diff --git a/README.md b/README.md
index 9aa2452..1c654aa 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ These include
* [Policy to Role](./policy-to-role/README.md) - Creates an IAM policy and attaches it with an existing Role.
* [User to Group](./user-to-group/README.md) - Creates an IAM user and adds user to a list of groups.
* [Managed Role](./managed-role/README.md) - Creates an IAM role and attaches the policy to it.
+* [Identity-Provider](./identity-provider/README.md) - Creates an IAM identidy provider for open id connect provider.
## ADR's
@@ -44,4 +45,4 @@ See the License for the specific language governing permissions and
limitations under the License.
```
-Copyright © 2019 [Hypr NZ](https://www.hypr.nz/)
+Copyright © 2019 [Hypr NZ](https://www.hypr.nz/)
\ No newline at end of file
diff --git a/examples/identity-provider/main.tf b/examples/identity-provider/main.tf
new file mode 100644
index 0000000..4a8252b
--- /dev/null
+++ b/examples/identity-provider/main.tf
@@ -0,0 +1,20 @@
+module "example" {
+ source = "../../identity-provider"
+
+ providers = {
+ aws = aws
+ }
+
+ identity_provider_url = "https://accounts.google.com"
+ client_id_list = ["ExampleClientID"]
+ thumbprint_list = []
+ tags = {"Env": "test"}
+}
+
+provider "aws" {
+ region = var.aws_region
+}
+
+variable "aws_region" {
+ default = "ap-southeast-2"
+}
\ No newline at end of file
diff --git a/identity-provider/README.md b/identity-provider/README.md
new file mode 100644
index 0000000..b80354d
--- /dev/null
+++ b/identity-provider/README.md
@@ -0,0 +1,36 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 0.12.26 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_openid_connect_provider.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [client\_id\_list](#input\_client\_id\_list) | A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client\_id parameter on OAuth requests.) | `list(string)` | n/a | yes |
+| [identity\_provider\_url](#input\_identity\_provider\_url) | The URL of the identity provider. | `any` | n/a | yes |
+| [tags](#input\_tags) | Tags to add to IAM identity provider Resource. | `map(any)` | `{}` | no |
+| [thumbprint\_list](#input\_thumbprint\_list) | A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). | `list(string)` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [provider\_arn](#output\_provider\_arn) | The ARN assigned by AWS for this provider. |
diff --git a/identity-provider/main.tf b/identity-provider/main.tf
new file mode 100644
index 0000000..56c88ec
--- /dev/null
+++ b/identity-provider/main.tf
@@ -0,0 +1,6 @@
+resource "aws_iam_openid_connect_provider" "this" {
+ url = var.identity_provider_url
+ client_id_list = var.client_id_list
+ thumbprint_list = var.thumbprint_list
+ tags = var.tags
+}
\ No newline at end of file
diff --git a/identity-provider/outputs.tf b/identity-provider/outputs.tf
new file mode 100644
index 0000000..4ba5cfc
--- /dev/null
+++ b/identity-provider/outputs.tf
@@ -0,0 +1,4 @@
+output "provider_arn" {
+ description = "The ARN assigned by AWS for this provider."
+ value = aws_iam_openid_connect_provider.this.arn
+}
diff --git a/identity-provider/var.tf b/identity-provider/var.tf
new file mode 100644
index 0000000..be95a14
--- /dev/null
+++ b/identity-provider/var.tf
@@ -0,0 +1,19 @@
+variable "identity_provider_url" {
+ description = "The URL of the identity provider."
+}
+
+variable "client_id_list" {
+ description = "A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client_id parameter on OAuth requests.)"
+ type = list(string)
+}
+
+variable "thumbprint_list" {
+ description = "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s)."
+ type = list(string)
+}
+
+variable "tags" {
+ description = "Tags to add to IAM identity provider Resource."
+ type = map(any)
+ default = {}
+}
\ No newline at end of file
diff --git a/identity-provider/versions.tf b/identity-provider/versions.tf
new file mode 100644
index 0000000..f8415c1
--- /dev/null
+++ b/identity-provider/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 0.12.26"
+
+ required_providers {
+ aws = {
+ source : "hashicorp/aws",
+ required_version : ">= 3.21.0"
+ }
+ }
+}
\ No newline at end of file