Class OpenIdConnectProvider
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.Resource
software.amazon.awscdk.services.iam.OpenIdConnectProvider
- All Implemented Interfaces:
IResource,IOIDCProviderRef,IOpenIdConnectProvider,software.amazon.jsii.JsiiSerializable,software.constructs.IConstruct,software.constructs.IDependable
- Direct Known Subclasses:
OpenIdConnectProvider,OpenIdConnectProvider
@Generated(value="jsii-pacmak/1.116.0 (build 0eddcff)",
date="2025-10-24T13:34:39.862Z")
@Stability(Stable)
public class OpenIdConnectProvider
extends Resource
implements IOpenIdConnectProvider
IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This is useful when creating a mobile app or web application that requires access to AWS resources, but you don't want to create custom sign-in code or manage your own user identities.
⚠️ IMPORTANT NOTICE FOR CONTRIBUTORS ⚠️
DO NOT ADD NEW FEATURES TO THIS CONSTRUCT
This construct uses a custom resource with Lambda functions and is maintained for backward compatibility only. We cannot deprecate it due to its usage in existing services like EKS (see https://github.com/aws/aws-cdk/pull/28634#discussion_r1842962697).
For new functionality, developers should use OidcProviderNative instead, which
utilizes the native CloudFormation resource AWS::IAM::OIDCProvider and provides
the same functionality with less complexity.
If you are considering adding features to this construct, please:
- Consider implementing the feature in
OidcProviderNativeinstead - Discuss with the CDK team before proceeding
- Ensure any changes maintain strict backward compatibility
Example:
OpenIdConnectProvider provider = OpenIdConnectProvider.Builder.create(this, "MyProvider")
.url("https://openid/connect")
.clientIds(List.of("myclient1", "myclient2"))
.build();
- See Also:
-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IOpenIdConnectProvider
IOpenIdConnectProvider.Jsii$Default, IOpenIdConnectProvider.Jsii$ProxyNested classes/interfaces inherited from interface software.amazon.awscdk.IResource
IResource.Jsii$Default -
Field Summary
Fields -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedOpenIdConnectProvider(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedOpenIdConnectProvider(software.amazon.jsii.JsiiObjectRef objRef) OpenIdConnectProvider(software.constructs.Construct scope, String id, OpenIdConnectProviderProps props) Defines an OpenID Connect provider. -
Method Summary
Modifier and TypeMethodDescriptionstatic IOpenIdConnectProviderfromOpenIdConnectProviderArn(software.constructs.Construct scope, String id, String openIdConnectProviderArn) Imports an Open ID connect provider from an ARN.A reference to a OIDCProvider resource.The Amazon Resource Name (ARN) of the IAM OpenID Connect provider.The issuer for OIDC Provider.The thumbprints configured for this provider.Methods inherited from class software.amazon.awscdk.Resource
applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResourceMethods inherited from class software.constructs.Construct
getNode, isConstruct, toStringMethods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface software.amazon.awscdk.services.iam.IOpenIdConnectProvider
getNodeMethods inherited from interface software.amazon.awscdk.IResource
applyRemovalPolicy, getEnv, getStackMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
PROPERTY_INJECTION_ID
Uniquely identifies this class.
-
-
Constructor Details
-
OpenIdConnectProvider
protected OpenIdConnectProvider(software.amazon.jsii.JsiiObjectRef objRef) -
OpenIdConnectProvider
protected OpenIdConnectProvider(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
OpenIdConnectProvider
@Stability(Stable) public OpenIdConnectProvider(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull OpenIdConnectProviderProps props) Defines an OpenID Connect provider.- Parameters:
scope- The definition scope. This parameter is required.id- Construct ID. This parameter is required.props- Initialization properties. This parameter is required.
-
-
Method Details
-
fromOpenIdConnectProviderArn
@Stability(Stable) @NotNull public static IOpenIdConnectProvider fromOpenIdConnectProviderArn(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String openIdConnectProviderArn) Imports an Open ID connect provider from an ARN.- Parameters:
scope- The definition scope. This parameter is required.id- ID of the construct. This parameter is required.openIdConnectProviderArn- the ARN to import. This parameter is required.
-
getOidcProviderRef
A reference to a OIDCProvider resource.- Specified by:
getOidcProviderRefin interfaceIOIDCProviderRef
-
getOpenIdConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect provider.- Specified by:
getOpenIdConnectProviderArnin interfaceIOpenIdConnectProvider
-
getOpenIdConnectProviderIssuer
The issuer for OIDC Provider.- Specified by:
getOpenIdConnectProviderIssuerin interfaceIOpenIdConnectProvider
-
getOpenIdConnectProviderthumbprints
The thumbprints configured for this provider.
-