Breaking News: Grepper is joining You.com. Read the official announcement!

Using OIDC authentication with AWS SAM pipeline

Add Answer

Pragya Keshap answered on February 23, 2023 Popularity 1/10 Helpfulness 1/10

answer Using OIDC authentication with AWS SAM pipeline

Using OIDC authentication with AWS SAM pipeline

Comment

During the sam pipeline bootstrap configuration process, do the following to set up OIDC with your AWS SAM pipeline.

When prompted to choose an identity provider, select OIDC.

Next, select a supported OIDC provider.

Enter the OIDC provider URL, beginning with https://.

Note

AWS SAM references this URL when it generates the AWS::IAM::OIDCProvider resource type.

Next, follow the prompts and enter the CI/CD platform information needed to access the selected platform. These details vary by platform and can include:

OIDC client ID.

Code repository name or universally unique identifier (UUID).

Group or Organization name associated with the repository.

GitHub organization that the code repository belongs to.

GitHub repository name.

Branch that deployments will occur from.

AWS SAM displays a summary of the entered OIDC configuration. Enter the number for a setting to edit it, or press Enter to continue.

When prompted to confirm the creation of resources needed to support the entered OIDC connection, press Y to continue.

AWS SAM generates an AWS::IAM::OIDCProvider AWS CloudFormation resource with the provided configuration that assumes the pipeline execution role. To learn more about this AWS CloudFormation resource type, see AWS::IAM::OIDCProvider in the AWS CloudFormation User Guide.

Select a permissions provider:
    1 - IAM (default)
    2 - OpenID Connect (OIDC)
Choice (1, 2): 2
Select an OIDC provider:
    1 - GitHub Actions
    2 - GitLab
    3 - Bitbucket
Choice (1, 2, 3): 1
Enter the URL of the OIDC provider [https://token.actions.githubusercontent.com]:
Enter the OIDC client ID (sometimes called audience) [sts.amazonaws.com]:
Enter the GitHub organization that the code repository belongs to. If there is no organization enter your username instead: my-org
Enter GitHub repository name: testing
Enter the name of the branch that deployments will occur from [main]:

[3] Reference application build resources
Enter the pipeline execution role ARN if you have previously created one, or we will create one for you []:
Enter the CloudFormation execution role ARN if you have previously created one, or we will create one for you []:
Please enter the artifact bucket ARN for your Lambda function. If you do not have a bucket, we will create one for you []:
Does your application contain any IMAGE type Lambda functions? [y/N]:

[4] Summary
Below is the summary of the answers:
    1 - Account: 123456
    2 - Stage configuration name: dev
    3 - Region: us-east-1
    4 - OIDC identity provider URL: https://token.actions.githubusercontent.com
    5 - OIDC client ID: sts.amazonaws.com
    6 - GitHub organization: my-org
    7 - GitHub repository: testing
    8 - Deployment branch: main
    9 - Pipeline execution role: [to be created]
    10 - CloudFormation execution role: [to be created]
    11 - Artifacts bucket: [to be created]
    12 - ECR image repository: [skipped]
Press enter to confirm the values above, or select an item to edit the value:

This will create the following required resources for the 'dev' configuration:
    - IAM OIDC Identity Provider
    - Pipeline execution role
    - CloudFormation execution role
    - Artifact bucket
Should we proceed with the creation? [y/N]:

Popularity 1/10 Helpfulness 1/10 Language whatever

Source: Grepper

Tags: authentication aws-sam pipeline using whatever

Link to this answer
Share Copy Link

Contributed on Feb 23 2023

Pragya Keshap

0 Answers Avg Quality 2/10

Using OIDC authentication with AWS SAM pipeline

Contents

More Related Answers

Using OIDC authentication with AWS SAM pipeline

Grepper

Documentation

Social

Legal

Contact

Oops, You will need to install Grepper and log-in to perform this action.