Package software.amazon.awscdk.services.iam

Class OidcProviderNative

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.iam.OidcProviderNative

All Implemented Interfaces:

IOIDCProviderRef, IEnvironmentAware, IResource, IOidcProvider, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

Direct Known Subclasses:

OidcProviderNative, OidcProviderNative

@Generated(value="jsii-pacmak/1.126.0 (build 206d44b)",
           date="2026-02-09T14:39:12.239Z")
@Stability(Stable)
public class OidcProviderNative
extends Resource
implements IOidcProvider

IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.

You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.

Example:

 OidcProviderNative nativeProvider = OidcProviderNative.Builder.create(this, "MyProvider")
         .url("https://openid/connect")
         .clientIds(List.of("myclient1", "myclient2"))
         .thumbprints(List.of("aa00aa1122aa00aa1122aa00aa1122aa00aa1122"))
         .build();
 

See Also:

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	OidcProviderNative.Builder	A fluent builder for OidcProviderNative.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IOidcProvider

IOidcProvider.Jsii$Default, IOidcProvider.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource

IResource.Jsii$Default

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PROPERTY_INJECTION_ID	Uniquely identifies this class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	OidcProviderNative(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	OidcProviderNative(software.amazon.jsii.JsiiObjectRef objRef)
	OidcProviderNative(software.constructs.Construct scope, String id, OidcProviderNativeProps props)	Defines a Native OpenID Connect provider.

Method Summary

Modifier and Type	Method	Description
static IOidcProvider	fromOidcProviderArn(software.constructs.Construct scope, String id, String oidcProviderArn)	Imports an Open ID connect provider from an ARN.
String	getOidcProviderArn()	The Amazon Resource Name (ARN) of the Native IAM OpenID Connect provider.
String	getOidcProviderIssuer()	The issuer for the Native OIDC Provider.
OIDCProviderReference	getOidcProviderRef()	A reference to a OIDCProvider resource.
String	getOidcProviderThumbprints()	The thumbprints configured for this provider.
String	getOpenIdConnectProviderArn()	Alias for oidcProviderArn to maintain backwards compatibility for constructs which accept iam.IOpenIdConnectProvider.
String	getOpenIdConnectProviderIssuer()	Alias for oidcProviderIssuer to maintain backwards compatibility for constructs which accept `iam.IOpenIdConnectProvider.

Methods inherited from class software.amazon.awscdk.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.awscdk.interfaces.IEnvironmentAware

getEnv

Methods inherited from interface software.amazon.awscdk.IResource

applyRemovalPolicy, getStack

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

PROPERTY_INJECTION_ID

@Stability(Stable)
public static final String PROPERTY_INJECTION_ID

Uniquely identifies this class.

Constructor Details

OidcProviderNative

protected OidcProviderNative(software.amazon.jsii.JsiiObjectRef objRef)

OidcProviderNative

protected OidcProviderNative(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

OidcProviderNative

@Stability(Stable)
public OidcProviderNative(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 OidcProviderNativeProps props)

Defines a Native OpenID Connect provider.

Parameters:

scope - The definition scope. This parameter is required.

id - Construct ID. This parameter is required.

props - Initialization properties. This parameter is required.

Method Details

fromOidcProviderArn

@Stability(Stable)
@NotNull
public static IOidcProvider fromOidcProviderArn(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 String oidcProviderArn)

Imports an Open ID connect provider from an ARN.

Parameters:

scope - The definition scope. This parameter is required.

id - ID of the construct. This parameter is required.

oidcProviderArn - the ARN to import. This parameter is required.

getOidcProviderArn

@Stability(Stable)
@NotNull
public String getOidcProviderArn()

The Amazon Resource Name (ARN) of the Native IAM OpenID Connect provider.

Specified by:

getOidcProviderArn in interface IOidcProvider

getOidcProviderIssuer

@Stability(Stable)
@NotNull
public String getOidcProviderIssuer()

The issuer for the Native OIDC Provider.

Specified by:

getOidcProviderIssuer in interface IOidcProvider

getOidcProviderRef

@Stability(Stable)
@NotNull
public OIDCProviderReference getOidcProviderRef()

A reference to a OIDCProvider resource.

Specified by:

getOidcProviderRef in interface IOIDCProviderRef

getOidcProviderThumbprints

@Stability(Stable)
@NotNull
public String getOidcProviderThumbprints()

The thumbprints configured for this provider.

getOpenIdConnectProviderArn

@Stability(Stable)
@NotNull
public String getOpenIdConnectProviderArn()

Alias for oidcProviderArn to maintain backwards compatibility for constructs which accept iam.IOpenIdConnectProvider.

Use oidcProviderArn instead. This property exists for backward compatibility with existing constructs as migrating between the 2 constructs (OpenIdConnectProvider and OidcProviderNative) is not reasonably feasible as it requires a manual step (cdk import) since the resource type is changing between OpenIdConnectProvider and OidcProviderNative.

Specified by:

getOpenIdConnectProviderArn in interface IOidcProvider

getOpenIdConnectProviderIssuer

@Stability(Stable)
@NotNull
public String getOpenIdConnectProviderIssuer()

Alias for oidcProviderIssuer to maintain backwards compatibility for constructs which accept `iam.IOpenIdConnectProvider.

Use oidcProviderIssuer instead. This property exists for backward compatibility with existing constructs as migrating between the 2 constructs (OpenIdConnectProvider and OidcProviderNative) is not reasonably feasible as it requires a manual step (cdk import) since the resource type is changing between OpenIdConnectProvider and OidcProviderNative.

Specified by:

getOpenIdConnectProviderIssuer in interface IOidcProvider