OidcProviderNativeProps

class aws_cdk.aws_eks_v2_alpha.OidcProviderNativeProps(*, url, removal_policy=None)

Bases: OpenIdConnectProviderProps

(experimental) Initialization properties for OidcProviderNative.

Parameters:

  • url (str) – (experimental) The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider’s OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster –name %cluster_name% –query “cluster.identity.oidc.issuer” –output text

  • removal_policy (Optional[RemovalPolicy]) – (experimental) The removal policy to apply to the OpenID Connect Provider. Default: - RemovalPolicy.DESTROY

Stability:

experimental

ExampleMetadata:

infused

Example:

import aws_cdk.aws_s3 as s3

# or create a new one using an existing issuer url
# issuer_url: str

from aws_cdk.lambda_layer_kubectl_v34 import KubectlV34Layer

# you can import an existing provider
provider = eks.OidcProviderNative.from_oidc_provider_arn(self, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC")
provider2 = eks.OidcProviderNative(self, "Provider",
    url=issuer_url
)

cluster = eks.Cluster.from_cluster_attributes(self, "MyCluster",
    cluster_name="Cluster",
    open_id_connect_provider=provider,
    kubectl_provider_options=eks.KubectlProviderOptions(
        kubectl_layer=KubectlV34Layer(self, "kubectl")
    )
)

service_account = cluster.add_service_account("MyServiceAccount")

bucket = s3.Bucket(self, "Bucket")
bucket.grant_read_write(service_account)

Attributes

removal_policy

(experimental) The removal policy to apply to the OpenID Connect Provider.

Default:

  • RemovalPolicy.DESTROY

Stability:

experimental

url

(experimental) The URL of the identity provider.

The URL must begin with https:// and should correspond to the iss claim in the provider’s OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com.

You can find your OIDC Issuer URL by: aws eks describe-cluster –name %cluster_name% –query “cluster.identity.oidc.issuer” –output text

Stability:

experimental