ざっと手順
注意点
- GitHub Actionsのdefault permissionに
id-tokens: write
が含まれていないので忘れずに追加する
on:
push:
branches:
- main
permissions:
id-token: write
contents: read
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
aws-region: us-east-2
- run: sam build --use-container
- run: sam deploy --no-confirm-changeset --no-fail-on-empty-changeset
Ref