Skip to content
/ action-aws-assume-role-oidc Public

GitHub Action for assuming an AWS IAM role via a GitHub OpenID Connect identity provider (OIDC).

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

flipgroup/action-aws-assume-role-oidc

1 Branch0 Tags

Repository files navigation

Action AWS assume IAM role via OpenID Connect

GitHub Action for assuming an AWS IAM role via a GitHub OpenID Connect identity provider (OIDC).

Optionally a second target IAM role can be assumed from the first OIDC enabled role.

Usage

jobs:
  main:
    name: OpenID Connect (OIDC) IAM role
    runs-on: ubuntu-latest
    # note: permissions required to fetch OpenID Connect token and allow actions/checkout
    permissions:
      contents: read
      id-token: write
    steps:
      - name: Assume AWS IAM role
        uses: flipgroup/action-aws-assume-role-oidc@main
        with:
          # note: assume-role-arn is optional
          web-identity-role-arn: arn:aws:iam::ACCOUNT_ID:role/OIDC_TRUSTED_ROLE
          assume-role-arn: arn:aws:iam::ACCOUNT_ID:role/TARGET_ASSUME_ROLE
          aws-region: ap-southeast-2
      - name: whoami
        run: aws sts get-caller-identity

About

GitHub Action for assuming an AWS IAM role via a GitHub OpenID Connect identity provider (OIDC).

Topics

aws iam-role github-actions

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

11 watching

Forks

0 forks
Report repository

Languages