Create an OIDC identity provider

To use IAM roles for service accounts in your cluster, you must create an IAM OIDC Identity Provider. This can be done using the AWS Console, AWS CLIs and eksctl. For the sake of this workshop, we will use the last.

Check your eksctl version that your eksctl version is at least 0.57.0
eksctl version


If your eksctl version is lower than 0.57.0, use Installing or Upgrading eksctl in the user guide

Create your IAM OIDC Identity Provider for your cluster
eksctl utils associate-iam-oidc-provider --cluster eksworkshop-eksctl --approve

2021-07-20 17:51:36 [ℹ]  eksctl version 0.57.0
2021-07-20 17:51:36 [ℹ]  using region us-east-1
2021-07-20 17:51:38 [ℹ]  will create IAM Open ID Connect provider for cluster "eksworkshop-eksctl" in "us-east-1"
2021-07-20 17:51:39 [✔]  created IAM Open ID Connect provider for cluster "eksworkshop-eksctl" in "us-east-1"

If you go to the Identity Providers in IAM Console, you will see OIDC provider has created for your cluster

OIDC Identity Provider