Identity Provider Creation

Creating Identity Provider for EKS Cluster

Objective: Creating an identity provider for an Amazon Elastic Kubernetes Service (EKS) cluster. The identity provider is necessary for authenticating users and granting them access to the EKS cluster.

Prerequisites

• Access to the AWS Management Console

• A deployed EKS cluster

• OIDC Url: [Enter the OIDC URL obtained from the EKS stack output]

• Gathered information from the Cloudformation EKS stack outputs:

• OIDC Audience Name: [Enter the OIDC Audience Name obtained from the EKS stack output]

Instructions

Below is a video guide for the following instructions:

Step 1: Sign in to the AWS Management Console

1. Open a web browser and navigate to the AWS Management Console (https://console.aws.amazon.com).

2. Enter your login credentials to access your AWS account.

Step 2: Navigate to the IAM (Identity and Access Management) service.

1. Once logged in, search for "IAM" in the AWS Management Console search bar.

2. Click on the "IAM" service from the search results to open the IAM dashboard.

Step 3: Creating an Identity Provider

1. In the IAM dashboard, click on "Identity providers" in the left-hand navigation pane under Access management

Step 4: Add an Identity provider

1. Click on the "Add provider" button.

2. On the "Add provider" page, select "OpenID Connect" as the provider type.

Step 5: Enter the following details:

• Provider URL: (e.g., "https://oidc.eks.us-west-1.amazonaws.com/id/292194D91A482781SDED2235S").

Note: You may see different provider URL on your EKS stack output so, please use that one only the above-given Provider URL is just for reference.

• Audience: [sts.amazonaws.com]

Step 6: Collect the Fingerprint

1. Click on the “Get Thumbprint”.

2. Now Click on the "Add Provider" button.

Step 7: Validation

1. If everything appears correct, You will see your Identity provider in the home page.

You are now ready to proceed to the next step, which involves running a script in the AWS Cloud Shell. The .envfile will be used in the script to configure the deployment.

Note: Ensure that you keep the .env file secure and do not share it with unauthorized individuals. It contains sensitive information related to your EKS cluster.

Now proceed to Stage 3: Running the Script in AWS Cloud Shell.