https://github.com/armakuni/terraform-aws-github-actions-oidc-role
This module creates the required roles in AWS to authenticate GitHub modules with AWS via OIDC.
https://github.com/armakuni/terraform-aws-github-actions-oidc-role
aws github-actions infrastructure oidc terraform
Last synced: 5 months ago
JSON representation
This module creates the required roles in AWS to authenticate GitHub modules with AWS via OIDC.
- Host: GitHub
- URL: https://github.com/armakuni/terraform-aws-github-actions-oidc-role
- Owner: armakuni
- License: mit
- Created: 2023-09-15T16:26:51.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2025-09-04T12:13:49.000Z (10 months ago)
- Last Synced: 2025-09-08T14:58:12.781Z (10 months ago)
- Topics: aws, github-actions, infrastructure, oidc, terraform
- Language: HCL
- Homepage: https://registry.terraform.io/modules/armakuni/github-actions-oidc-role/aws/latest
- Size: 56.6 KB
- Stars: 1
- Watchers: 6
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Github Actions AWS OIDC Terraform Module
This module creates the required roles in AWS to authenticate GitHub modules with AWS via OIDC.
You provide you GitHub organisation/username and repository name as variables to the module.
It will create a role name `-github-actions` which you can use to authenticate with AWS in your GitHub actions like so:
```yaml
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam:::role/-github-actions
role-session-name: aws-login
aws-region: eu-west-3
```
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_iam_policy.custom_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.custom_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_openid_connect_provider.oicd_provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [custom\_policy](#input\_custom\_policy) | A custom policy to attach to your role if you want more fine grained permissions |
object(
{
Version = string
Statement = list(any)
}
)
| `null` | no |
| [git\_ref](#input\_git\_ref) | The git refs for branches which can assume this role | `string` | `"refs/heads/main"` | no |
| [github\_owner](#input\_github\_owner) | The Github user or organisation name that owns repository to add the role for | `string` | n/a | yes |
| [github\_repository](#input\_github\_repository) | The name of the Github repository to add the role for | `string` | n/a | yes |
| [oicd\_provider\_arn](#input\_oicd\_provider\_arn) | The ARN of the Github Actions OIDC provider (if not provided, the module will use a data provider to find it) | `string` | `null` | no |
| [policy\_arn\_list](#input\_policy\_arn\_list) | A list of policy ARNs to attach to the role (there are the AWS permissions that your Github Actions pipeline will have) | `list(string)` | `[]` | no |
## Outputs
| Name | Description |
|------|-------------|
| [role](#output\_role) | The attributes from the aws\_iam\_role resource |