short issue description

Question

short issue description

shahid23-dev opened this issue 8 months ago · 7 comments

Describe the bug

Error: Could not assume role with OIDC: No OpenIDConnect provider found in your account for https://token.actions.githubusercontent.com

Expected Behavior

should able to configure

Current Behavior

Error: Could not assume role with OIDC: No OpenIDConnect provider found in your account for https://token.actions.githubusercontent.com

Reproduction Steps

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::******:oidc-provider/token.actions.githubusercontent.com/"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"token.actions.githubusercontent.com/:aud": "sts.amazonaws.com"
},
"StringLike": {
"token.actions.githubusercontent.com/:sub": "repo:shahid23-dev/shahid-project:"
}
}
}
]
}

Sample workflow to access AWS resources when workflow is tied to branch

The workflow Creates static website using aws s3

name: s3 workflow
on:
push
env:
BUCKET_NAME : "shahid-terraform-bucket"
AWS_REGION : "us-east-1"

permission can be added at job level or workflow level

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
S3PackageUpload:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Git clone the repository
uses: actions/checkout@v4
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::*********:role/github-actions-role
role-session-name: github-actions-role
aws-region: ${{ env.AWS_REGION }}
# Upload a file to AWS s3
- name: Copy index.html to s3
run: |
aws s3 cp ./index.html s3://${{ env.BUCKET_NAME }}/

Possible Solution

No response

Additional Information/Context

No response

Answer 1 · 2024-03-28T12:56:20.000Z

Did you create the identity provider in AWS?
https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/

Answer 2 · 2024-03-28T19:16:06.000Z

I've also the same issue. I've followed the full guide, step by step. Workflow is returning Error: Could not assume role with OIDC: The requested DurationSeconds exceeds the MaxSessionDuration set for this role.

Answer 3 · 2024-03-28T20:41:42.000Z

probably I've find out the issue @shahid23-dev. You must provide the same time, or below, the one configured inside Maximum session duration of your Github Role. For example if you have set as Maximum session duration = 1h, you also need to specify in your github workflow role-duration-seconds: 1200

Answer 4 · 2024-03-29T20:37:09.000Z

Thanks for reaching out and commenting here - @shahid23-dev does the suggestion in the above comment resolve your issue?

Answer 5 · 2024-03-30T06:59:28.000Z

probably I've find out the issue @shahid23-dev. You must provide the same time, or below, the one configured inside Maximum session duration of your Github Role. For example if you have set as Maximum session duration = 1h, you also need to specify in your github workflow role-duration-seconds: 1200

thanks dude. it helped

Answer 6 · 2024-03-30T07:00:33.000Z

Thanks for reaching out and commenting here - @shahid23-dev does the suggestion in the above comment resolve your issue?

resolved , Thanks :)

Answer 7 · 2024-03-30T22:43:41.000Z

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.