CDK construct library for Github OpenID Connect Identity Provider
Project description
cdk-github-oidc
Inspired by aripalo/aws-cdk-github-oidc, this construct library allows you to create a Github OpenID Connect Identity Provider trust relationship with the Provider construct as well as federated IAM roles for one or multiple Github repositories.
This construct is still in experimental stage and may have breaking changes. However, we aim to make this library as simple as possible.
Sample
import { Provider } from '@pahud/cdk-github-oidc';
// create a new provider
const provider = new Provider(stack, 'GithubOpenIdConnectProvider')
// create an IAM role from this provider
provider.createRole('demo-role',
// sharing this role across multiple repositories
[
{ owner: 'octo-org', repo: 'first-repo' },
{ owner: 'octo-org', repo: 'second-repo' },
{ owner: 'octo-org', repo: 'third-repo' },
]
)
Import the provider
Each AWS account can only have one GitHub OIDC identity provider. To import the existing one, use Provider.fromAccount():
// import the provider
const provider = Provider.fromAccount(stack, 'GithubOpenIdConnectProvider')
// create a iam role from the imported provider
provider.createRole(...)
Workflow sample
name: demo
on:
workflow_dispatch: {}
jobs:
deploy:
name: Upload to Amazon S3
runs-on: ubuntu-latest
env:
AWS_REGION: us-east-1
permissions:
id-token: write # needed to interact with GitHub's OIDC Token endpoint.
contents: read
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN_TO_ASSUME }}
aws-region: ${{ env.AWS_REGION }}
- name: Sync files to S3
run: |
aws s3 sync ./ s3://${{ secrets.AWS_BUCKET }}
Projects using this library
Reference
- Configuring OpenID Connect in Amazon Web Services from GitHub Docs
- aripalo/aws-cdk-github-oidc by Ari Palo
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pahud-cdk-github-oidc-0.0.387.tar.gz.
File metadata
- Download URL: pahud-cdk-github-oidc-0.0.387.tar.gz
- Upload date:
- Size: 36.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0667036a51d1c5242090ce9fab88ccdb62cdcc41896f65bc03d8da174387f11c |
|
| MD5 | 3299caaea48041d2ee19ba2bfbbb5076 |
|
| BLAKE2b-256 | 4098daeab18afc22b956f4bb7b0e9035b404899c10d7f55702b76257f88c808f |
File details
Details for the file pahud_cdk_github_oidc-0.0.387-py3-none-any.whl.
File metadata
- Download URL: pahud_cdk_github_oidc-0.0.387-py3-none-any.whl
- Upload date:
- Size: 34.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0ff7a3881cfb0eb747658b0cc119dc63df40beb44d038613b66cf82fe9d070ba |
|
| MD5 | 0cc5d9e7e4bfb6a5f23ffb4c170ed88d |
|
| BLAKE2b-256 | 7a5e550957bf7fadd44ba18e03fce521172894fcb0904810193abd4bde5fe0ab |
