If the assumed role name is `GitHubActions` the action will fail with a non specific error

Question

If the assumed role name is `GitHubActions` the action will fail with a non specific error

kle-sd opened this issue a year ago · 6 comments

Describe the issue

Ran into this for a few hours tonight where I was naming my role to be assumed GitHubActions and was failing to assume role via OIDC. The action spat out this error. Simply renaming the role to anything else ran successfully.

Could not assume role with OIDC: Not authorized to perform sts:AssumeRoleWithWebIdentity

The pitfall is especially time consuming because web searching the error leads to posts suggesting to fix the conditions in the IAM trust policy which are unrelated.

I suggest either highlighting this restricted role name in the documentation, or fixing the issue preventing use of this role name.

Answer 1 · 2023-12-19T22:56:17.000Z

Thanks for reporting this issue.

Answer 2 · 2024-02-10T01:34:54.000Z

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.

Answer 3 · 2024-02-10T01:34:55.000Z

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.

Answer 4 · 2024-05-23T21:10:20.000Z

Can we get a new release? It seems the fix missed the latest release train v4.0.2 (Feb 6).

Answer 5 · 2024-05-23T21:11:29.000Z

Oh nevermind, it seems the "fix" was just to document that it doesn't work. Maybe re-open the issue?

Answer 6 · 2024-08-08T16:40:58.000Z

Using GitHub-Actions-Runner also breaks for invalid reasons.