If I enable the OIDC provider detailed here- <http...
# awsp
prehistoric-kite-30979
02/05/2021, 7:21 PMIf I enable the OIDC provider detailed here- https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#ClusterOptions-createOidcProvider
How do I then create a new iam role for a given service account?
prehistoric-kite-30979
02/05/2021, 7:22 PMI have a working example in go but it requires I have access to the arn and URL of the oidcprovider.
prehistoric-kite-30979
02/05/2021, 7:24 PMThe pulumi link in those docs appears to be broken.
b
billowy-army-68599
02/05/2021, 7:24 PM
which language?
p
prehistoric-kite-30979
02/05/2021, 7:25 PMtrying to do it in ts using the eks extension
b
billowy-army-68599
02/05/2021, 7:28 PM
the eks package exports a couple of properties
Copy code
export const oidcProviderArn = cluster.core.oidcProvider.arn
export const oidcProviderUrl = cluster.core.oidcProvider.urlbillowy-army-68599
02/05/2021, 7:28 PM
here's a helper function you can pass that to
https://gist.github.com/jaxxstorm/59d378cccca36faf49f6ac2dda86f603
p
prehistoric-kite-30979
02/05/2021, 7:28 PMthanks I'll give that a go in a bit
b
billowy-army-68599
02/05/2021, 7:29 PM
and you'd use like this
Copy code
const role = rbac.CreateServiceAccountIAMRole("foo",
namespaceName,
oidcProviderArn,
oidcProviderUrl,
);billowy-army-68599
02/05/2021, 7:29 PM
the key point is that IAM roles take a standard string, and the oidc exports are outputs, so you need to build the role inside an
apply