feat: Switch to dualstack OIDC issuer URL

bryantbiggs · bryantbiggs · commit ecda27f096ef · 2025-07-21T17:06:08.000-05:00
diff --git a/main.tf b/main.tf
@@ -444,7 +444,7 @@ data "tls_certificate" "this" {
   # Not available on outposts
   count = local.create_oidc_provider && var.include_oidc_root_ca_thumbprint ? 1 : 0
 
-  url = aws_eks_cluster.this[0].identity[0].oidc[0].issuer
+  url = local.dualstack_oidc_issuer_url
 }
 
 resource "aws_iam_openid_connect_provider" "oidc_provider" {
@@ -453,7 +453,7 @@ resource "aws_iam_openid_connect_provider" "oidc_provider" {
 
   client_id_list  = distinct(compact(concat(["sts.amazonaws.com"], var.openid_connect_audiences)))
   thumbprint_list = concat(local.oidc_root_ca_thumbprint, var.custom_oidc_thumbprints)
-  url             = aws_eks_cluster.this[0].identity[0].oidc[0].issuer
+  url             = local.dualstack_oidc_issuer_url
 
   tags = merge(
     { Name = "${var.name}-eks-irsa" },
diff --git a/outputs.tf b/outputs.tf
@@ -1,4 +1,5 @@
 locals {
+  # https://github.com/aws/containers-roadmap/issues/2038#issuecomment-2278450601
   dualstack_oidc_issuer_url = try(replace(replace(aws_eks_cluster.this[0].identity[0].oidc[0].issuer, "https://oidc.eks.", "https://oidc-eks."), ".amazonaws.com/", ".api.aws/"), null)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`locals {`
	`2`	`+ # https://github.com/aws/containers-roadmap/issues/2038#issuecomment-2278450601`
`2`	`3`	`dualstack_oidc_issuer_url = try(replace(replace(aws_eks_cluster.this[0].identity[0].oidc[0].issuer, "https://oidc.eks.", "https://oidc-eks."), ".amazonaws.com/", ".api.aws/"), null)`
`3`	`4`	`}`
`4`	`5`