Thank you for contacting us! I understand that you'd like IAM Access Analyzer to support archiving based on federation with GitHub, and for it to support filtering with condition keys for repositories and sub key. Please correct me if I have misunderstood your concern.
While the service does not yet support those condition key filters , we have an option to create a rule with the 'principal.Federated' criterion (it's called 'Federated User' on the console) to filter by the IdP ARN (which is arn:aws:iam::xxxx:oidc-provider/token.actions.githubusercontent.com in your case). From your correspondence I understand that you are aware of this option.
I thank you for your feedback on the service and I shall create a feature request to support your use case. While we do not have an ETA for now, please feel free to keep track of such feature releases on our What's New  page for when they arrive.
- 1 https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
- 2 https://aws.amazon.com/new/
Let us know if you run into any further questions or concerns!
GitHub Organizationasked 3 years ago
specifying a list of values when deploying to aws cloudformation using github actionsasked 5 months ago
IAM Access Analyzer Delegated admin and Org configuration, doesnt pick up root accountasked 4 months ago
IAM roles rightsizingAccepted Answerasked 4 months ago
CodeGuru integration with GitHub Actions has inconsistent behavior?asked a month ago
Create a github connection for app runner using cloudformationasked 6 months ago
Permission boundary on IAM role trust policyasked 3 months ago
CDK Codepipeline with github : insufficient permissionsasked 9 days ago
IAM Access Analyzer - alert on roles assumed by federated github actionsasked 5 months ago
Enable IAM Access Analyzer to delegated admin account error: Access Analyzer Service Linked Role is not in the organizational management accountasked 4 months ago