Github Actions & AWS

  1. Use Role in Github Actions

Create a role

I’ll be using terraform to create a to configure GitHub Actions as an IAM OIDC identity provider in AWS

├── oidc-github
│ ├──
│ ├──
│ └──
# create a directory
mkdir oidc-github; cd oidc-github

use terraform remote state

#config.tfprovider "aws" {
region = "us-east-2"

terraform {
required_version = ">= 1.0"

backend "s3" {
bucket = "{MY BUCKET}"
key = "MY_KEY"
encrypt = true
region = "us-east-2"

required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"

specify github repo

#oidc.tfmodule "aws_oidc_github" {
source = "unfunco/oidc-github/aws"
version = "0.5.0"

github_organisation = "MYORG"
github_repositories = ["MYREPO"]


terraform init
terraform apply

Use role for Github Action

A working example github action to list S3 buckets

name: Pull Request Verification


# permission can be added at job level or workflow level
id-token: write
contents: read # This is required for actions/checkout@v2

name: Configure AWS and List S3 buckets
runs-on: ubuntu-latest
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@master
aws-region: us-east-2
role-to-assume: "ROLE_FROM_STEP_1"
- name: S3 list buckets
run: |
aws s3 ls




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Introducing Project ONYX

Cross-Functionality In Scrum: Do You Get It Right?

GSoC` 19 with Shogun - Weeks 1 & 2

The Ruby Unbundled Series: Designing and Launching New Features in Rails

Designing and Launching New Features in Rails

Delivering the Right Infrastructure for the Right Job

The Ultimate Google Analytics Audit Template Sheet — Review 9/12

3 Simple Steps to Build Classifai Data Annotation Tool from Source

A big brain FPL play

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Natarajan Santhosh

Natarajan Santhosh

More from Medium

Getting Started with AWS

How to work with multiple AWS CLI accounts

Migration of WordPress from on-prem to AWS Cloud

Automatically tag AWS EC2 Instances with the “Owner” tag upon creation