Skip to content
/ gh-aws-oidc Public

Set AWS_WEB_IDENTITY_TOKEN_FILE via OIDC in GitHub Actions

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

christopher-dG/gh-aws-oidc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

GitHub-AWS-OIDC

It's like aws-actions/configure-aws-credentials for OIDC, but it sets AWS_WEB_IDENTITY_TOKEN_FILE instead of exporting temporary credentials that cannot be refreshed.

on: push
permissions:
  id-token: write
  contents: read
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: christopher-dG/gh-aws-oidc@v1
        with:
          role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>
          region: us-east-1
      - name: Test credentials
        run: aws sts get-caller-identity
      - name: Let credentials expire
        run: sleep 61m
      - name: Ensure that credentials are refreshed
        run: aws sts get-caller-identity

About

Set AWS_WEB_IDENTITY_TOKEN_FILE via OIDC in GitHub Actions

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published