Table: aws_eks_identity_provider_config - Query Amazon EKS Identity Provider Configurations using SQL
The Amazon EKS Identity Provider Configurations is a feature of Amazon Elastic Kubernetes Service (EKS). It allows you to integrate and manage third-party identity providers for authentication with your EKS clusters. This ensures secure access and identity management for your Kubernetes workloads.
Table Usage Guide
The aws_eks_identity_provider_config
table in Steampipe provides you with information about the identity provider configurations for Amazon EKS clusters. This table allows you, as a DevOps engineer, to query configuration-specific details, including the type of identity provider, client ID, issuer URL, and associated metadata. You can utilize this table to gather insights on configurations, such as the type of identity provider, the client ID, and the issuer URL. The schema outlines the various attributes of the identity provider configuration, including the cluster name, creation time, tags, and status for you.
Examples
Basic info
Explore which AWS EKS identity provider configurations are in use and their current status. This can help you manage and monitor your AWS EKS resources more effectively.
select name, arn, cluster_name, tags, statusfrom aws_eks_identity_provider_config;
select name, arn, cluster_name, tags, statusfrom aws_eks_identity_provider_config;
List OIDC type Identity provider config
Determine the areas in which OpenID Connect (OIDC) type identity provider configurations are used within your AWS Elastic Kubernetes Service (EKS) clusters. This is useful for understanding your security setup and ensuring that it aligns with your organization's policies.
select name, arn, cluster_name, typefrom aws_eks_identity_provider_configwhere type = 'oidc';
select name, arn, cluster_name, typefrom aws_eks_identity_provider_configwhere type = 'oidc';
Schema for aws_eks_identity_provider_config
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) of the configuration. | |
client_id | text | This is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider. | |
cluster_name | text | = | The name of the cluster. |
groups_claim | text | The JSON web token (JWT) claim that the provider uses to return your groups. | |
groups_prefix | text | The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). | |
issuer_url | text | The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens. | |
name | text | = | The name of the identity provider configuration. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
required_claims | jsonb | The key-value pairs that describe required claims in the identity token. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
status | text | The status of the OIDC identity provider. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | The metadata to apply to the provider configuration to assist with categorization and organization. | |
title | text | Title of the resource. | |
type | text | = | The type of the identity provider configuration. |
username_claim | text | The JSON Web token (JWT) claim that is used as the username. | |
username_prefix | text | The prefix that is prepended to username claims to prevent clashes with existing names. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_eks_identity_provider_config