Terraform code to create iam role and an opendid connect identity provider This role enables github actions for repos in your github organization. Add the role arn to your github repository secrets and reference it in your workflow.
Example using a github secret named GIT_ACTIONS_ROLE
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.GIT_ACTIONS_ROLE }}
role-session-name: GitHubActionsResources Created
| Name | Description |
|---|---|
| OpenID Connect Provider | Allows federated access for Github Actions |
| IAM Role | Iam role for Github Actions |
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 5.31.0 |
| Name | Version |
|---|---|
| aws | >= 5.31.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_openid_connect_provider.this | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy.admin_policy | data source |
| aws_iam_policy_document.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| client_id_list | A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. | list(string) |
[ |
no |
| default_tags | Sets the default tags in the aws provider block. | map(any) |
n/a | yes |
| github_org_name | Name of the Github organization. | string |
n/a | yes |
| iam_role_name | Name for the iam role. | string |
n/a | yes |
| provider_url | Url for the iss provider. | string |
"https://token.actions.githubusercontent.com" |
no |
| thumbprint_list | Oidc provider thumbprint list. | list(string) |
[ |
no |
No outputs.