Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/michael-ortiz/terraform-aws-github-actions-oidc

A simple module that create all the necessary infrastructure to allow GitHub Actions to access your AWS account by using an OIDC role.
https://github.com/michael-ortiz/terraform-aws-github-actions-oidc

aws github-actions module oidc oidc-role terraform

Last synced: 7 days ago
JSON representation

A simple module that create all the necessary infrastructure to allow GitHub Actions to access your AWS account by using an OIDC role.

Host: GitHub
URL: https://github.com/michael-ortiz/terraform-aws-github-actions-oidc
Owner: michael-ortiz
License: mit
Created: 2023-12-20T23:45:09.000Z (11 months ago)
Default Branch: main
Last Pushed: 2024-07-12T12:56:51.000Z (4 months ago)
Last Synced: 2024-07-12T14:50:35.910Z (4 months ago)
Topics: aws, github-actions, module, oidc, oidc-role, terraform
Language: HCL
Homepage:
Size: 15.6 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # terraform-aws-github-actions-oidc

A simple module that creates a single OIDC Role to be assumed by GitHub Actions to have access to your AWS Account.

## Usage:

```

module "github-actions-oidc" {

  source  = "michael-ortiz/github-actions-oidc/aws"

  version = "~> 1.0"

  create_oidc_provider = true

  repositories            = ["Organization/RepositoryName"]

  oidc_role_policies_arns = ["YOUR_POLICY_ARN"]

}

```

## Resources

| Name | Type |

|------|------|

| [aws_iam_openid_connect_provider.provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |

| [aws_iam_role.github_actions_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role_policy_attachment.attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_iam_policy_document.policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [create\_oidc\_provider](#input\_create\_oidc\_provider) | Should create or not the OIDC provider. | `bool` | `true` | no |

|  [github\_thumbprint](#input\_github\_thumbprint) | GitHub OpenID TLS certificate thumbprints. | `list(string)` | `6938fd4d98bab03faadb97b34396831e3780aea1`, `1c58a3a8518e8759bf075b76b750d4f2df264fcd` | no |

|  [max\_session\_duration](#input\_max\_session\_duration) | Maximum session duration in seconds. | `number` | `3600` | no |

|  [oidc\_role\_policies\_arns](#input\_oidc\_role\_attach\_policies) | Policy ARNs to be attached to the role. | `list(string)` | `[]` | no |

|  [repositories](#input\_repositories) | List of GitHub organization/repository names authorized to assume the role. | `list(string)` | `[]` | no |

|  [tags](#input\_tags) | Tags to be applied to resources. | `map(string)` | `{}` | no |

|  [role\_name](#input\_role\_name) | Name of the GitHub Actions OIDC role. | `string` | `github-actions-oidc-role` | no |

## Outputs

| Name | Description |

|------|-------------|

|  [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | OIDC provider ARN |

|  [oidc\_role\_arn](#output\_oidc\_role) | GitHub Actions OIDC role ARN |