AWS::EKS::IdentityProviderConfig - AWS CloudFormation

AWS::EKS::IdentityProviderConfig

Associates an identity provider configuration to a cluster.

If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes Role and ClusterRole objects, assign permissions to them, and then bind them to the identities using Kubernetes RoleBinding and ClusterRoleBinding objects. For more information see Using RBAC Authorization in the Kubernetes documentation.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::EKS::IdentityProviderConfig", "Properties" : { "ClusterName" : String, "IdentityProviderConfigName" : String, "Oidc" : OidcIdentityProviderConfig, "Tags" : [ Tag, ... ], "Type" : String } }

YAML

Type: AWS::EKS::IdentityProviderConfig Properties: ClusterName: String IdentityProviderConfigName: String Oidc: OidcIdentityProviderConfig Tags: - Tag Type: String

Properties

ClusterName

The name of your cluster.

Required: Yes

Type: String

Update requires: Replacement

IdentityProviderConfigName

The name of the configuration.

Required: No

Type: String

Update requires: Replacement

Oidc

An object representing an OpenID Connect (OIDC) identity provider configuration.

Required: No

Type: OidcIdentityProviderConfig

Update requires: Replacement

Tags

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources.

Required: No

Type: Array of Tag

Update requires: No interruption

Type

The type of the identity provider configuration. The only type available is oidc.

Required: Yes

Type: String

Allowed values: oidc

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name. For example:

{ "Ref": "myIdentityProviderConfig" }

For the IdentityProviderConfig, Ref returns the physical resource ID of the config. For example, cluster-name/oidc/identity-provider-config-name.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

IdentityProviderConfigArn

The Amazon Resource Name (ARN) associated with the identity provider config.

Remarks

Creating an identity provider config and Fargate profile resources in the same template.

If AWS CloudFormation attempts to create both resources at the same time, resource creation fails. If you want to create both resources in the same template, then add the DependsOn property in your template, as shown in the examples.

Examples

Create an identity provider config

The following example creates a an identity provider config. If you're not creating an EKSFargateProfile in the same template, remove the "DependsOn" line in the following example. For more information, see AWS::EKS::FargateProfile.

JSON

{ "EKSIdpConfig": { "DependsOn": "EKSFargateProfile", "Type": "AWS::EKS::IdentityProviderConfig", "Properties": { "ClusterName": "my-cluster", "Type": "oidc", "Oidc": { "ClientId": "kubernetes", "IssuerUrl": "https://example.com" } } } }

YAML

Resources: EKSIdpConfig: DependsOn: EKSFargateProfile Type: AWS::EKS::IdentityProviderConfig Properties: ClusterName: my-cluster Type: oidc Oidc: ClientId: "kubernetes" IssuerUrl: "https://example.com"

See also