esc env provider aws-login oidc | CLI commands
Generated for Pulumi ESC CLI v0.24.0.
Add an AWS OIDC login provider to an environment
Synopsis
[EXPERIMENTAL] Add an AWS OIDC login provider to an environment
Writes an fn::open::aws-login block with an oidc federation block at the
configured path under values. The OIDC IAM role and trust policy must be
provisioned separately (e.g. with Pulumi). If a block already exists at the
path it is replaced.
See https://www.pulumi.com/docs/esc/integrations/dynamic-login-credentials/aws-login/ for the full provider reference.
esc env provider aws-login oidc [<org>/][<project>/]<environment-name> <role-arn> <session-name> [flags]
Options
--create create the environment if it does not already exist
--draft string[="new"] set flag without a value (--draft) to create a draft rather than saving changes directly. --draft=<change-request-id> to update an existing change request.
--duration string optional session duration, e.g. 1h
-h, --help help for oidc
--path values property path under values where the provider block is written (default "aws.login")
--policy-arn stringArray AWS managed-policy ARN to attach to the role session (repeatable)
--subject-attribute stringArray OIDC subject attribute to include in the session token (repeatable)
Options inherited from parent commands
--env string The name of the environment to operate on.
SEE ALSO
- esc env provider aws-login - Add an AWS login provider to an environment
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.