How do I create an AWS IAM OpenID Connect Provider?
In this guide, we’ll walk you through the steps to create an AWS IAM OpenID Connect (OIDC) provider. This is useful when you want to enable your AWS services to trust a third-party identity provider. Such a setup can be beneficial when working with Kubernetes clusters, federated identities, or other OIDC-compliant services.
We will:
- Create an IAM OIDC provider with the necessary parameters.
- Define relevant outputs.
Here’s the complete example:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create the IAM OIDC Provider
const example = new aws.iam.OpenIdConnectProvider("example", {
url: "https://example.com",
clientIdLists: ["sts.amazonaws.com"],
thumbprintLists: ["9e99a48a9960a5df37a2de2a4342b3ea402f0617"],
});
export const oidcProviderArn = example.arn;
Key Points:
- OpenID Connect (OIDC) Provider URL: The URL using which AWS can verify the identity token.
- Client ID List: Identifiers for the application, often including
sts.amazonaws.com
. - Thumbprint List: Certificates required to verify the identity server’s SSL/TLS certificate.
Summary:
We created an IAM OpenID Connect Provider, specifying the OIDC URL, client ID list, and thumbprint list. The ARN of the OIDC provider is output for reference. This setup allows AWS to interact securely with the OIDC identity provider.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.