terraform-aws-oidc-with-github-actions

AWS Federation With Github Actions

A Terraform module to configure OIDC between GitHub Actions and AWS.

The module configures Federation with your AWS account using Github Actions as an Open ID Connect (OIDC) identity provider. This allows you to assume an IAM role within your account with short-lived credentials, removing the need for secrets management.

Usage

The complete example shows all of the available options. The following basic example shows the minimum requirement for creating an OIDC connection between AWS and your GitHub Actions.

provider "aws" {
  region = "eu-west-2"
}

module "oidc-with-github-actions" {
  source  = "thetestlabs/oidc-with-github-actions/aws"
  version = "0.1.4"

  github_org = "thetestlabs"
  github_repositories = [
    "example_repo_1",
    "example_repo_2",
  ]

}

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 4.0.0

Providers

Name	Version
aws	>= 4.0.0

Modules

No modules.

Resources

Name	Type
aws_iam_openid_connect_provider.github	resource
aws_iam_role.github	resource
aws_iam_role_policy_attachment.policy	resource
aws_caller_identity.current	data source
aws_iam_policy_document.assume_role	data source

Inputs

Name	Description	Type	Default	Required
client_id_list	A list of client IDs (also known as audiences).	`list(string)`	[ "sts.amazonaws.com" ]	no
enabled	Flag to enable or disable the creation of resources.	`bool`	`true`	no
github_org	GitHub organisation name.	`string`	n/a	yes
github_repositories	List of GitHub repository names.	`list(string)`	n/a	yes
iam_role_description	Description of the role	`string`	`"IAM role to enable GitHub OIDC access"`	no
iam_role_name	Friendly name of the role. If omitted, Terraform will assign a random, unique name.	`string`	`"GitHubOIDCRole"`	no
iam_role_path	Path to the IAM role.	`string`	`"/"`	no
iam_role_policy	Name of the policy to be attacherd to the role.	`string`	`"ReadOnlyAccess"`	no
max_session_duration	Maximum session duration in seconds.	`number`	`3600`	no
oidc_url	The URL of the identity provider. Corresponds to the iss claim.	`string`	`"token.actions.githubusercontent.com"`	no
thumbprint_list	A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s).	`list(string)`	[ "6938fd4d98bab03faadb97b34396831e3780aea1" ]	no

Outputs

No outputs.

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
.github/workflows		.github/workflows
examples		examples
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.tflint.hcl		.tflint.hcl
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
LICENSE		LICENSE
README.md		README.md
datasources.tf		datasources.tf
main.tf		main.tf
outputs.tf		outputs.tf
terraform.tf		terraform.tf
variables.tf		variables.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

terraform-aws-oidc-with-github-actions

AWS Federation With Github Actions

Usage

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Releases

Packages

Languages

License

kbaisla31/terraform-aws-oidc-with-github-actions

Folders and files

Latest commit

History

Repository files navigation

terraform-aws-oidc-with-github-actions

AWS Federation With Github Actions

Usage

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages