A simple module that creates a single OIDC Role to be assumed by GitHub Actions to have access to your AWS Account.
module "github-actions-oidc" {
source = "michael-ortiz/github-actions-oidc/aws"
version = "~> 1.0"
create_oidc_provider = true
repositories = ["Organization/RepositoryName"]
oidc_role_policies_arns = ["YOUR_POLICY_ARN"]
}
| Name | Type |
|---|---|
| aws_iam_openid_connect_provider.provider | resource |
| aws_iam_role.github_actions_role | resource |
| aws_iam_role_policy_attachment.attachment | resource |
| aws_iam_policy_document.policy_document | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_oidc_provider | Should create or not the OIDC provider. | bool |
true |
no |
| github_thumbprint | GitHub OpenID TLS certificate thumbprints. | list(string) |
6938fd4d98bab03faadb97b34396831e3780aea1, 1c58a3a8518e8759bf075b76b750d4f2df264fcd |
no |
| max_session_duration | Maximum session duration in seconds. | number |
3600 |
no |
| oidc_role_policies_arns | Policy ARNs to be attached to the role. | list(string) |
[] |
no |
| repositories | List of GitHub organization/repository names authorized to assume the role. | list(string) |
[] |
no |
| tags | Tags to be applied to resources. | map(string) |
{} |
no |
| role_name | Name of the GitHub Actions OIDC role. | string |
github-actions-oidc-role |
no |
| Name | Description |
|---|---|
| oidc_provider_arn | OIDC provider ARN |
| oidc_role_arn | GitHub Actions OIDC role ARN |