1 個回答
- 最新
- 最多得票
- 最多評論
2
AWS does not provide the capability to assume a role from ANY GitHub organization. Even if you create a trusted policy like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::50********80:oidc-provider/token.actions.githubusercontent.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"token.actions.githubusercontent.com:sub": "repo:*",
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
}
}
}
]
}
GitHub workflow will not be able to assume such a role.
You can create a Free GitHub organization and use it
相關內容
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前