Create AWS IAM OIDC provider tutorial

Question

Pulumi · Accepted Answer

Sure, let's create an AWS IAM OIDC provider utilizing the Pulumi AWS package `aws.iam.OpenIdConnectProvider`. This resource enables you to establish a federation partnership between a SAML compatible Identity Provider (IdP) and AWS by declaring an IAM OIDC identity provider entity in AWS.

The requisite properties for this resource are `url`, `client_id_list`, and `thumbprint_list`.

Here's a sample Pulumi program in TypeScript:

```typescript
import * as aws from "@pulumi/aws";

// Create a new IAM OIDC provider
const example = new aws.iam.OpenIdConnectProvider("example", {
    clientIdLists: ["my-application-id"],  // your application's id
    thumbprintLists: ["${module.oidc.thumbprint_list}"],  // thumbprint of the OIDC provider's server certificate
    url: "https://oidc.example.com",  // the URL of the OIDC identity provider
});
```

This program describes the creation of a new OpenIdConnectProvider named "example". The "clientIdLists", "thumbprintLists" and "url" are properties of the OpenIdConnectProvider.

Keep in mind, in a real-world scenario, the `clientIdLists`, `thumbprintLists` and `url` values would need to be replaced with your application's id, the thumbprint of the OIDC provider's server certificate, and the URL of the OIDC identity provider, respectively.

You can learn more about this on the [Pulumi AWS Documentation](https://www.pulumi.com/registry/packages/aws/api-docs/iam/openidconnectprovider/) and [AWS Documentation](https://aws.amazon.com/iam/features/manage-openid-connect-providers/).