Show HN: Stop Putting AWS Credentials in GitHub Secrets

# · ✸ 88 · 💬 29 · 2 years ago · github.com · cnuss · 📷
This action enables workflows to obtain AWS Access Credentials for a desired IAM Role using AWS IAM SAML and a GitHub Actions Repository Token. No need to copy/paste AWS Access Tokens into GitHub Secrets. This action uses SAML.to and an AWS IAM Identity Provider to exchange a GitHub Actions Token for AWS Access Credentials. Version: "20220101" variables: awsProviderArn: "PROVIDER ARN" awsRoleArn: "ROLE ARN" providers: aws: entityId: https://signin. SelectedRole #>,<$= awsProviderArn $>" permissions: aws: roles: - name: <$= awsRoleArn $> self: true Replace PROVIDER ARN with the ARN of the provider created above. Replace ROLE ARN with the ARN of the IAM Role modified above. AccessKeyId The generated AWS Access Key ID. This is also be set in the AWS ACCESS KEY ID environment variable.
Show HN: Stop Putting AWS Credentials in GitHub Secrets



Send Feedback | WebAssembly Version (beta)