This module creates the required roles in AWS to authenticate GitHub modules with AWS via OIDC.
You provide you GitHub organisation/username and repository name as variables to the module.
It will create a role name <repository name>-github-actions which you can use to authenticate with AWS in your GitHub actions like so:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::<aws account id>:role/<repository name>-github-actions
role-session-name: aws-login
aws-region: eu-west-3No requirements.
| Name | Version |
|---|---|
| aws | n/a |
No modules.
| Name | Type |
|---|---|
| aws_iam_policy.custom_policy | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.custom_policy_attachment | resource |
| aws_iam_role_policy_attachment.policy | resource |
| aws_iam_openid_connect_provider.oicd_provider | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| custom_policy | A custom policy to attach to your role if you want more fine grained permissions | object( |
null |
no |
| git_ref | The git refs for branches which can assume this role | string |
"refs/heads/main" |
no |
| github_owner | The Github user or organisation name that owns repository to add the role for | string |
n/a | yes |
| github_repository | The name of the Github repository to add the role for | string |
n/a | yes |
| oicd_provider_arn | The ARN of the Github Actions OIDC provider (if not provided, the module will use a data provider to find it) | string |
null |
no |
| policy_arn_list | A list of policy ARNs to attach to the role (there are the AWS permissions that your Github Actions pipeline will have) | list(string) |
[] |
no |
| Name | Description |
|---|---|
| role | The attributes from the aws_iam_role resource |