- Newest
- Most votes
- Most comments
The following blog is in Japanese but is set up by creating an IAM role.
https://dev.classmethod.jp/articles/github-actions-aws-sts-credentials-iamrole/
Basically, if you need access to AWS resources, it is better to use temporary credentials (e.g., IAM roles).
Hi DevLocalCA,
I would look into this guide: https://aws.amazon.com/blogs/containers/create-a-ci-cd-pipeline-for-amazon-ecs-with-github-actions-and-aws-codebuild-tests/.
It uses GitHub as a source code repository can use GitHub Actions to build a complete CI/CD pipeline for applications deployed on Amazon ECS, leveraging github actions such as github.com/aws-actions/configure-aws-credentials and github.com/aws-actions/amazon-ecr-login.
Hope it helps you ;)
I've created two GH repos to support this and a related blog post linked in the second repo.
The first repo has the CloudFormation to deploy an OIDC IAM Role and IDP Pair to support authentication. https://github.com/rwickit/aws-github-cicd
The second has the blog and Action examples to support deployment of AWS resources using Actions in both CloudFormation and Terraform. https://github.com/rosswickman/aws-automation-workflows
I recently created a youtube video (on channel: learn4tarakki), talking about best practice of setting up github actions to access AWS. We setup github actions with github OIDC Provider and added Github Indentity Provider in AWS and created assume role in AWS with trust and permission policy.
Key take aways and Queries, it answers: ☛ What is github actions and how to create from scratch. ☛ How to write github actions workflow to deploy react app on AWS. ☛ What is recommended way by which github actions should access AWS. ☛ How to avoid storing long lived AWS credentials in github secrets. ☛ Why we need github OIDC Provider (#oidc). ☛ How to add new Identity Provider in AWS. ☛ What is AWS assume role, trust and permission policy and how to create one in simple steps. ☛ Also, include latest update by github on June 2023 for configuring thumbprints for Identity Provider in AWS.
Relevant content
- asked 9 months ago
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 years ago
Thank you very much. I cannot read Japanese, but will see if Google translate can translate the page. It refers to OIDC which I have seen before but know little about. I will search on that as well.