Question that spans Kubernetes and AWS: I have an existing EKS cluster I do not wish to import, but I would like to get the OIDC info for it. I’ve successfully been able to get the URL like this:

eksCluster, err := eks.LookupCluster(ctx, &eks.LookupClusterArgs{
			Name: "my-eks-cluster",
		})
		if err != nil {
			return err
		}
		ctx.Export("eks-oidc-url", pulumi.String(eksCluster.Identities[0].Oidcs[0].Issuer))

This is using the

aws/eks

package (not

pulumi-eks

). However,

Issuer

is just the URL string, and does not include the ARN. I wanted to do something like a lookup on the

iam.OpenIdConnectProvider

, but it doesn’t look like it is a supported operation (https://www.pulumi.com/docs/reference/pkg/aws/iam/openidconnectprovider), as I am only able to lookup an existing resource, but this is already pre-created. Is there a way to do this, or do I have to use the AWS SDK for this?

A bit hacky, but I'm doing this to get the oidc-provider arn

const eksClusterUrl = eksCluster.eksCluster.identities[0].oidcs[0].issuer
const oidcIssuerId = eksClusterUrl.apply(url => url.substr(url.lastIndexOf('/') + 1))
const oidcArn = interpolate`arn:aws:iam::<accountId>:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/${oidcIssuerId}`

@colossal-australia-65039 indeed, that’s what I ended up with as well, except I also hardcoded the account ID. 🙂

i did too, that was a redaction placeholder haha

🙂