The iam_access_credentials GitHub action will configure the workflow environment with the necessary IAM access credentials as requested (via environment variables).
- uses: clowdhaus/aws-github-actions/iam_access_credentials@main
with:
# AWS Region to send the request to. If defined, this environment variable overrides
# the value for the profile setting region
# Required: true
aws-region: ''
# AWS access key associated with an IAM user or role
# Required: true
aws-access-key-id: ''
# Specifies the secret key associated with the access key
# Required: true
aws-secret-access-key: ''
# Specifies the session token value that is required if you are using temporary
# security credentials that you retrieved directly from AWS STS operations
# Required: true
aws-session-token: ''
# Determine if AWS account ID should be hidden from stdout as a secret value
# Default: 'true'
mask-aws-account-id: ''
# Determine if role should be assumed to generate credentials
# Default: 'false'
assume-role: ''
# The Amazon Resource Name (ARN) of the role to assume
# Required: when `assume-role` == `true`
role-arn: ''
# An identifier for the assumed role session
# Default: 'github-action-iam-access'
role-session-name: ''
# The duration, in seconds, of the role session
# Default: '900'
duration-seconds: ''
# A unique identifier that might be required when you assume a role in another account
external-id: ''- uses: clowdhaus/aws-github-actions/iam_access_credentials@main
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1- uses: clowdhaus/aws-github-actions/s3_sync@main
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
assume-role: true
role-arn: arn:aws:iam::123425678910:role/cross-account- uses: clowdhaus/aws-github-actions/s3_sync@main
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
assume-role: true
role-arn: arn:aws:iam::123425678910:role/cross-account
external-id: ${{ secrets.AWS_ASSUMED_ROLE_EXTERNAL_ID }}