Error: OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint while connecting github actions to AWS using IAM role based authentication
Error: OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::XXXXXXXXXXX:oidc-provider/token.actions.githubusercontent.com"
},
"Action": [
"sts:AssumeRoleWithWebIdentity"
],
"Condition": {
"StringEquals": {
"token.actions.githubusercontent.com:sub": "repo:XXXXX/*"
},
"ForAllValues:StringEquals": {
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com",
"token.actions.githubusercontent.com:iss": "https://token.actions.githubusercontent.com"
}
}
}
]
}
type: OpenID Connect
provider: https://token.actions.githubusercontent.com/
thumbprint : 6938fd4d98bab03faadb97b34396831e3780aea1
Audience: sts.amazonaws.com
- 新しい順
- 投票が多い順
- コメントが多い順
Try changing it to the THUMBPRINT listed here.
https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/
However the key was same but now its giving me..
Error: Not authorized to perform sts:AssumeRoleWithWebIdentity. please refer to my pain post I have already provided these rights.
The following blog may be related to this issue if it has not already been resolved.
Try setting two keys according to the documentation.
https://github.blog/changelog/2023-06-27-github-actions-update-on-oidc-integration-with-aws/
Customers experiencing issues authenticating via OIDC with AWS should configure both thumbprints to be trusted in the AWS portal. The two known intermediary thumbprints at this time are:
6938fd4d98bab03faadb97b34396831e3780aea1
1c58a3a8518e8759bf075b76b750d4f2df264fcd
関連するコンテンツ
AWS公式更新しました 3年前- AWS公式更新しました 4ヶ月前
