chore(ci-staging): add openid connect provider for gh actions

rust-lang · Dec 13, 2024 · ef9b79c · ef9b79c
1 parent b3643c2
commit ef9b79c
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/terragrunt/modules/ci-runners/gh_oidc.tf b/terragrunt/modules/ci-runners/gh_oidc.tf
@@ -0,0 +1,9 @@
+// Docs: https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/
+resource "aws_iam_openid_connect_provider" "github_actions_provider" {
+  url = "https://token.actions.githubusercontent.com"
+
+  client_id_list = ["sts.amazonaws.com"]
+
+  // unused
+  thumbprint_list = ["1c58a3a8518e8759bf075b76b750d4f2df264fcd"]
+}