Package software.amazon.awscdk.services.eks

Class OidcProviderNative

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.iam.OidcProviderNative

software.amazon.awscdk.services.eks.OidcProviderNative

All Implemented Interfaces:

IOIDCProviderRef, IEnvironmentAware, IResource, IOidcProvider, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.126.0 (build 206d44b)",
           date="2026-02-03T13:58:22.981Z")
@Stability(Stable)
public class OidcProviderNative
extends OidcProviderNative

IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.

You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account.

This implementation uses the native CloudFormation resource and has default values for thumbprints and clientIds props that will be compatible with the eks cluster.

Example:

 // or create a new one using an existing issuer url
 String issuerUrl;
 // you can import an existing provider
 IOidcProvider provider = OidcProviderNative.fromOidcProviderArn(this, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC");
 OidcProviderNative provider2 = OidcProviderNative.Builder.create(this, "Provider")
         .url(issuerUrl)
         .build();
 ICluster cluster = Cluster.fromClusterAttributes(this, "MyCluster", ClusterAttributes.builder()
         .clusterName("Cluster")
         .openIdConnectProvider(provider)
         .kubectlRoleArn("arn:aws:iam::123456:role/service-role/k8sservicerole")
         .build());
 ServiceAccount serviceAccount = cluster.addServiceAccount("MyServiceAccount");
 Bucket bucket = new Bucket(this, "Bucket");
 bucket.grantReadWrite(serviceAccount);
 

See Also:

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	OidcProviderNative.Builder	A fluent builder for OidcProviderNative.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IOidcProvider

IOidcProvider.Jsii$Default, IOidcProvider.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource

IResource.Jsii$Default

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PROPERTY_INJECTION_ID	Uniquely identifies this class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	OidcProviderNative(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	OidcProviderNative(software.amazon.jsii.JsiiObjectRef objRef)
	OidcProviderNative(software.constructs.Construct scope, String id, OidcProviderNativeProps props)	Defines a native OpenID Connect provider.

Method Summary

Methods inherited from class software.amazon.awscdk.services.iam.OidcProviderNative

fromOidcProviderArn, getOidcProviderArn, getOidcProviderIssuer, getOidcProviderRef, getOidcProviderThumbprints, getOpenIdConnectProviderArn, getOpenIdConnectProviderIssuer

Methods inherited from class software.amazon.awscdk.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.awscdk.interfaces.IEnvironmentAware

getEnv

Methods inherited from interface software.amazon.awscdk.IResource

applyRemovalPolicy, getStack

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

PROPERTY_INJECTION_ID

@Stability(Stable)
public static final String PROPERTY_INJECTION_ID

Uniquely identifies this class.

Constructor Details

OidcProviderNative

protected OidcProviderNative(software.amazon.jsii.JsiiObjectRef objRef)

OidcProviderNative

protected OidcProviderNative(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

OidcProviderNative

@Stability(Stable)
public OidcProviderNative(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 OidcProviderNativeProps props)

Defines a native OpenID Connect provider.

Parameters:

scope - The definition scope. This parameter is required.

id - Construct ID. This parameter is required.

props - Initialization properties. This parameter is required.