{"id":18593924,"url":"https://github.com/janstuemmel/github-aws-oidc-auth","last_synced_at":"2026-05-04T11:33:57.092Z","repository":{"id":92577097,"uuid":"435152132","full_name":"janstuemmel/github-aws-oidc-auth","owner":"janstuemmel","description":"Aws role to authenticate with github actions.","archived":false,"fork":false,"pushed_at":"2022-01-17T11:44:34.000Z","size":3,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-24T23:35:04.238Z","etag":null,"topics":["aws","github-actions","oidc","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/janstuemmel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-05T11:50:27.000Z","updated_at":"2023-03-07T06:39:51.000Z","dependencies_parsed_at":null,"dependency_job_id":"404d92a5-051d-4b9b-8ab6-f83d9d0bbffd","html_url":"https://github.com/janstuemmel/github-aws-oidc-auth","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/janstuemmel/github-aws-oidc-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/janstuemmel%2Fgithub-aws-oidc-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/janstuemmel%2Fgithub-aws-oidc-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/janstuemmel%2Fgithub-aws-oidc-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/janstuemmel%2Fgithub-aws-oidc-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/janstuemmel","download_url":"https://codeload.github.com/janstuemmel/github-aws-oidc-auth/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/janstuemmel%2Fgithub-aws-oidc-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32605802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-04T10:08:07.713Z","status":"ssl_error","status_checked_at":"2026-05-04T10:08:02.005Z","response_time":58,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","github-actions","oidc","terraform","terraform-module"],"created_at":"2024-11-07T01:13:57.879Z","updated_at":"2026-05-04T11:33:57.063Z","avatar_url":"https://github.com/janstuemmel.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Aws github actions access\n\nAws role to authenticate with github actions. Can be used with the official [aws credentials action](https://github.com/aws-actions/configure-aws-credentials).\n\n## Usage example\n\nThis example allows s3 access for the github actions role.\n\n```hcl\n// example terraform main.tf file\n\nmodule \"github_actions_access_role\" {\n  source = \"git::ssh://git@github.com/janstuemmel/github-aws-oidc-auth?ref=0.3.0\"\n\n  // optional\n  role_name = \"GithubActionsAccessRole\"\n  role_desc  = \"Optional GithubActionsAccessRole description\" \n  role_tags = { foo = \"some tag\" }\n \n  // required\n  github_repos = [\n    \"janstuemmel/some-repo:ref:refs/heads/master\",\n    \"janstuemmel/other-repo:*\",\n  ]\n}\n\nresource \"aws_iam_policy\" \"github_policy\" {\n  name        = \"GithubActionsAccessRolePolicy\"\n  description = \"Allow github actions access\"\n  policy      = data.aws_iam_policy_document.github_role.json\n}\n\nresource \"aws_iam_role_policy_attachment\" \"github_role_policy_attachment\" {\n  role       = module.github_actions_access_role.role_name\n  policy_arn = aws_iam_policy.github_policy.arn\n}\n\ndata \"aws_iam_policy_document\" \"github_role\" {\n  statement {\n    effect   = \"Allow\"\n    actions  = [\"s3:*\"]\n    resources = [\"*\"]\n  }\n}\n```\n\n```yaml\n# example github actions workflow file\n\non:\n  push:\n    branches:\n      - master\n\njobs:\n  s3:\n    runs-on: ubuntu-latest\n\n    # set permissions for oidc token auth\n    permissions:\n      id-token: write\n      contents: write\n      \n    steps:\n      # configure auth, needs aws account id\n      - name: Configure AWS Credentials\n        uses: aws-actions/configure-aws-credentials@v1\n        with:\n          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GithubActionsAccessRole\n          aws-region: eu-central-1\n\n      # run aws cli script\n      - run: aws s3 ls\n```\n\n## Resources\n* [Configure OpenID Connect for GithubActions](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjanstuemmel%2Fgithub-aws-oidc-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjanstuemmel%2Fgithub-aws-oidc-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjanstuemmel%2Fgithub-aws-oidc-auth/lists"}