Skip to content

GitHub OIDC → AWS IAM Role #67

Open
Task
Open
GitHub OIDC → AWS IAM Role#67
Task
Assignees
Tuburni
Labels
awsAmazon Web Services & cloud resourcesci/cdContinuous Integration & Continuous DeploymentgovernancePolicies & standardshacktoberfestSpecial issue for Hacktoberfesthacktoberfest-2025Special issue for Hacktoberfest 2025infraInfrastructurepriority: highNeeds attention ASAPsecuritySecurity & compliance
Milestone
Hacktoberfest 2025
@Alexandrbig1

Description

@Alexandrbig1
Alexandrbig1
opened on Oct 4, 2025

Priority: High
Difficulty: High

Description:
Set up GitHub Actions OIDC trust with AWS by configuring trust for token.actions.githubusercontent.com.

  • Create an IAM role (gha-deploy-role) with minimum privileges required for: Lambda, API Gateway v2, CloudFront (invalidation), S3 (sync), and CloudWatch Logs.
  • Ensure workflows can assume this role and receive temporary credentials without storing AWS keys in GitHub Secrets.

Acceptance Criteria:

  • OIDC trust is established between GitHub Actions and AWS
  • gha-deploy-role is created with least privilege access for required AWS services
  • GitHub Actions workflow can obtain temporary AWS credentials and deploy without static keys

Metadata

Metadata

Assignees

Labels

awsAmazon Web Services & cloud resourcesci/cdContinuous Integration & Continuous DeploymentgovernancePolicies & standardshacktoberfestSpecial issue for Hacktoberfesthacktoberfest-2025Special issue for Hacktoberfest 2025infraInfrastructurepriority: highNeeds attention ASAPsecuritySecurity & compliance

Type

Task

Projects

CoreX E-Commerce — Hacktoberfest 2025

Status

In Progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions