By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

I want to allow all github org in aws iam role trusted entity (OIDC)

0

I want to create OIDC auth with aws. While creating role i have to enter github org in in aws iam role trusted entity. I do not have github org to enter so i want to allow all github org. So how can i do this?

Enter image description here

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity CenterIAM Policies
Language
English
Divya42
asked 2 months ago85 views
1 Answer
2

AWS does not provide the capability to assume a role from ANY GitHub organization. Even if you create a trusted policy like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "arn:aws:iam::50********80:oidc-provider/token.actions.githubusercontent.com"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "token.actions.githubusercontent.com:sub": "repo:*",
                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
                }
            }
        }
    ]
}

GitHub workflow will not be able to assume such a role.

You can create a Free GitHub organization and use it

Enter image description here Enter image description here Enter image description here

profile picture
EXPERT
Oleksii Bebych
answered 2 months ago
profile picture
EXPERT
Artem
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content