Naoto Ishizawa/GitHub Actions OpenId ConnectでAWS OIDC Providerと連携するときの注意点

Created Tue, 23 Aug 2022 15:09:38 +0900 Modified Sat, 17 Dec 2022 21:58:21 +0000

ざっと手順

注意点

  • GitHub Actionsのdefault permissionに id-tokens: write が含まれていないので忘れずに追加する
on:
  push:
    branches:
      - main

permissions:
  id-token: write
  contents: read

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-python@v3
        with:
          python-version: "3.8"
      - uses: aws-actions/setup-sam@v2
      - uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
          aws-region: us-east-2
      - run: sam build --use-container
      - run: sam deploy --no-confirm-changeset --no-fail-on-empty-changeset

Ref