GitHub OIDC Identity Provider
This module configures AWS IAM resources so GitHub Actions can authenticate to AWS with OIDC.
What Exists
Code lives in infra/identity/.
Current Terraform configuration creates:
- IAM OIDC provider for
https://token.actions.githubusercontent.com - IAM role configured for OIDC trust
- Trust scope built from
github_organd optionalgithub_repositories
See main.tf and outputs.tf.
These roles are granted EKS cluster access via access entries. See EKS Environments.
Dependency
This module uses an S3 backend in backend.tf, so backend bootstrap must be complete first.
See Terraform Backend Bootstrap.
Current Inputs
Inputs are defined in variables.tf. The active repository values are in terraform.tfvars.
Pages
- Applying
- Usage in GitHub Actions
- Policy Attachment
- Troubleshooting
- Provider Versioning - Understanding exact version locks