DEV Community

Srinivasulu Paranduru for AWS Community Builders

Posted on โ€ข Edited on

3 1 1 1 1

GitHub Actions Pipeline using OpenIDConnect in AWS Cloud

Step by step approach for creation of IAM Role in AWS and using in GitHub Actions Pipeline

Step1 : Create of Identity Provider for Github

Image description

Step2: Select the OpenIDConnect then give the necessary details as given below and then click on Add Provider

Image description

Step3: Creation of IAM Role using Open ID Connector

Step 3.1:

Image description

Step 3.2:

  • Select Identity Provider
  • Select Audience
  • Enter GitHub Organisation

Image description

Step 3.3: Select required permissions

Image description

Step 3.4: Enter the role name as GHOIDCRole then click on create role

Image description

Step 3.5: Keep the IAM Role handy and its needs to be included to be used in GitHub Pipeline

  • arn:aws:iam::AWS_Account_ID:role/GHOIDCRole

Step 4: Create a github repo under your Github organisation

Image description

Step 4.1 : click on Actions

Image description

Step 4.2 :

To create a GitHub action to invoke the AWS CLI:
Create a basic workflow file, such as main.yml, in the .github/workflows directory of your repository. This sample workflow will assume the GHOIDCRole role, to perform the action aws sts get-caller-identity. Your repository can have multiple workflows, each performing different sets of tasks. After GitHub is authenticated to the role with the workflow, you can use AWS CLI commands in your account.
Paste the following example workflow into the file.


# This is a basic workflow to help you get started with Actions
name:Connect to an AWS role from a GitHub repository

# Controls when the action will run. Invokes the workflow on push events but only for the main branch
on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

env:

  AWS_REGION : <"us-east-1"> #Change to reflect your Region

# Permission can be added at job level or
Enter fullscreen mode Exit fullscreen mode

Conclusion : How To IAM Role using OpenID Connect for the Github pipelines using OpenIDConnect in AWS Cloud
๐Ÿ’ฌ If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it ๐Ÿ˜€ and follow me in dev.to , linkedin

Hot sauce if you're wrong - web dev trivia for staff engineers

Hot sauce if you're wrong ยท web dev trivia for staff engineers (Chris vs Jeremy, Leet Heat S1.E4)

  • Shipping Fast: Test your knowledge of deployment strategies and techniques
  • Authentication: Prove you know your OAuth from your JWT
  • CSS: Demonstrate your styling expertise under pressure
  • Acronyms: Decode the alphabet soup of web development
  • Accessibility: Show your commitment to building for everyone

Contestants must answer rapid-fire questions across the full stack of modern web development. Get it right, earn points. Get it wrong? The spice level goes up!

Watch Video ๐ŸŒถ๏ธ๐Ÿ”ฅ

Top comments (3)

Collapse
 
drjoanneskiles profile image
Joanne Skiles โ€ข

Great walkthrough on setting up OpenID Connect with GitHub Actions! This really simplifies AWS authentication without long-lived credentials. Thanks for sharing!

Collapse
 
srinivasuluparanduru profile image
Srinivasulu Paranduru โ€ข

thanks @joanne skiles. But wait for 1 or 2 days to finish the article with sample github pipeline

Collapse
 
drjoanneskiles profile image
Joanne Skiles โ€ข

I've done all this with my pipelines, I just appreciate this all written in one place.

๐Ÿ‘‹ Kindness is contagious

If this article connected with you, consider tapping โค๏ธ or leaving a brief comment to share your thoughts!

Okay