UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

85 lines (84 loc) 3.48 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import type { Construct } from 'constructs'; import * as iam from '../../aws-iam'; import type { RemovalPolicy } from '../../core'; /** * Initialization properties for `OpenIdConnectProvider`. */ export interface OpenIdConnectProviderProps { /** * The URL of the identity provider. The URL must begin with https:// and * should correspond to the iss claim in the provider's OpenID Connect ID * tokens. Per the OIDC standard, path components are allowed but query * parameters are not. Typically the URL consists of only a hostname, like * https://server.example.org or https://example.com. * * You can find your OIDC Issuer URL by: * aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text */ readonly url: string; /** * The removal policy to apply to the OpenID Connect Provider. * * @default - RemovalPolicy.DESTROY */ readonly removalPolicy?: RemovalPolicy; } /** * Initialization properties for `OidcProviderNative`. */ export interface OidcProviderNativeProps extends OpenIdConnectProviderProps { } /** * IAM OIDC identity providers are entities in IAM that describe an external * identity provider (IdP) service that supports the OpenID Connect (OIDC) * standard, such as Google or Salesforce. You use an IAM OIDC identity provider * when you want to establish trust between an OIDC-compatible IdP and your AWS * account. * * This implementation has default values for thumbprints and clientIds props * that will be compatible with the eks cluster * * @see http://openid.net/connect * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html * * **For new projects, it is recommended to use `OidcProviderNative` instead which creates the OIDC provider using the native CloudFormation resource (AWS::IAM::OIDCProvider).** * * @resource AWS::CloudFormation::CustomResource */ export declare class OpenIdConnectProvider extends iam.OpenIdConnectProvider { /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** * Defines an OpenID Connect provider. * @param scope The definition scope * @param id Construct ID * @param props Initialization properties */ constructor(scope: Construct, id: string, props: OpenIdConnectProviderProps); } /** * IAM OIDC identity providers are entities in IAM that describe an external * identity provider (IdP) service that supports the OpenID Connect (OIDC) * standard, such as Google or Salesforce. You use an IAM OIDC identity provider * when you want to establish trust between an OIDC-compatible IdP and your AWS * account. * * This implementation uses the native CloudFormation resource and has default * values for thumbprints and clientIds props that will be compatible with the eks cluster. * * @see http://openid.net/connect * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html * * @resource AWS::IAM::OIDCProvider */ export declare class OidcProviderNative extends iam.OidcProviderNative { /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** * Defines a native OpenID Connect provider. * @param scope The definition scope * @param id Construct ID * @param props Initialization properties */ constructor(scope: Construct, id: string, props: OidcProviderNativeProps); }