I'm trying to create an EKS cluster with an oidcProvider so I can use the efs-csi driver and have PVCs which work regardless of which AZ the pod which needs them is launched in. There is a helm chart for the driver (which also launches the pods which do the EFS attaching etc.) The instructions for that say we need to follow the instructions here https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html to create the oidc Provider for the cluster. Now those instructions would be a step outside of the flow of the IaC so I would ideally like to write them in pulumi. What they say to do is to look up the cluster.identity.oidc.issuer in the output from

aws eks describe-cluster

command and then use that to create an oidc Provider in AWS with the right url. So given https://www.pulumi.com/registry/packages/aws/api-docs/iam/openidconnectprovider/ I assumed I would be able to get the oidc.issuer url from the stack object created by the eks.cluster call and pass that to the new aws.iam.OpenIdConnectProvider() and do what the aws docs suggest from Pulumi. However cluster.core.oidcProvider.url and cluster.core.oidcProvider.arn stay empty even when the cluster has been created. Perhaps I need to add https://www.pulumi.com/registry/packages/aws/api-docs/eks/identityproviderconfig/ but that also requires the url which the

aws eks describe-cluster

provides, and then I'm back to square one trying to work out how to replicate that in pulumi.

@polite-napkin-90098 are you setting

createOidcProvider

? https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/eks-platform/eks/index.ts#L18

No I am not setting that, I thought I was, but reading the code I am not

happy to assist!