|
| 1 | +# GitHub OIDC |
| 2 | + |
| 3 | +Manage policies to permit GitHub workflows to authenticate against AWS. For more information, see: |
| 4 | + |
| 5 | +- From GitHub: [Configuring OpenID Connect in Amazon Web Services][github-oidc] |
| 6 | +- From AWS: [Use IAM roles to connect GitHub Actions to actions in AWS][aws-oidc] |
| 7 | + |
| 8 | +[github-oidc]: https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-aws |
| 9 | +[aws-oidc]: https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/ |
| 10 | + |
| 11 | +<!-- BEGIN_TF_DOCS --> |
| 12 | +## Requirements |
| 13 | + |
| 14 | +No requirements. |
| 15 | + |
| 16 | +## Providers |
| 17 | + |
| 18 | +| Name | Version | |
| 19 | +| ---- | ------- | |
| 20 | +| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a | |
| 21 | + |
| 22 | +## Modules |
| 23 | + |
| 24 | +No modules. |
| 25 | + |
| 26 | +## Resources |
| 27 | + |
| 28 | +| Name | Type | |
| 29 | +| ---- | ---- | |
| 30 | +| [aws_iam_openid_connect_provider.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource | |
| 31 | +| [aws_iam_role.github_actions_admin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | |
| 32 | +| [aws_iam_role.github_actions_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | |
| 33 | +| [aws_iam_role_policy.github_actions_admin_deny_dangerous](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | |
| 34 | +| [aws_iam_role_policy_attachment.github_actions_admin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | |
| 35 | +| [aws_iam_role_policy_attachment.github_actions_dns_permissions](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | |
| 36 | +| [aws_iam_policy_document.github_actions_admin_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | |
| 37 | +| [aws_iam_policy_document.github_actions_admin_deny_dangerous](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | |
| 38 | +| [aws_iam_policy_document.github_actions_dns_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | |
| 39 | + |
| 40 | +## Inputs |
| 41 | + |
| 42 | +| Name | Description | Type | Default | Required | |
| 43 | +| ---- | ----------- | ---- | ------- | :------: | |
| 44 | +| <a name="input_dns_policy_arn"></a> [dns\_policy\_arn](#input\_dns\_policy\_arn) | ARN of the managed IAM policy for Route53 record management | `string` | n/a | yes | |
| 45 | + |
| 46 | +## Outputs |
| 47 | + |
| 48 | +| Name | Description | |
| 49 | +| ---- | ----------- | |
| 50 | +| <a name="output_github_actions_admin_role_arn"></a> [github\_actions\_admin\_role\_arn](#output\_github\_actions\_admin\_role\_arn) | ARN of the IAM role for GitHub Actions with admin permissions | |
| 51 | +| <a name="output_github_actions_dns_role_arn"></a> [github\_actions\_dns\_role\_arn](#output\_github\_actions\_dns\_role\_arn) | ARN of the IAM role for GitHub Actions with DNS management permissions | |
| 52 | +<!-- END_TF_DOCS --> |
0 commit comments