docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon github

Add AWS OIDC config when used with environment

Open Prevole opened this issue 2 years ago â€ĸ 5 comments

Why:

I spent time to figure out why I got this error: "Error: Not authorized to perform sts:AssumeRoleWithWebIdentity". I found an issue on the AWS Credentials Action repository: https://github.com/aws-actions/configure-aws-credentials/issues/511#issuecomment-1289602876.

What's being changed (if available, include any code snippets, screenshots, or gifs):

Add one more example of AWS trusted entity configuration corresponding to the case where environment is used in GitHub Actions.

Check off the following:

  • [x] I have reviewed my changes in staging (look for the "Automatically generated comment" and click the links in the "Preview" column to view your latest changes).
  • [x] For content changes, I have completed the self-review checklist.

Prevole avatar Mar 06 '23 00:03 Prevole

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

welcome[bot] avatar Mar 06 '23 00:03 welcome[bot]

👋 Hey there spelunker. It looks like you've modified some files that we can't accept as contributions. The complete list of files we can't accept are: .devcontainer/** .github/actions-scripts/** .github/workflows/** .github/CODEOWNERS assets/fonts/** data/graphql/** Dockerfile* src/** lib/redirects/** package*.json scripts/** content/actions/deployment/security-hardening-your-deployments/**

You'll need to revert all of the files you changed in that list using GitHub Desktop or git checkout origin/main <file name>. Once you get those files reverted, we can continue with the review process. :octocat:

github-actions[bot] avatar Mar 06 '23 00:03 github-actions[bot]

Automatically generated comment ℹī¸

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source Preview Production What Changed
actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md fpt
ghec
ghes@ 3.8 3.7 3.6 3.5
fpt
ghec
ghes@ 3.8 3.7 3.6 3.5

fpt: Free, Pro, Team ghec: GitHub Enterprise Cloud ghes: GitHub Enterprise Server ghae: GitHub AE

github-actions[bot] avatar Mar 06 '23 00:03 github-actions[bot]

@Prevole Thanks so much for opening a PR! I'll get this triaged for review :zap:

cmwilson21 avatar Mar 06 '23 15:03 cmwilson21

👋 Hey there spelunker. It looks like you've modified some files that we can't accept as contributions. The complete list of files we can't accept are: .devcontainer/** .github/actions-scripts/** .github/workflows/** .github/CODEOWNERS assets/fonts/** data/graphql/** Dockerfile* src/** lib/redirects/** package*.json scripts/** content/actions/deployment/security-hardening-your-deployments/**

You'll need to revert all of the files you changed in that list using GitHub Desktop or git checkout origin/main <file name>. Once you get those files reverted, we can continue with the review process. :octocat:

github-actions[bot] avatar Mar 08 '23 19:03 github-actions[bot]

@Prevole - Many thanks for raising this PR.

Unfortunately, content/actions/deployment/security-hardening-your-deployments/** is one of the areas of the docs we don't accept PRs for in this repository.

However, I've asked out OIDC experts to take a look at your suggested change and if they agree we will make this change internally.

I'll leave this PR open for now, until an SME has taken a look, then we'll close this out.

Thanks again for raising this. We really appreciate you taking time to do this. 👍

hubwriter avatar Aug 18 '23 15:08 hubwriter

Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert :eyes:

github-actions[bot] avatar Aug 18 '23 15:08 github-actions[bot]

@paveliak - Many thanks for checking this. 👍

I've added an internal PR to make this change, so I'll close this PR.

@Prevole - Thank you for making this clarification to the docs. Much appreciated.

hubwriter avatar Sep 11 '23 10:09 hubwriter

This change is now published: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#configuring-the-role-and-trust-policy

@Prevole - Many thanks again for working to improve the GitHub docs. 👏

hubwriter avatar Sep 26 '23 11:09 hubwriter

@hubwriter : Thanks for the change.

Prevole avatar Sep 26 '23 14:09 Prevole