From ef9b79c9c86e81f55aa3aa28e42dbb5e04615dc3 Mon Sep 17 00:00:00 2001 From: MarcoIeni <11428655+MarcoIeni@users.noreply.github.com> Date: Fri, 13 Dec 2024 11:38:01 +0100 Subject: [PATCH] chore(ci-staging): add openid connect provider for gh actions --- terragrunt/modules/ci-runners/gh_oidc.tf | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 terragrunt/modules/ci-runners/gh_oidc.tf diff --git a/terragrunt/modules/ci-runners/gh_oidc.tf b/terragrunt/modules/ci-runners/gh_oidc.tf new file mode 100644 index 00000000..3d1ec3ec --- /dev/null +++ b/terragrunt/modules/ci-runners/gh_oidc.tf @@ -0,0 +1,9 @@ +// Docs: https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/ +resource "aws_iam_openid_connect_provider" "github_actions_provider" { + url = "https://token.actions.githubusercontent.com" + + client_id_list = ["sts.amazonaws.com"] + + // unused + thumbprint_list = ["1c58a3a8518e8759bf075b76b750d4f2df264fcd"] +}