https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.html#setting-up-OIDC-console so do you mean that by setting that flag to True, this step will be done entirely?

last question, is there any better way to do this: https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-cluster-access.html Now I have a yaml manifest that I apply to the new EKs cluster using

kubernetes.yaml.ConfigFile

but looking at

pulumi-eks

looks like maybe I can do that directly with

creation_role_provider

?

https://pulumi-community.slack.com/archives/CRFURDVQB/p1673962852363789?thread_ts=1673958343.040869&cid=CRFURDVQB But in that AWS document, they are not doing anything related

sts:AssumeRoleWithWebIdentity

right? did you say that thinking about the future?

for OIDC you do the following things: • create an OIDC provider (performed with

create_oidc_provider

on the cluster • create an IAM role which is associated with the oidc provider: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/eks-platform/alb-ingress-controller/index.ts#L19-L39 • annotate a service account to associate the role

Now I have a yaml manifest that I apply to the new EKs cluster using kubernetes.yaml.ConfigFile but looking at pulumi-eks looks like maybe I can do that directly with

no, these are two distinct and separate steps