Skip to content

Latest commit

 

History

History
84 lines (60 loc) · 4.59 KB

README.md

File metadata and controls

84 lines (60 loc) · 4.59 KB

terraform-aws-oidc-with-github-actions

GitHub release (latest SemVer) Terraform workflow

AWS Federation With Github Actions

A Terraform module to configure OIDC between GitHub Actions and AWS.

The module configures Federation with your AWS account using Github Actions as an Open ID Connect (OIDC) identity provider. This allows you to assume an IAM role within your account with short-lived credentials, removing the need for secrets management.

SWUbanner

Usage

The complete example shows all of the available options. The following basic example shows the minimum requirement for creating an OIDC connection between AWS and your GitHub Actions.

provider "aws" {
  region = "eu-west-2"
}

module "oidc-with-github-actions" {
  source  = "thetestlabs/oidc-with-github-actions/aws"
  version = "0.1.4"

  github_org = "thetestlabs"
  github_repositories = [
    "example_repo_1",
    "example_repo_2",
  ]

}

Requirements

Name Version
terraform >= 1.0.0
aws >= 4.0.0

Providers

Name Version
aws >= 4.0.0

Modules

No modules.

Resources

Name Type
aws_iam_openid_connect_provider.github resource
aws_iam_role.github resource
aws_iam_role_policy_attachment.policy resource
aws_caller_identity.current data source
aws_iam_policy_document.assume_role data source

Inputs

Name Description Type Default Required
client_id_list A list of client IDs (also known as audiences). list(string) 
[
  "sts.amazonaws.com"
]
 no
enabled Flag to enable or disable the creation of resources. bool true no
github_org GitHub organisation name. string n/a yes
github_repositories List of GitHub repository names. list(string) n/a yes
iam_role_description Description of the role string "IAM role to enable GitHub OIDC access" no
iam_role_name Friendly name of the role. If omitted, Terraform will assign a random, unique name. string "GitHubOIDCRole" no
iam_role_path Path to the IAM role. string "/" no
iam_role_policy Name of the policy to be attacherd to the role. string "ReadOnlyAccess" no
max_session_duration Maximum session duration in seconds. number 3600 no
oidc_url The URL of the identity provider. Corresponds to the iss claim. string "token.actions.githubusercontent.com" no
thumbprint_list A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). list(string) 
[
  "6938fd4d98bab03faadb97b34396831e3780aea1"
]
 no

Outputs

No outputs.