This module setups an AWS OIDC Identity prodiver for Github Actions. This will allow you to use OIDC Federation to give your Github Actions access to your AWS account.
Conditions to validate
This controls can help you do things like:
- Only allow a certain branch
- Only allow a certain repo/org
- Allow certain branch patterns (note: the default values may clash)
This module outputs an arn value. This is the arn you should use in the Github Actions.
No requirements.
| Name | Version |
|---|---|
| aws | n/a |
| Name | Source | Version |
|---|---|---|
| iam_assumable_role_admin | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 3.6.0 |
| Name | Type |
|---|---|
| aws_iam_openid_connect_provider.this | resource |
| aws_iam_policy.iam_policy | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_policy_json | The AWS policy in a json format | string |
"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"*\",\n \"Resource\": \"*\"\n }\n ]\n}\n" |
no |
| client_id_list | n/a | list |
[ |
no |
| create_identity_provider | This switch allows you to create or not create the identity provider. Only one can exist. If you are creating multiple Github OIDC Federations, only one of the instantiations should create this or the Terraform run will fail. | bool |
true |
no |
| name | The name for the various resources | string |
"github_oidc" |
no |
| tags | Tags | map(any) |
{} |
no |
| thumbprint_list | This is the thumbprint returned if you were to create an "identity provider" in AWS and gave it this url: https://token.actions.githubusercontent.com | list |
[ |
no |
| url | n/a | string |
"https://token.actions.githubusercontent.com" |
no |
| validate_conditions | Conditions to validate | set(string) |
[ |
no |
| validate_wildcard_conditions | Conditions to validate that include wildcards | set(string) |
[ |
no |
| Name | Description |
|---|---|
| arn | n/a |