aws-cdk-lib.aws_eks.CfnIdentityProviderConfig.OidcIdentityProviderConfigProperty

interface OidcIdentityProviderConfigProperty

LanguageType name
.NETAmazon.CDK.AWS.EKS.CfnIdentityProviderConfig.OidcIdentityProviderConfigProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awseks#CfnIdentityProviderConfig_OidcIdentityProviderConfigProperty
Javasoftware.amazon.awscdk.services.eks.CfnIdentityProviderConfig.OidcIdentityProviderConfigProperty
Pythonaws_cdk.aws_eks.CfnIdentityProviderConfig.OidcIdentityProviderConfigProperty
TypeScript aws-cdk-lib » aws_eks » CfnIdentityProviderConfig » OidcIdentityProviderConfigProperty

An object representing the configuration for an OpenID Connect (OIDC) identity provider.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_eks as eks } from 'aws-cdk-lib';
const oidcIdentityProviderConfigProperty: eks.CfnIdentityProviderConfig.OidcIdentityProviderConfigProperty = {
  clientId: 'clientId',
  issuerUrl: 'issuerUrl',

  // the properties below are optional
  groupsClaim: 'groupsClaim',
  groupsPrefix: 'groupsPrefix',
  requiredClaims: [{
    key: 'key',
    value: 'value',
  }],
  usernameClaim: 'usernameClaim',
  usernamePrefix: 'usernamePrefix',
};

Properties

NameTypeDescription
clientIdstringThis is also known as audience .
issuerUrlstringThe URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.
groupsClaim?stringThe JSON web token (JWT) claim that the provider uses to return your groups.
groupsPrefix?stringThe prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups).
requiredClaims?IResolvable | IResolvable | RequiredClaimProperty[]The key-value pairs that describe required claims in the identity token.
usernameClaim?stringThe JSON Web token (JWT) claim that is used as the username.
usernamePrefix?stringThe prefix that is prepended to username claims to prevent clashes with existing names.

clientId

Type: string

This is also known as audience .

The ID of the client application that makes authentication requests to the OIDC identity provider.


issuerUrl

Type: string

The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.


groupsClaim?

Type: string (optional)

The JSON web token (JWT) claim that the provider uses to return your groups.


groupsPrefix?

Type: string (optional)

The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups).

For example, the value oidc: creates group names like oidc:engineering and oidc:infra . The prefix can't contain system:


requiredClaims?

Type: IResolvable | IResolvable | RequiredClaimProperty[] (optional)

The key-value pairs that describe required claims in the identity token.

If set, each claim is verified to be present in the token with a matching value.


usernameClaim?

Type: string (optional)

The JSON Web token (JWT) claim that is used as the username.


usernamePrefix?

Type: string (optional)

The prefix that is prepended to username claims to prevent clashes with existing names.

The prefix can't contain system: