No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

So the ODIC provider for EKS is only the endpoint, you need to create the IAM provider for the ODIC endpoint. With that you'll need to grab the root CA thumbprint.

&gt;  you need to create the IAM provider for the ODIC endpoint.
Hmm.. do you have a pointer on how to do that?  Ideally I can do everything with pulumi itself

Ive never needed to do that yet in Pulumi. I know its a pain in Terraform because of the Thumbprint of the root CA. <https://www.pulumi.com/docs/reference/pkg/aws/iam/openidconnectprovider/>

Then on your roles for K8 to assume through the ODIC you federate with the ODIC provider to allow access.

This walks through the entire process with Terraform, so the steps you'd just reproduce with your language <https://medium.com/@marcincuber/amazon-eks-with-oidc-provider-iam-roles-for-kubernetes-services-accounts-59015d15cb0c>