You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+21-2Lines changed: 21 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -2,6 +2,21 @@
2
2
3
3
Configure AWS credential and region environment variables for use in other GitHub Actions. The environment variables will be detected by both the AWS SDKs and the AWS CLI to determine the credentials and region to use for AWS API calls.
4
4
5
+
**Table of Contents**
6
+
7
+
<!-- toc -->
8
+
9
+
-[Usage](#usage)
10
+
-[Credentials](#credentials)
11
+
-[Assuming a Role](#assuming-a-role)
12
+
+[Permissions for assuming a role](#permissions-for-assuming-a-role)
13
+
+[Session tagging](#session-tagging)
14
+
-[Self-Hosted Runners](#self-hosted-runners)
15
+
-[License Summary](#license-summary)
16
+
-[Security Disclosures](#security-disclosures)
17
+
18
+
<!-- tocstop -->
19
+
5
20
## Usage
6
21
7
22
Add the following step to your workflow:
@@ -50,7 +65,7 @@ We recommend following [Amazon IAM best practices](https://docs.aws.amazon.com/I
50
65
* [Rotate the credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials) used in GitHub Actions workflows regularly.
51
66
* [Monitor the activity](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#keep-a-log) of the credentials used in GitHub Actions workflows.
52
67
53
-
## Assuming a role
68
+
## Assuming a Role
54
69
If you would like to use the static credentials you provide to this action to assume a role, you can do so by specifying the role ARN in `role-to-assume`.
55
70
The role credentials will then be configured in the Actions environment instead of the static credentials you have provided.
56
71
The default session duration is 6 hours, but if you would like to adjust this you can pass a duration to `role-duration-seconds`.
@@ -130,7 +145,7 @@ The session will have the name "GitHubActions" and be tagged with the following
130
145
131
146
_Note: all tag values must conform to [the requirements](https://docs.aws.amazon.com/STS/latest/APIReference/API_Tag.html). Particularly, `GITHUB_WORKFLOW` will be truncated if it's too long. If `GITHUB_ACTOR` or `GITHUB_WORKFLOW` contain invalid charcters, the characters will be replaced with an '*'._
132
147
133
-
## Self-hosted runners
148
+
## Self-Hosted Runners
134
149
135
150
If you run your GitHub Actions in a [self-hosted runner](https://help.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) that already has access to AWS credentials, such as an EC2 instance, then you do not need to provide IAM user access key credentials to this action.
136
151
@@ -156,3 +171,7 @@ In this case, your runner's credentials must have permissions to assume the role
156
171
## License Summary
157
172
158
173
This code is made available under the MIT license.
174
+
175
+
## Security Disclosures
176
+
177
+
If you would like to report a potential security issue in this project, please do not create a GitHub issue. Instead, please follow the instructions [here](https://aws.amazon.com/security/vulnerability-reporting/) or [email AWS security directly](mailto:[email protected]).
0 commit comments