Skip to content

Terraform module for creating IAM roles for GitHub OIDC authentication with AWS

Notifications You must be signed in to change notification settings

resizes/platform-terraform-module-github-oidc-aws-role

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Terraform Module for GitHub OIDC AWS Role

Terraform module for creating GitHub OIDC role for AWS. This module will create the following resources:

  • IAM Role
  • IAM Policy
  • IAM Policy Attachment

This module is designed to authenticate GitHub Actions with AWS using OIDC. The role created by this module can be assumed by GitHub Actions to perform actions on AWS.

Pre-requisites

You need to have the following resources created before using this module:

data "tls_certificate" "github" {
  url = "tls://token.actions.githubusercontent.com:443"
}

resource "aws_iam_openid_connect_provider" "github" {
  url             = "https://token.actions.githubusercontent.com"
  client_id_list  = ["sts.amazonaws.com"]
  thumbprint_list = [data.tls_certificate.github.certificates[0].sha1_fingerprint]
}

Usage

module "github-oidc-aws-role" {
  source            = "github.com/resizes/platform-terraform-module-github-oidc-aws-role?ref=main"
  name              = ${ROLE_NAME}
  org_name          = ${ORG_NAME}
  condition_test    = ${CONDITION_TEST}
  actions = [ ${ALLOWED_ACTIONS} ]
  assume_role_policy_condition_values = [
    "repo:${ORG_NAME}/${REPO}:ref:refs/heads/${BRANCH}",
    "repo:${ORG_NAME}/${REPO}:ref:refs/tags/${TAG}"
  ]
}

References

About

Terraform module for creating IAM roles for GitHub OIDC authentication with AWS

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages