Skip to content

Commit

Permalink
OIDC role definition
Browse files Browse the repository at this point in the history
  • Loading branch information
rrigato committed Apr 20, 2024
1 parent 07fb0d0 commit bff3e5a
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 0 deletions.
1 change: 1 addition & 0 deletions static/css/homepageSection.css
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ ul{
background-color: #aaaaaa;
border-radius: 5%;
color:black;
height: 800px;
max-width: 750px;
}

46 changes: 46 additions & 0 deletions templates/homepage_backend.template
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
AWSTemplateFormatVersion: '2010-09-09'

Description: Backend aws resources

Parameters:

githubUser:
Default: rrigato
Description: 'GitHub organization name'
Type: String


oidcAudience:
Default: 'sts.amazonaws.com'
Description: 'The audience for the OIDC provider'
Type: String

projectName:
Type: String
Default: homepage


Resources:


projectRoleForGitHubActions:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Action: sts:AssumeRoleWithWebIdentity
Principal:
Federated:
Fn::ImportValue:
githubOidcProviderArn
Condition:
StringEquals:
token.actions.githubusercontent.com:aud: !Ref oidcAudience
StringLike:
token.actions.githubusercontent.com:sub: !Sub repo:${githubUser}/${projectName}:*
Description: !Sub '${projectName} GitHub Actions role to assume'
ManagedPolicyArns:
- !Sub arn:aws:iam::${AWS::AccountId}:policy/${projectName}_pipeline_permissions
RoleName: !Sub ${projectName}-github-actions-role

0 comments on commit bff3e5a

Please sign in to comment.