{"id":25918097,"url":"https://github.com/aws-samples/github-actions-oidc-cdk-construct","last_synced_at":"2025-03-03T14:02:51.784Z","repository":{"id":182427225,"uuid":"658863082","full_name":"aws-samples/github-actions-oidc-cdk-construct","owner":"aws-samples","description":null,"archived":false,"fork":false,"pushed_at":"2023-10-25T20:00:42.000Z","size":252,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2023-10-25T21:24:23.544Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit-0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aws-samples.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-06-26T16:36:32.000Z","updated_at":"2023-10-23T07:57:16.000Z","dependencies_parsed_at":"2023-07-20T00:16:01.837Z","dependency_job_id":null,"html_url":"https://github.com/aws-samples/github-actions-oidc-cdk-construct","commit_stats":null,"previous_names":["aws-samples/github-actions-oidc-cdk-construct"],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-samples%2Fgithub-actions-oidc-cdk-construct","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-samples%2Fgithub-actions-oidc-cdk-construct/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-samples%2Fgithub-actions-oidc-cdk-construct/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-samples%2Fgithub-actions-oidc-cdk-construct/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aws-samples","download_url":"https://codeload.github.com/aws-samples/github-actions-oidc-cdk-construct/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241678154,"owners_count":20001682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-03T14:01:53.736Z","updated_at":"2025-03-03T14:02:51.776Z","avatar_url":"https://github.com/aws-samples.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"# Github Actions AWS Auth CDK Stack\n\nThis AWS Cloud Developer Kit (CDK) stack provides the necessary credentials to enable OIDC Authentication integration for Github Actions access to an AWS account. It allows the user to integrate Github Actions workflows with an AWS account without having to save AWS Credentials in their Github Secrets.\n\n## What it does\n\n1. Deploys an AWS Identity and Access Management role with OIDC authorization scoped specifically for Github OIDC access.\n2. Outputs the ARN of the role to be used in Github environment\n\n## πŸŽ’ Pre-requisites\n\nThe [aws-cli](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) must be installed -and- configured with an AWS account on the deployment machine (see \u003chttps://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html\u003e for instructions on how to do this on your preferred development platform).\n\nThis project requires [Node.js](http://nodejs.org/). To make sure you have it available on your machine, try running the following command.\n\n```sh\nnode -v\n```\n\nFor best experience we recommend installing CDK globally: `npm install -g aws-cdk`\n\n## πŸš€ Setup\n\n### 0/ Use git to clone this repository to your local environment\n\n```sh\ngit clone #insert-http-or-ssh-for-this-repository\n```\n\n### 1/ Set up your AWS environment\n\nConfigure your AWS credentials:\n`aws configure`\n\nFor more on setting up your AWS Credentials please visit [setting up your aws credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html)\n\n### 2/ Prepare your CDK environment\n\n1. Navigate to CDK Directory\n2. Set up your emissions factor document (see Set up your emissions factor document below)\n3. Copy `cdk.context.template.json` or remove .template\n4. Enter your parameters in `cdk.context.json` (see Context Parameters below)\n\n#### --Context Parameters--\n\nBefore deployment navigate to `cdk.context.json` and update the required context parameters.\n\n- Required:`repoOwner` The owner of the Github repository. This can be found in the url of your Github repository\n- Required:`repoName` The name of the repository\n- Required:`repoBranch` The branch to allow for deployment (default is `/main`)\n\n### 3/ Bootstrap CDK\n\nAt this point you should have already saved your AWS credentials to environmental variables using `aws configure` or a similar command. The bootstrap step sets up several dependencies for CDK that will allow you to create resources using the CDK command line interface. Please also note that you will need a generally permissive IAM role to bootstrap CDK. This can be done using an AWS managed developer role, but we strongly recommend consulting your security practices to ensure that you adhere to least privilege.\n\n```sh\ncdk bootstrap # if you are authenticated with aws configure\n```\n\nor\n\n```sh\ncdk bootstrap aws://ACCOUNT-NUMBER/REGION # if you are bootstrapping a different account\n```\n\n### 3/ Install dependencies, build, and synthesize the CDK app\n\nInstall dependencies\n\n```sh\nnpm ci\n```\n\nBuild your node application and environment\n\n```sh\nnpm run build\n```\n\nSynthesize the CDK application\n\n```sh\ncdk synth\n```\n\n### 4/ Deploy the application\n\nβœ… Recommended: deploy for local development\n\n```sh\ncdk deploy --all\n```\n\n## πŸ›  Usage\n\nNow that your OIDC role is set up and running in your accounts follow the linked directions to integrate with an existing Github Actions Workflow.\n\n[Configuring OpenID Connect in Amazon Web Services](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services)\n\n...or follow the AWS Security Blog post below\n\n[Use IAM roles to connect GitHub Actions to actions in AWS] (https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/)\n\n## πŸ’² Cost and Licenses\n\nYou are responsible for the cost of the AWS services used while running this application. There is no additional cost for the kit.\n\nThe AWS CDK stacks for this kit include configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.\n\nTip: After you deploy the application, create AWS Cost and Usage Reports to track costs associated with the application. These reports deliver billing metrics to an S3 bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, see What are AWS Cost and Usage Reports?\n\nThis sample doesn’t require any software license or AWS Marketplace subscription.\n\n## πŸ” Security\n\nSee [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.\n\n## Useful commands\n\n- `npm run build` compile typescript to js\n- `npm run watch` watch for changes and compile\n- `npm run test` perform the jest unit tests\n- `cdk deploy` deploy this stack to your default AWS account/region\n- `cdk diff` compare deployed stack with current state\n- `cdk synth` emits the synthesized CloudFormation template\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faws-samples%2Fgithub-actions-oidc-cdk-construct","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faws-samples%2Fgithub-actions-oidc-cdk-construct","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faws-samples%2Fgithub-actions-oidc-cdk-construct/lists"}