CDK Associate OIDC identity provider

[dborysenko]

Hello,
I am trying to get an idea how to Associate OIDC identity provider with EKS cluster built using CDK. Is it supported? If so, could you please share hight level example?

eksctl example:

---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: my-cluster
  region: your-region-code

identityProviders:
  - name: my-provider
    type: oidc
    issuerUrl: https://example.com
    clientId: kubernetes
    usernameClaim: email
    usernamePrefix: my-username-prefix
    groupsClaim: my-claim
    groupsPrefix: my-groups-prefix
    requiredClaims:
      string: string
    tags:
      env: dev

Console example:

[perez-alejandrodaniel]

Hi, good afternoon!
I have found your question trying to find a solution for the same problem. I think that I have an approach that could work for you, the key is the usage of CfnIdentityProviderConfig class. It provides a way to configure the association between the oidc provider and the eks cluster.
I'm working with Python CDK, but it should work with JS or Go without problems

....
            oidc_provider = aws_eks.OpenIdConnectProvider.from_open_id_connect_provider_arn(
                self,
                "open_id_provider",
                open_id_provider_arn
            )
            
            CfnIdentityProviderConfig(self, 
                "oidc-provider-configuration",
                cluster_name=my_cluster.cluster_name,
                type="oidc",
                oidc=CfnIdentityProviderConfig.OidcIdentityProviderConfigProperty(
                    client_id="sts.amazonaws.com",
                    issuer_url=f"https://{oidc_provider.open_id_connect_provider_issuer}"
                )
            )
....

[github-actions[bot]]

Hello! Reopening this discussion to make it searchable.