configure-aws-credentials icon indicating copy to clipboard operation
configure-aws-credentials copied to clipboard

Published 20 hours ago verified publisher icon aws-actions

Support additional session tags like GITHUB_BASE_REF and GITHUB_EVENT_NAME

Open jsimoni opened this issue 3 years ago • 4 comments

We'd like to be create a trust document on the AWS Role assumed by GitHub Action workflow that only authorizes a workflow that runs on a pull request that targets a specific branch. In order to do that, we would need this GitHub Action to populate Session Tags with the values in the GITHUB_BASE_REF & GITHUB_EVENT_NAME environmental variables.

https://github.com/aws-actions/configure-aws-credentials#session-tagging

jsimoni avatar Feb 17 '22 02:02 jsimoni

We should be able to support additional, non-required environment variables as session tags. Thanks for the suggestion!

Documentation here for future reference

peterwoodworth avatar Oct 10 '22 23:10 peterwoodworth

You can currently work around your specific issue through your action configuration like so until we may implement this:

on:
  pull_request_target:
    types:
      - opened
    branches:    
      - 'master'
  push:
    branches:    
      - 'master'

peterwoodworth avatar Oct 10 '22 23:10 peterwoodworth

When we implement this I think the expectation is that you would add PrincipalTag to the condition in your trust policy, is that correct?

peterwoodworth avatar Oct 11 '22 00:10 peterwoodworth

@peterwoodworth, yes that's correct.

jsimoni avatar Oct 11 '22 00:10 jsimoni