AWS Amazon EKS Identity Provider Config
This page shows how to write Terraform and CloudFormation for Amazon EKS Identity Provider Config and write them securely.
The Identity Provider Config in Amazon EKS can be configured in Terraform with the resource name
aws_eks_identity_provider_config. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
The following arguments are supported:
cluster_name– (Required) Name of the EKS Cluster.
oidc- (Required) Nested attribute containing OpenID Connect identity provider information for the cluster. Detailed below.
tags- (Optional) Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
oidc Configuration Block
client_id– (Required) Client ID for the OpenID Connect identity provider.
groups_claim- (Optional) The JWT claim that the provider will use to return groups.
groups_prefix- (Optional) A prefix that is prepended to group claims e.g.,
identity_provider_config_name– (Required) The name of the identity provider config.
issuer_url- (Required) Issuer URL for the OpenID Connect identity provider.
required_claims- (Optional) The key value pairs that describe required claims in the identity token.
username_claim- (Optional) The JWT claim that the provider will use as the username.
username_prefix- (Optional) A prefix that is prepended to username claims.
In addition to all arguments above, the following attributes are exported:
arn- Amazon Resource Name (ARN) of the EKS Identity Provider Configuration.
id- EKS Cluster name and EKS Identity Provider Configuration name separated by a colon (
status- Status of the EKS Identity Provider Configuration.
tags_all- A map of tags assigned to the resource, including those inherited from the provider
Explanation in Terraform Registry
Manages an EKS Identity Provider Configuration.
AWS::EKS::Cluster Provider (CloudFormation)
The Cluster Provider in EKS can be configured in CloudFormation with the resource name
AWS::EKS::Cluster Provider. The following sections describe how to use the resource and its parameters.
Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key. For more information, see Allowing Users in Other Accounts to Use a KMS key in the AWS Key Management Service Developer Guide.
Update requires: No interruption
Explanation in CloudFormation Registry
Identifies the AWS Key Management Service (AWS KMS) key used to encrypt the secrets.