https://pulumi.com logo
Title
p

prehistoric-kite-30979

02/05/2021, 7:21 PM
If I enable the OIDC provider detailed here- https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#ClusterOptions-createOidcProvider How do I then create a new iam role for a given service account?
I have a working example in go but it requires I have access to the arn and URL of the oidcprovider.
The pulumi link in those docs appears to be broken.
b

billowy-army-68599

02/05/2021, 7:24 PM
which language?
p

prehistoric-kite-30979

02/05/2021, 7:25 PM
trying to do it in ts using the eks extension
b

billowy-army-68599

02/05/2021, 7:28 PM
the eks package exports a couple of properties
export const oidcProviderArn = cluster.core.oidcProvider.arn
export const oidcProviderUrl = cluster.core.oidcProvider.url
here's a helper function you can pass that to https://gist.github.com/jaxxstorm/59d378cccca36faf49f6ac2dda86f603
p

prehistoric-kite-30979

02/05/2021, 7:28 PM
thanks I'll give that a go in a bit
b

billowy-army-68599

02/05/2021, 7:29 PM
and you'd use like this
const role = rbac.CreateServiceAccountIAMRole("foo",
    namespaceName,
    oidcProviderArn,
    oidcProviderUrl,
);
the key point is that IAM roles take a standard string, and the oidc exports are outputs, so you need to build the role inside an
apply