github-oidc
bryan-rhm/github-oidc/aws
Module to create github oidc integration.
terraform-aws-github-oidc Module to create github oidc integration with AWS. Usage Install the module Initialize the module and get the Role ARN from the outputs. ``hcl provider "aws" { region = var.region } module "github_oidc" { source = "bryan-rhm/github-oidc/aws" version = "1.0.0" github_organization = "YOUR ORGANIZATION/GITHUB ACCOUNT" managed_policy_arns = ["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] # Policies you want to attach to the github role. } ` Once you have installed the module you will be able authenticate from your github organization using the role created from the module. The job or workflow run requires a permissions setting with id-token: write. You won't be able to request the OIDC JWT ID token if the permissions setting for id-token is set to read or none. `ya
| Name | Type | Description | Default |
|---|---|---|---|
| github_organization | string | The GitHub organization to allow access to | |
| role_name | string | Name of the IAM role | "GithubActionsRole" |
| managed_policy_arns | list(string) | The ARNs of the managed policies to attach to the role | [] |
| tags | map(string) | Tags to apply to all resources | {} |
| github_url | string | The URL of the GitHub OAuth2 provider | "https://token.actions.githubusercontent |
| github_repositories | list(string) | The GitHub repositories inside the organization you want to allow access to | [
"*"
] |
role_arn — Arn of the IAM role allowed to authenticate to AWS from Github actionsoidc — Github openid connect providerassume_role_policy — Assume role policy, this value can be used to create another role outside this moduleAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,