AWS::EKS::IdentityProviderConfig OidcIdentityProviderConfig - AWS CloudFormation
SyntaxProperties

This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::EKS::IdentityProviderConfig OidcIdentityProviderConfig

An object representing the configuration for an OpenID Connect (OIDC) identity provider.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "ClientId" : String,
  "GroupsClaim" : String,
  "GroupsPrefix" : String,
  "IssuerUrl" : String,
  "RequiredClaims" : [ RequiredClaim, ... ],
  "UsernameClaim" : String,
  "UsernamePrefix" : String
}

YAML

  ClientId: String
  GroupsClaim: String
  GroupsPrefix: String
  IssuerUrl: String
  RequiredClaims: 
    - RequiredClaim
  UsernameClaim: String
  UsernamePrefix: String

Properties

ClientId

This is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider.

Required: Yes

Type: String

Update requires: Replacement

GroupsClaim

The JSON web token (JWT) claim that the provider uses to return your groups.

Required: No

Type: String

Update requires: Replacement

GroupsPrefix

The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: creates group names like oidc:engineering and oidc:infra. The prefix can't contain system:

Required: No

Type: String

Update requires: Replacement

IssuerUrl

The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.

Required: Yes

Type: String

Update requires: Replacement

RequiredClaims

The key-value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value.

Required: No

Type: Array of RequiredClaim

Update requires: Replacement

UsernameClaim

The JSON Web token (JWT) claim that is used as the username.

Required: No

Type: String

Update requires: Replacement

UsernamePrefix

The prefix that is prepended to username claims to prevent clashes with existing names. The prefix can't contain system:

Required: No

Type: String

Update requires: Replacement