Skip to content

Commit

Permalink
🧱 (ci): Uses OIDC & assume role for AWS credentials (#6)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bendoerr
bendoerr authored Dec 12, 2023
1 parent 81b9186 commit 278f95a
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ permissions:
jobs:
terratest:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
Expand All @@ -27,10 +29,12 @@ jobs:
ssh-private-key: |
${{ secrets.ORG_ACCESS_SSH_KEY }}
- uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
role-to-assume: arn:aws:iam::234656776442:role/brd-sndbx-ue1-core-apply
aws-region: us-east-1

- name: terratest
uses: cloudposse/github-action-terratest@bcc438f66e180dcaafcacdf8644967dea9eaf7d2 # main
with:
sourceDir: test
env:
AWS_ACCESS_KEY_ID: ${{ secrets.SANDBOX_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.SANDBOX_AWS_SECRET_ACCESS_KEY }}

0 comments on commit 278f95a

Please sign in to comment.