I want to allow all github org in aws iam role trusted entity (OIDC)

Question

I want to create OIDC auth with aws. While creating role i have to enter github org in in aws iam role trusted entity. I do not have github org to enter so i want to allow all github org. So how can i do this?

Enter image description here

![Enter image description here](/media/postImages/original/IMziGX0Ju3TMC5f9zufSo51Q)

Answer

AWS does not provide the capability to assume a role from ANY GitHub organization. Even if you create a trusted policy like this:

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "arn:aws:iam::50********80:oidc-provider/token.actions.githubusercontent.com"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "token.actions.githubusercontent.com:sub": "repo:*",
                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
                }
            }
        }
    ]
}
```

GitHub workflow will not be able to assume such a role.

You can create a Free GitHub organization and use it

![Enter image description here](/media/postImages/original/IMBoOf048DRXG1LJq23CpO-g)
![Enter image description here](/media/postImages/original/IMdgeNAQ26QvmsF0fjSkDsEw)
![Enter image description here](/media/postImages/original/IMvUxe8aYJSKizl0ncuEn1zg)

I want to allow all github org in aws iam role trusted entity (OIDC)

相關內容