AWS::EKS::IdentityProviderConfig
Associates an identity provider configuration to a cluster.
If you want to authenticate identities using an identity provider, you can create an
identity provider configuration and associate it to your cluster. After configuring
authentication to your cluster you can create Kubernetes Role and
ClusterRole objects, assign permissions to them, and then bind them to
the identities using Kubernetes RoleBinding and ClusterRoleBinding
objects. For more information see Using RBAC
Authorization
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::EKS::IdentityProviderConfig", "Properties" : { "ClusterName" :String, "IdentityProviderConfigName" :String, "Oidc" :OidcIdentityProviderConfig, "Tags" :[ Tag, ... ], "Type" :String} }
YAML
Type: AWS::EKS::IdentityProviderConfig Properties: ClusterName:StringIdentityProviderConfigName:StringOidc:OidcIdentityProviderConfigTags:- TagType:String
Properties
ClusterName-
The name of your cluster.
Required: Yes
Type: String
Update requires: Replacement
IdentityProviderConfigName-
The name of the configuration.
Required: No
Type: String
Update requires: Replacement
Oidc-
An object representing an OpenID Connect (OIDC) identity provider configuration.
Required: No
Type: OidcIdentityProviderConfig
Update requires: Replacement
-
Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources.
Required: No
Type: Array of Tag
Update requires: No interruption
Type-
The type of the identity provider configuration. The only type available is
oidc.Required: Yes
Type: String
Allowed values:
oidcUpdate requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name. For example:
{ "Ref": "myIdentityProviderConfig" }
For the IdentityProviderConfig, Ref returns the physical resource ID of the config.
For example, cluster-name/oidc/identity-provider-config-name.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
IdentityProviderConfigArn-
The Amazon Resource Name (ARN) associated with the identity provider config.
Remarks
Creating an identity provider config and Fargate profile resources in the same template.
If AWS CloudFormation attempts to create both resources at the same time, resource
creation fails. If you want to create both resources in the same template, then add
the DependsOn property in your template, as shown in the
examples.
Examples
Create an identity provider config
The following example creates a an identity provider config. If you're not
creating an EKSFargateProfile in the same template, remove the
"DependsOn" line in the following example. For more
information, see AWS::EKS::FargateProfile.
JSON
{ "EKSIdpConfig": { "DependsOn": "EKSFargateProfile", "Type": "AWS::EKS::IdentityProviderConfig", "Properties": { "ClusterName": "my-cluster", "Type": "oidc", "Oidc": { "ClientId": "kubernetes", "IssuerUrl": "https://example.com" } } } }
YAML
Resources: EKSIdpConfig: DependsOn: EKSFargateProfile Type: AWS::EKS::IdentityProviderConfig Properties: ClusterName: my-cluster Type: oidc Oidc: ClientId: "kubernetes" IssuerUrl: "https://example.com"
See also
-
Authenticating users for your cluster from an OpenID Connect identity provider in the Amazon EKS User Guide .
-
AssociateIdentityProviderConfig in the Amazon EKS API Reference .
