• Home
  • Disclaimer
  • Contact
  • Archives
  • About
  • Subscribe
  • Support
  • Advertise

Kernel Talks

Unix, Linux, & Cloud!

  • How-to guides
    • Howto
    • Disk management
    • Configurations
    • Troubleshooting
  • OS
    • HPUX
    • Linux
  • Miscellaneous
    • Software & Tools
    • Cloud Services
    • System services
    • Virtualization
  • Certification Preparations
    • AWS Certified Solutions Architect – Associate
    • AWS Certified Solutions Architect – Professional
    • AWS Certified SysOps Administrator – Associate
    • AWS Certified Cloud Practitioner
    • Certified Kubernetes Administrator
    • Hashicorp Certified Terraform Associate
    • Oracle Cloud Infrastructure Foundations 2020 – Associate
  • Tips & Tricks
  • Linux commands
You are here: Home / Linux

Creating Identity provider for AWS EKS

Published: January 26, 2022 | Modified: January 26, 2022



A quick post on creating EKS OIDC provider.

EKS OIDC provider!

We will be creating OpenID Connect Identity Provider for the AWS EKS cluster in the IAM service. It will enable to establish trust between AWS account and Kubernetes running on EKS. For using IAM roles with service accounts created under the EKS cluster, it must have the OIDC provider associated with the cluster. Hence, it’s important to have this created at the beginning of the project along with the cluster.

Let’s get into steps to create an OIDC provider for your cluster.

First, you need to get the OpenID Connect provider URL from EKS Cluster.

  • Navigate to EKS console
  • Click on Cluster name
  • Select Configuration tab and check under Details
OpenID URL on EKS console.

Now head back to the IAM console

  • Click on Identity providers under Access management on left hand side menu
  • Click on Add provider button
Add provider in IAM
  • Select OpenId Connet
  • Paste EKS OpenId provider URL in the give field
  • Click on Get thumbprint button
  • Add sts.amazonaws.com in Audience field
  • Click on Add provider button.
IdP thumbprint

Identity provider is created! View its details by clicking on the provider name.

EKS OIDC

If you are using CloudFormation as an IaC tool then below resource block can be used to create OIDC for the EKS cluster :

OidcProvider:
    Type: AWS::IAM::OIDCProvider
    Properties: 
      Url: !GetAtt EksCluster.OpenIdConnectIssuerUrl
      ThumbprintList: 
        - 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
      ClientIdList:
        - sts.amazonaws.com

Where –

  • EksCluster is the logical ID of the EKS cluster resource in the same CloudFormation template.
  • 9e99a48a9960b14926bb7f3b02e22da2b0ab7280 is EKS thumbprint for region us-east-1. Refer this document to get thumbprints.
⇠ Previous article
How to configure kubectl for AWS EKS
Next article ⇢
How to install Cluster Autoscaler on AWS EKS

Related stuff:

  • Linux user management (useradd, userdel, usermod)
  • Content Lifecycle Management in SUSE Manager
  • sar command (Part I): All you need to know with examples
  • Linux scheduler: Cron, At jobs
  • Understanding /etc/hosts file
  • How to rename volume group
  • How to change process priority in Linux or Unix
  • How to start, stop and reload postfix
  • Difference between /etc/passwd and /etc/shadow
  • sar command (Part III) : Disk, Network reporting
  • Understanding /etc/fstab file
  • Move disks/LUN from one server to another without losing data

Filed Under: Linux

If you like my tutorials and if they helped you in any way, then

  • Consider buying me a cup of coffee via paypal!
  • Subscribe to our newsletter here!
  • Like KernelTalks Facebook page.
  • Follow us on Twitter.
  • Add our RSS feed to your feed reader.

Share Your Comments & Feedback: Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get fresh content from KernelTalks

  • Email
  • Facebook
  • RSS
  • Twitter

Get Linux & Unix stuff right into your mailbox. Subscribe now!

* indicates required

This work is licensed under a CC-BY-NC license · Privacy Policy
© Copyright 2016-2023 KernelTalks · All Rights Reserved.
The content is copyrighted to Shrikant Lavhate & can not be reproduced either online or offline without prior permission.