Package software.amazon.awscdk.services.eks

Class CfnPodIdentityAssociation

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.eks.CfnPodIdentityAssociation
All Implemented Interfaces:
IInspectable, IPodIdentityAssociationRef, IEnvironmentAware, ITaggableV2, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.120.0 (build 192dc88)", date="2025-12-05T10:47:20.266Z") @Stability(Stable) public class CfnPodIdentityAssociation extends CfnResource implements IInspectable, IPodIdentityAssociationRef, ITaggableV2
Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.eks.*;
 CfnPodIdentityAssociation cfnPodIdentityAssociation = CfnPodIdentityAssociation.Builder.create(this, "MyCfnPodIdentityAssociation")
         .clusterName("clusterName")
         .namespace("namespace")
         .roleArn("roleArn")
         .serviceAccount("serviceAccount")
         // the properties below are optional
         .disableSessionTags(false)
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .targetRoleArn("targetRoleArn")
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnPodIdentityAssociation

      protected CfnPodIdentityAssociation(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnPodIdentityAssociation

      protected CfnPodIdentityAssociation(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnPodIdentityAssociation

      @Stability(Stable) public CfnPodIdentityAssociation(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnPodIdentityAssociationProps props)
      Create a new AWS::EKS::PodIdentityAssociation.

      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • isCfnPodIdentityAssociation

      @Stability(Stable) @NotNull public static Boolean isCfnPodIdentityAssociation(@NotNull Object x)
      Checks whether the given object is a CfnPodIdentityAssociation.

      Parameters:
      x - This parameter is required.

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrAssociationArn

      @Stability(Stable) @NotNull public String getAttrAssociationArn()
      The Amazon Resource Name (ARN) of the association.

    • getAttrAssociationId

      @Stability(Stable) @NotNull public String getAttrAssociationId()
      The ID of the association.

    • getAttrExternalId

      @Stability(Stable) @NotNull public String getAttrExternalId()
      The unique identifier for this EKS Pod Identity association for a target IAM role.

      You put this value in the trust policy of the target role, in a Condition to match the sts.ExternalId . This ensures that the target role can only be assumed by this association. This prevents the confused deputy problem . For more information about the confused deputy problem, see The confused deputy problem in the IAM User Guide .

      If you want to use the same target role with multiple associations or other roles, use independent statements in the trust policy to allow sts:AssumeRole access from each role.

    • getCdkTagManager

      @Stability(Stable) @NotNull public TagManager getCdkTagManager()
      Tag Manager which manages the tags for this resource.
      Specified by:
      getCdkTagManager in interface ITaggableV2

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getPodIdentityAssociationRef

      @Stability(Stable) @NotNull public PodIdentityAssociationReference getPodIdentityAssociationRef()
      A reference to a PodIdentityAssociation resource.
      Specified by:
      getPodIdentityAssociationRef in interface IPodIdentityAssociationRef

    • getClusterName

      @Stability(Stable) @NotNull public String getClusterName()
      The name of the cluster that the association is in.

    • setClusterName

      @Stability(Stable) public void setClusterName(@NotNull String value)
      The name of the cluster that the association is in.

    • getNamespace

      @Stability(Stable) @NotNull public String getNamespace()
      The name of the Kubernetes namespace inside the cluster to create the association in.

    • setNamespace

      @Stability(Stable) public void setNamespace(@NotNull String value)
      The name of the Kubernetes namespace inside the cluster to create the association in.

    • getRoleArn

      @Stability(Stable) @NotNull public String getRoleArn()
      The Amazon Resource Name (ARN) of the IAM role to associate with the service account.

    • setRoleArn

      @Stability(Stable) public void setRoleArn(@NotNull String value)
      The Amazon Resource Name (ARN) of the IAM role to associate with the service account.

    • getServiceAccount

      @Stability(Stable) @NotNull public String getServiceAccount()
      The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.

    • setServiceAccount

      @Stability(Stable) public void setServiceAccount(@NotNull String value)
      The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.

    • getDisableSessionTags

      @Stability(Stable) @Nullable public Object getDisableSessionTags()
      The state of the automatic sessions tags.

      The value of true disables these tags.

      Returns union: either Boolean or IResolvable

    • setDisableSessionTags

      @Stability(Stable) public void setDisableSessionTags(@Nullable Boolean value)
      The state of the automatic sessions tags.

      The value of true disables these tags.

    • setDisableSessionTags

      @Stability(Stable) public void setDisableSessionTags(@Nullable IResolvable value)
      The state of the automatic sessions tags.

      The value of true disables these tags.

    • getTags

      @Stability(Stable) @Nullable public List<CfnTag> getTags()
      Metadata that assists with categorization and organization.

    • setTags

      @Stability(Stable) public void setTags(@Nullable List<CfnTag> value)
      Metadata that assists with categorization and organization.

    • getTargetRoleArn

      @Stability(Stable) @Nullable public String getTargetRoleArn()
      The Amazon Resource Name (ARN) of the target IAM role to associate with the service account.

    • setTargetRoleArn

      @Stability(Stable) public void setTargetRoleArn(@Nullable String value)
      The Amazon Resource Name (ARN) of the target IAM role to associate with the service account.