Feed
I don't have much experience with CI/CD tools. I work as a software developer and fortunately I haven't had to take care about this devops stuff. I wasn't aware about this OIDC flow and we stored everything in sectet storage. Today I'm running my startup project and I have chosen Github Actions altogether with AWS S3 to host my static web app. This instruction took a few minutes and went without problems. Thank you for explaining this topic in human-readable format. Good job!
Thanks for this article. So is it truly just the ARN of the Role and the repo name(s) on that Role in AWS that control the security/access b/w the Git Repo and Git Actions ability to generate operations in AWS as that role? I feel like I'm missing some other key or secret. The thumbprint seems like it has to be that specific value due to the 2022 certificate chain issue so thats not unique or a secret. Thanks!
This is awesome! Thanks for the guide!
This is awesome! Thanks! I'm going to now look if there's an open-source terraform module that sets up the IdP, and if not I might have to write one..
If Github action workflow had an entry like aws_session_token it would meet my expectations of how to set up a Github action to deploy to our production environment. I like to open a window, using STS, to allow deployment to prod. I want it to be short term so I like to enter temporary credentials in Github settings to open a window for deployment. Using an assumed role is secure but it is an open window which does not suit our current situation.
Great post, Ben. Thanks! 🙏🏼 I think this is very relevant for a lot of people (including myself).
... and I also learned about quick-create links in CloudFormation.
Chase Denecke
It would be nice if you could give a full example main.yml file for deploying via github actions. I spent about half an hour trying to properly indent and organize the various permissions. This is partly because I am dumb, but I bet other dumb people will read this too and also be confused.