create-open-id-connect-provider

The aws iam create-open-id-connect-provider command is used to create an IAM identity provider that supports OpenID Connect (OIDC). This integration allows the AWS account to work with an OIDC identity provider.

Syntax

aws iam create-open-id-connect-provider \
  --thumbprint-list THUMBPRINT \
  --client-id-list CLIENT_ID

Options

--url PROVIDER_URL: The URL of the OIDC identity provider (IdP) to be used.
--client-id-list CLIENT_ID: A list of client IDs (also known as audiences). Each client ID is a string that identifies a client application that is allowed to authenticate with the OIDC identity provider.
--thumbprint-list THUMBPRINT: A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s).

Calculating the Thumbprint of a Website

To calculate the thumbprint of a website's SSL certificate, you can use the following OpenSSL command:

echo | openssl s_client -servername ${NAME} -connect ${WEBSITE}:443 | openssl x509 -fingerprint -noout

Replace NAME with the domain name of the site and WEBSITE with the website's address. This command will output the SSL certificate's thumbprint.

See also the original AWS documentation.

create-open-id-connect-provider

Syntax​

Options​

Calculating the Thumbprint of a Website​

Syntax

Options

Calculating the Thumbprint of a Website