Last active
July 3, 2023 22:21
-
-
Save rileydakota/def49a816a08163c0e2fad86bc7b8a53 to your computer and use it in GitHub Desktop.
CloudFormation Template for IAM Role for GitHub OIDC with latest fingerprints
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Parameters: | |
| GitHubOrg: | |
| Type: String | |
| RepositoryName: | |
| Type: String | |
| Resources: | |
| Role: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| RoleName: GithubActionsRole | |
| ManagedPolicyArns: | |
| - arn:aws:iam::aws:policy/AdministratorAccess #REPLACE ME WITH APPROPRIATE POLICY | |
| AssumeRolePolicyDocument: | |
| Statement: | |
| - Effect: Allow | |
| Action: sts:AssumeRoleWithWebIdentity | |
| Principal: | |
| Federated: !Ref GithubOidc | |
| Condition: | |
| StringLike: | |
| token.actions.githubusercontent.com:sub: !Sub repo:${GitHubOrg}/${RepositoryName}:* | |
| GithubOidc: | |
| Type: AWS::IAM::OIDCProvider | |
| Properties: | |
| Url: https://token.actions.githubusercontent.com | |
| ClientIdList: [sts.amazonaws.com] | |
| ThumbprintList: [6938fd4d98bab03faadb97b34396831e3780aea1, 1c58a3a8518e8759bf075b76b750d4f2df264fcd] | |
| Outputs: | |
| Role: | |
| Value: !GetAtt Role.Arn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment