https://pulumi.com logo
#aws
Title
# aws
g

gorgeous-lunch-7514

09/14/2023, 1:34 PM
For others, I’m having to create an oidcProvider it smells like, this is what I’ve done so far
Copy code
// Get OIDC issuer identity.
const oidcProviderURL = cluster.eksCluster.identities.apply(identities => {
  return identities[0].oidcs[0].issuer.replace(/(^\w+:|^)\/\//, "").replace(/\/$/, "");
});

// Get AWS Account ID.
const awsAccountID = aws.getCallerIdentity().then(identity => identity.accountId);

// Get thumbprint of the OIDC issuer identity using certificate authority data.
const oidcProviderThumbprint = cluster.eksCluster.certificateAuthority.apply(ca => {
  const data = ca.data;
  const ascii = Buffer.from(data, "base64").toString("ascii");
  const thumbprint = crypto.createHash("sha1").update(ascii).digest("hex");
  return thumbprint;
});

// Create an IAM OIDC provider.
const oidcProvider = new aws.iam.OpenIdConnectProvider(`${projectName}-oidc-provider`, {
  clientIdLists: ["<http://sts.amazonaws.com|sts.amazonaws.com>"],
  url: oidcProviderURL.apply(url => `https://${url}`),
  thumbprintLists: [oidcProviderThumbprint],
});