UNPKG

@aws-cdk/aws-iam/lib/oidc-provider.d.ts

Version:

4.89 kBTypeScriptView Raw

1import { IResource, Resource } from '@aws-cdk/core';
2import { Construct } from 'constructs';
3/**
* Represents an IAM OpenID Connect provider.
*
*/
7export interface IOpenIdConnectProvider extends IResource {
  /**
   * The Amazon Resource Name (ARN) of the IAM OpenID Connect provider.
   */
  readonly openIdConnectProviderArn: string;
  /**
   * The issuer for OIDC Provider
   */
  readonly openIdConnectProviderIssuer: string;
16}
17/**
* Initialization properties for `OpenIdConnectProvider`.
*/
20export interface OpenIdConnectProviderProps {
  /**
   * The URL of the identity provider. The URL must begin with https:// and
   * should correspond to the iss claim in the provider's OpenID Connect ID
   * tokens. Per the OIDC standard, path components are allowed but query
   * parameters are not. Typically the URL consists of only a hostname, like
   * https://server.example.org or https://example.com.
   *
   * You cannot register the same provider multiple times in a single AWS
   * account. If you try to submit a URL that has already been used for an
   * OpenID Connect provider in the AWS account, you will get an error.
   */
  readonly url: string;
  /**
   * A list of client IDs (also known as audiences). When a mobile or web app
   * registers with an OpenID Connect provider, they establish a value that
   * identifies the application. (This is the value that's sent as the client_id
   * parameter on OAuth requests.)
   *
   * You can register multiple client IDs with the same provider. For example,
   * you might have multiple applications that use the same OIDC provider. You
   * cannot register more than 100 client IDs with a single IAM OIDC provider.
   *
   * Client IDs are up to 255 characters long.
   *
   * @default - no clients are allowed
   */
  readonly clientIds?: string[];
  /**
   * A list of server certificate thumbprints for the OpenID Connect (OIDC)
   * identity provider's server certificates.
   *
   * Typically this list includes only one entry. However, IAM lets you have up
   * to five thumbprints for an OIDC provider. This lets you maintain multiple
   * thumbprints if the identity provider is rotating certificates.
   *
   * The server certificate thumbprint is the hex-encoded SHA-1 hash value of
   * the X.509 certificate used by the domain where the OpenID Connect provider
   * makes its keys available. It is always a 40-character string.
   *
   * You must provide at least one thumbprint when creating an IAM OIDC
   * provider. For example, assume that the OIDC provider is server.example.com
   * and the provider stores its keys at
   * https://keys.server.example.com/openid-connect. In that case, the
   * thumbprint string would be the hex-encoded SHA-1 hash value of the
   * certificate used by https://keys.server.example.com.
   *
   * @default - If no thumbprints are specified (an empty array or `undefined`),
   * the thumbprint of the root certificate authority will be obtained from the
   * provider's server as described in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
   */
  readonly thumbprints?: string[];
72}
73/**
* IAM OIDC identity providers are entities in IAM that describe an external
* identity provider (IdP) service that supports the OpenID Connect (OIDC)
* standard, such as Google or Salesforce. You use an IAM OIDC identity provider
* when you want to establish trust between an OIDC-compatible IdP and your AWS
* account. This is useful when creating a mobile app or web application that
* requires access to AWS resources, but you don't want to create custom sign-in
* code or manage your own user identities.
*
* @see http://openid.net/connect
* @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
*
* @resource AWS::CloudFormation::CustomResource
*/
87export declare class OpenIdConnectProvider extends Resource implements IOpenIdConnectProvider {
  /**
   * Imports an Open ID connect provider from an ARN.
   * @param scope The definition scope
   * @param id ID of the construct
   * @param openIdConnectProviderArn the ARN to import
   */
  static fromOpenIdConnectProviderArn(scope: Construct, id: string, openIdConnectProviderArn: string): IOpenIdConnectProvider;
  /**
   * The Amazon Resource Name (ARN) of the IAM OpenID Connect provider.
   */
  readonly openIdConnectProviderArn: string;
  readonly openIdConnectProviderIssuer: string;
  /**
   * Defines an OpenID Connect provider.
   * @param scope The definition scope
   * @param id Construct ID
   * @param props Initialization properties
   */
  constructor(scope: Construct, id: string, props: OpenIdConnectProviderProps);
  private getOrCreateProvider;
108}

1	`import { IResource, Resource } from '@aws-cdk/core';`
2	`import { Construct } from 'constructs';`
3	`/**`
4	`* Represents an IAM OpenID Connect provider.`
5	`*`
6	`*/`
7	`export interface IOpenIdConnectProvider extends IResource {`
8	`/**`
9	`* The Amazon Resource Name (ARN) of the IAM OpenID Connect provider.`
10	`*/`
11	`readonly openIdConnectProviderArn: string;`
12	`/**`
13	`* The issuer for OIDC Provider`
14	`*/`
15	`readonly openIdConnectProviderIssuer: string;`
16	`}`
17	`/**`
18	* Initialization properties for `OpenIdConnectProvider`.
19	`*/`
20	`export interface OpenIdConnectProviderProps {`
21	`/**`
22	`* The URL of the identity provider. The URL must begin with https:// and`
23	`* should correspond to the iss claim in the provider's OpenID Connect ID`
24	`* tokens. Per the OIDC standard, path components are allowed but query`
25	`* parameters are not. Typically the URL consists of only a hostname, like`
26	`* https://server.example.org or https://example.com.`
27	`*`
28	`* You cannot register the same provider multiple times in a single AWS`
29	`* account. If you try to submit a URL that has already been used for an`
30	`* OpenID Connect provider in the AWS account, you will get an error.`
31	`*/`
32	`readonly url: string;`
33	`/**`
34	`* A list of client IDs (also known as audiences). When a mobile or web app`
35	`* registers with an OpenID Connect provider, they establish a value that`
36	`* identifies the application. (This is the value that's sent as the client_id`
37	`* parameter on OAuth requests.)`
38	`*`
39	`* You can register multiple client IDs with the same provider. For example,`
40	`* you might have multiple applications that use the same OIDC provider. You`
41	`* cannot register more than 100 client IDs with a single IAM OIDC provider.`
42	`*`
43	`* Client IDs are up to 255 characters long.`
44	`*`
45	`* @default - no clients are allowed`
46	`*/`
47	`readonly clientIds?: string[];`
48	`/**`
49	`* A list of server certificate thumbprints for the OpenID Connect (OIDC)`
50	`* identity provider's server certificates.`
51	`*`
52	`* Typically this list includes only one entry. However, IAM lets you have up`
53	`* to five thumbprints for an OIDC provider. This lets you maintain multiple`
54	`* thumbprints if the identity provider is rotating certificates.`
55	`*`
56	`* The server certificate thumbprint is the hex-encoded SHA-1 hash value of`
57	`* the X.509 certificate used by the domain where the OpenID Connect provider`
58	`* makes its keys available. It is always a 40-character string.`
59	`*`
60	`* You must provide at least one thumbprint when creating an IAM OIDC`
61	`* provider. For example, assume that the OIDC provider is server.example.com`
62	`* and the provider stores its keys at`
63	`* https://keys.server.example.com/openid-connect. In that case, the`
64	`* thumbprint string would be the hex-encoded SHA-1 hash value of the`
65	`* certificate used by https://keys.server.example.com.`
66	`*`
67	* @default - If no thumbprints are specified (an empty array or `undefined`),
68	`* the thumbprint of the root certificate authority will be obtained from the`
69	`* provider's server as described in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html`
70	`*/`
71	`readonly thumbprints?: string[];`
72	`}`
73	`/**`
74	`* IAM OIDC identity providers are entities in IAM that describe an external`
75	`* identity provider (IdP) service that supports the OpenID Connect (OIDC)`
76	`* standard, such as Google or Salesforce. You use an IAM OIDC identity provider`
77	`* when you want to establish trust between an OIDC-compatible IdP and your AWS`
78	`* account. This is useful when creating a mobile app or web application that`
79	`* requires access to AWS resources, but you don't want to create custom sign-in`
80	`* code or manage your own user identities.`
81	`*`
82	`* @see http://openid.net/connect`
83	`* @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html`
84	`*`
85	`* @resource AWS::CloudFormation::CustomResource`
86	`*/`
87	`export declare class OpenIdConnectProvider extends Resource implements IOpenIdConnectProvider {`
88	`/**`
89	`* Imports an Open ID connect provider from an ARN.`
90	`* @param scope The definition scope`
91	`* @param id ID of the construct`
92	`* @param openIdConnectProviderArn the ARN to import`
93	`*/`
94	`static fromOpenIdConnectProviderArn(scope: Construct, id: string, openIdConnectProviderArn: string): IOpenIdConnectProvider;`
95	`/**`
96	`* The Amazon Resource Name (ARN) of the IAM OpenID Connect provider.`
97	`*/`
98	`readonly openIdConnectProviderArn: string;`
99	`readonly openIdConnectProviderIssuer: string;`
100	`/**`
101	`* Defines an OpenID Connect provider.`
102	`* @param scope The definition scope`
103	`* @param id Construct ID`
104	`* @param props Initialization properties`
105	`*/`
106	`constructor(scope: Construct, id: string, props: OpenIdConnectProviderProps);`
107	`private getOrCreateProvider;`
108	`}`