Skip to content

Resource: awsEksIdentityProviderConfig

Manages an EKS Identity Provider Configuration.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.eksIdentityProviderConfig.EksIdentityProviderConfig(this, "example", {
  clusterName: "${aws_eks_cluster.example.name}",
  oidc: {
    clientId: "your client_id",
    identityProviderConfigName: "example",
    issuerUrl: "your issuer_url",
  },
});

Argument Reference

The following arguments are supported:

  • clusterName – (Required) Name of the EKS Cluster.
  • oidc - (Required) Nested attribute containing OpenID Connect identity provider information for the cluster. Detailed below.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

oidc Configuration Block

  • clientId – (Required) Client ID for the OpenID Connect identity provider.
  • groupsClaim - (Optional) The JWT claim that the provider will use to return groups.
  • groupsPrefix - (Optional) A prefix that is prepended to group claims e.g., oidc:.
  • identityProviderConfigName – (Required) The name of the identity provider config.
  • issuerUrl - (Required) Issuer URL for the OpenID Connect identity provider.
  • requiredClaims - (Optional) The key value pairs that describe required claims in the identity token.
  • usernameClaim - (Optional) The JWT claim that the provider will use as the username.
  • usernamePrefix - (Optional) A prefix that is prepended to username claims.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of the EKS Identity Provider Configuration.
  • id - EKS Cluster name and EKS Identity Provider Configuration name separated by a colon (:).
  • status - Status of the EKS Identity Provider Configuration.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Timeouts

Configuration options:

  • create - (Default 40M)
  • delete - (Default 40M)

Import

EKS Identity Provider Configurations can be imported using the clusterName and identityProviderConfigName separated by a colon (:), e.g.,

$ terraform import aws_eks_identity_provider_config.my_identity_provider_config my_cluster:my_identity_provider_config