How do I configure an AWS IAM OpenID Connect Provider?
In this guide, we will demonstrate how to configure an AWS IAM OpenID Connect (OIDC) Provider utilizing infrastructure as code. This setup is useful for integrating your AWS resources with identity providers that support OIDC, such as Google or GitHub, for federated authentication.
Resources and Explanation
- AWS IAM OIDC Provider: This resource allows AWS to trust an OIDC-compliant identity provider, enabling federated users to assume roles.
- AWS Provider: Configure this to specify your AWS credentials, region, and other options for interacting with AWS services.
The example code will create an OIDC Provider by defining its URL, client IDs that can be used to request OpenID tokens, and the JSON Web Key Set (JWKS) for verifying tokens.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.iam.OpenIdConnectProvider("example", {
url: "https://accounts.example.com",
clientIdLists: ["sts.amazonaws.com"],
thumbprintLists: ["9e99a48a9960d46f6da173e16cdb72f60bdf008e"],
});
export const providerArn = example.arn;
Key Points
- OIDC URL: Specifies the URL of the identity provider.
- Client IDs: Defines the audiences that will be able to request tokens from this provider.
- Thumbprint: Identifies the public key of the OIDC provider’s endpoint to ensure security.
Summary
In this example, we set up an AWS IAM OpenID Connect Provider. We defined the provider’s URL, client IDs, and thumbprint for secure, federated authentication. The output section provides the ARN of the created provider, which can be referenced in other configurations or roles to allow federated access.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.