate it due to its usage in existing services like EKS (see https://github.com/aws/aws-cdk/pull/28634#discussion_r1842962697).
For new functionality, developers should use OidcProviderNative instead, which
utilizes the native CloudFormation resource AWS::IAM::OIDCProvider and provides
the same functionality with less complexity.
If you are considering adding features to this construct, please:
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
Resource: AWS::CloudFormation::CustomResource
ExampleMetadata: infused
OpenIdConnectProviderIssuer
The issuer for OIDC Provider.
public virtual string OpenIdConnectProviderIssuer { get; }Property Value
Remarks
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.
⚠️ IMPORTANT NOTICE FOR CONTRIBUTORS ⚠️
DO NOT ADD NEW FEATURES TO THIS CONSTRUCT
This construct uses a custom resource with Lambda functions and is maintained for backward compatibility only. We cannot deprecate it due to its usage in existing services like EKS (see https://github.com/aws/aws-cdk/pull/28634#discussion_r1842962697).
For new functionality, developers should use OidcProviderNative instead, which
utilizes the native CloudFormation resource AWS::IAM::OIDCProvider and provides
the same functionality with less complexity.
If you are considering adding features to this construct, please:
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
Resource: AWS::CloudFormation::CustomResource
ExampleMetadata: infused
OpenIdConnectProviderthumbprints
The thumbprints configured for this provider.
public virtual string OpenIdConnectProviderthumbprints { get; }Property Value
Remarks
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.
⚠️ IMPORTANT NOTICE FOR CONTRIBUTORS ⚠️
DO NOT ADD NEW FEATURES TO THIS CONSTRUCT
This construct uses a custom resource with Lambda functions and is maintained for backward compatibility only. We cannot deprecate it due to its usage in existing services like EKS (see https://github.com/aws/aws-cdk/pull/28634#discussion_r1842962697).
For new functionality, developers should use OidcProviderNative instead, which
utilizes the native CloudFormation resource AWS::IAM::OIDCProvider and provides
the same functionality with less complexity.
If you are considering adding features to this construct, please:
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
Resource: AWS::CloudFormation::CustomResource
ExampleMetadata: infused
PROPERTY_INJECTION_ID
Uniquely identifies this class.
public static string PROPERTY_INJECTION_ID { get; }Property Value
Remarks
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.
⚠️ IMPORTANT NOTICE FOR CONTRIBUTORS ⚠️
DO NOT ADD NEW FEATURES TO THIS CONSTRUCT
This construct uses a custom resource with Lambda functions and is maintained for backward compatibility only. We cannot deprecate it due to its usage in existing services like EKS (see https://github.com/aws/aws-cdk/pull/28634#discussion_r1842962697).
For new functionality, developers should use OidcProviderNative instead, which
utilizes the native CloudFormation resource AWS::IAM::OIDCProvider and provides
the same functionality with less complexity.
If you are considering adding features to this construct, please:
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
Resource: AWS::CloudFormation::CustomResource
ExampleMetadata: infused
Methods
FromOpenIdConnectProviderArn(Construct, string, string)
Imports an Open ID connect provider from an ARN.
public static IOpenIdConnectProvider FromOpenIdConnectProviderArn(Construct scope, string id, string openIdConnectProviderArn)Parameters
- scope Construct
The definition scope.
- id string
ID of the construct.
- openIdConnectProviderArn string
the ARN to import.
Returns
Remarks
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.
⚠️ IMPORTANT NOTICE FOR CONTRIBUTORS ⚠️
DO NOT ADD NEW FEATURES TO THIS CONSTRUCT
This construct uses a custom resource with Lambda functions and is maintained for backward compatibility only. We cannot deprecate it due to its usage in existing services like EKS (see https://github.com/aws/aws-cdk/pull/28634#discussion_r1842962697).
For new functionality, developers should use OidcProviderNative instead, which
utilizes the native CloudFormation resource AWS::IAM::OIDCProvider and provides
the same functionality with less complexity.
If you are considering adding features to this construct, please:
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
Resource: AWS::CloudFormation::CustomResource
ExampleMetadata: infused