Skip to content

Resource: awsIamOpenidConnectProvider

Provides an IAM OpenID Connect provider.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.iamOpenidConnectProvider.IamOpenidConnectProvider(this, "default", {
  clientIdList: ["266362248691-342342xasdasdasda-apps.googleusercontent.com"],
  thumbprintList: [],
  url: "https://accounts.google.com",
});

Argument Reference

The following arguments are supported:

  • url - (Required) The URL of the identity provider. Corresponds to the iss claim.
  • clientIdList - (Required) A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client_id parameter on OAuth requests.)
  • thumbprintList - (Required) A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s).
  • tags - (Optional) Map of resource tags for the IAM OIDC provider. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - The ARN assigned by AWS for this provider.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

IAM OpenID Connect Providers can be imported using the arn, e.g.,

$ terraform import aws_iam_openid_connect_provider.default arn:aws:iam::123456789012:oidc-provider/accounts.google.com