Peter Woodworth

The sub needs to be different if an environment is set like @jberglinds has been so helpful to explain and provide examples for. See [Github docs](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) on subject claims, specifically...

Thanks for the request @ianonavy, I'm interested in hearing more about this: > We also considered using the configurable role-session-name, but we'd rather not rely on user-controlled inputs. In my...

Thanks for the helpful reply @ianonavy, > would add tremendous value to teams using GitHub Actions to make changes in AWS with very little cost. I'm curious what you think...

I'll try to investigate this at some point in the next week

Hey @ROglesby92, are you using OIDC to authenticate?

The original post here has to deal with some confusion surrounding how long credentials last in a github action lifecycle. If you really need to get rid of your credentials...

The original issue here has to do with supporting a new feature. I'm repurposing this issue to track the issue @avram has reported. I've found the same behavior in that...

Actually - I had something slightly misconfigured. I am finding that `webIdentityTokenFile` works fine. However, I was running into `Credentials could not be loaded` when I should've been running into...

Closing this out in favor of #222, we're hoping to merge #246 soon so stay tuned 🙂

Thanks @SergeyKubrak for helping out here, you're exactly right. The role needs to have `sts:TagSession` in its trust relationships. If this doesn't fix the issue for anyone, let me know....