No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

if you’re using pulumi-eks, enabling OIDC is as easy as setting this property: <https://www.pulumi.com/registry/packages/eks/api-docs/cluster/#create_oidc_provider_python>

creating an iam service account involves:
• creating a Kubernetes service account with the correcr annotation: <https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/eks-platform/external-dns/index.ts#L78-L83>
• creating an IAM role that references the service account: <https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/eks-platform/external-dns/index.ts#L17-L40>
• assigning the permissions you want the service account to have that role

<@UCWG26BH7> so another thing that I found was this - <https://www.pulumi.com/registry/packages/aws/api-docs/eks/identityproviderconfig/>

However the here we need to get the the OIDC issuer URL that I was able to get via:
```aws eks describe-cluster --region &lt;region&gt; --name &lt;Name-EKS-Cluster&gt; --query "cluster.identity.oidc.issuer" --output text```
The more “learning” question for me is : “What are the packages I should be looking at if I need to run the cli commands using `aws eks` , `eksctl` . I don’t want to keep bothering the folks here :smile:

eksctl abstracts away quite a lot of EKS in a way that makes it difficult to figure out, so asking questions is fine