-
Notifications
You must be signed in to change notification settings - Fork 461
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: Could not assume role with OIDC: Not authorized to perform sts:AssumeRoleWithWebIdentity #961
Comments
Hi @mattrw-wageloch thanks for reaching out. I think that this may be a permissions issue. Did you make any changes to your account/role or policies? Is this issue intermittent or consistent? It doesn't seem like any changes merged in December would have caused this, and I'd expect more reports if there were a larger scale issue here. Please let us know if you have any updates on your end. |
Hi @tim-finnigan, Thanks for the reply. Yeah, I checked out configuration and nothing had changed from before the issue popped up. Some minor alterations to formatting of the trustpolicy were made (originally had both the sub/aud in the same condition but split them out to like/equals and no change) and recreation of the role with various name changes (and updated in our workflow) upon reading another issue lodged in the last couple of weeks - but beyond that, no other significant changes. The issue has been constant, and we have not had a successful authentication attempt since we noticed the issue. |
Update on this one. I re-created my OICD provider information and created a new role with it with a different name (previous name had GitHubActions in it) and now it's able to authenticate. |
Comments on closed issues are hard for our team to see. |
Describe the bug
As of the 27th of December, 2023, our GitHub Actions workflow is unable to successfully assume the role with OIDC, with the error message Could not assume role with OIDC: Not authorized to perform sts:AssumeRoleWithWebIdentity.
Our last successful execution of the workflow with the aws-actions/configure-aws-credentials@v4 action was approximately December 20th, 2023, however I cannot confirm when exactly this issue began occurring.
In trying to troubleshoot the issue, we have tried the following:
The job in our workflow that uses the aws-actions/configure-aws-credentials@v4 is our deploy job.
As noted above, beyond minor formatting or value changes, our working configuration remains unchanged. We have also looked for any possible notices by GitHub or AWS where there may have been a recent change that relates to the issue, but have not found anything.
Expected Behavior
Authenticate correctly with the OICD as it has done previously in the past week or so.
Current Behavior
When the action is run and gets to the aws-actions/configure-aws-credentials@v4, it attempts to run and loops through attempts until it fails, subsequently failing the job.
Run aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ***
aws-region: ap-southeast-2
audience: sts.amazonaws.com
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Error: Could not assume role with OIDC: Not authorized to perform sts:AssumeRoleWithWebIdentity
Reproduction Steps
Have attempted to re-run the jobs with the minor alterations as noted above.
Possible Solution
No response
Additional Information/Context
No response
The text was updated successfully, but these errors were encountered: