kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: pods-role
rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["list"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: deployments-role
rules:
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: pods-binding
subjects:
  - kind: User
    name: s3-oidc:oidcuser@aws.com
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: pods-role
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: deployments-binding
subjects:
  - kind: Group
    name: s3-oidc:developers
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: deployments-role