Skip to content

Commit

Permalink
add a readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@GavinZZ
GavinZZ committed Jan 15, 2025
1 parent 27cca08 commit e2c7163
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions packages/aws-cdk-lib/aws-iam/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -707,6 +707,14 @@ thumbprint of the root certificate authority (CA) will automatically be obtained
from the host as described
[here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html).

Byy default, the custom resource enforces strict security practices by rejecting
any unauthorized connections when downloading CA thumbprints from the issuer URL.
If you need to connect to an unauthorized OIDC identity provider and understand the
implications, you can disable this behavior by setting the feature flag
`IAM_OIDC_REJECT_UNAUTHORIZED_CONNECTIONS` to `false` in your `cdk.context.json`
or `cdk.json`. Visit [CDK Feature Flag](https://docs.aws.amazon.com/cdk/v2/guide/featureflags.html)
for more information on how to configure feature flags.

Once you define an OpenID connect provider, you can use it with AWS services
that expect an IAM OIDC provider. For example, when you define an [Amazon
Cognito identity
Expand Down

0 comments on commit e2c7163

Please sign in to comment.