Adding Roles

PreviousAdding AWS Accounts NextRoles for GitHub Actions

Last updated 2 years ago

Adding Roles

Prerequisites

to your GitHub Organization or User Account

Add or Update an IAM Role

Create a new role

Navigate to
Click Create Role
1. Trusted entity type: SAML 2.0 federation
2. SAML 2.0-based provider: Choose the provider.
  1. If SAML.to isn't in the list, .
3. Allow programmatic and AWS Management Console access
4. Attribute: SAML:aud
5. Value: https://signin.aws.amazon.com/saml
Continue the remaining steps to create the role
Copy the Role ARN

Use an existing role

Copy the Provider ARN of SAML.to from
1. If SAML.to isn't in the list, .
Choose a role in
Click the Trust Relationships tab
Click Edit trust policy
Add a Statement, update the policy, and make note of the Provider ARN

{
  "Effect": "Allow",
  "Principal": {
      "Federated": "THE_PROVIDER_ARN"
  },
  "Action": "sts:AssumeRoleWithSAML",
  "Condition": {
      "StringEquals": {
          "SAML:aud": "https://signin.aws.amazon.com/saml"
      }
  }
}

Update saml-to.yml

Add the following the following block to permissions.aws.roles to saml-to.yml:

      - name: THE-ROLE-ARN
        provider:
          variables:
            providerArn: THE-PROVIDER-ARN
        users:
          github:
            - some-github-user
            - another-github-user
        repos:
          github:
            - some-repo
            - another-org/some-other-repo

PreviousAdding AWS Accounts NextRoles for GitHub Actions

Last updated 2 years ago