configure-aws-credentials
login
configure-aws-credentials | login | |
---|---|---|
20 | 7 | |
2,287 | 269 | |
1.2% | 3.4% | |
9.4 | 7.3 | |
12 days ago | 9 days ago | |
TypeScript | TypeScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
configure-aws-credentials
-
CI/CI deploy a static website to AWS S3 bucket through Github Actions
The AWS configure-aws-credentials Github Action allows the connection to the AWS S3 bucket through an AWS Role. The configuration of this role is explained in the next chapter
-
How to Get Preview Environments for Every Pull Request
In this example, we'll be using the aws-actions/configure-aws-credentials action with GitHub's OIDC provider. Make sure the configured role has the required permissions.
-
Better GitHub AWS Secrets with OIDC
The first step is to set up GitHub Actions as a recognized identity provider in my AWS account. This is also called an "OIDC Trust" relationship. In AWS IAM, create an Identity Provider with GitHub's provider URL and Audience. I am using the open-source action configure-aws-credentials (link) which means I want to use an Audience value of sts.amazonaws.com. Be sure to click the "Get Thumbprint" button to save a copy of the x.509 certificate used by GitHub into the AWS identity provider.
-
Deployment github and aws, how to correctly use secrets?
You can use configure-aws-credentials Github aciton. Which is pretty good. Here is a blog post about it from AWS: https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/
-
AWS SSO & GitHub OpenID Connect Setup
We are now ready to utilize configure-aws-credentials within our GitHub Actions as we move onto deploying our code!
-
AssumeRoleWithWebIdentity WHAT?! Solving the Github to AWS OIDC InvalidIdentityToken Failure Loop
The AssumeRoleWithWebIdentity error manifests itself mostly around parallel access attempts, and how the various AWS interfaces are able to authenticate, as well as run and deploy services. We started encountering this issue when running our pipelines for deployment, and attempting to authenticate our Github account to AWS via the OIDC plugin. This is a well-known (and widely discussed) limitation for authentication to AWS for web application providers. In our case it was Github, but this is true for pretty much any web application integration.
- request critical feedback on the yaml for my first github action, please
-
Deploying to AWS from GitHub actions: is this something Fortune 500 security reviews will cry about?
What you are looking at is totally doable, you MUST use: https://github.com/aws-actions/configure-aws-credentials
-
Trending open source repositories on GitHub
AWS Actions: It's an open source project from AWS which the goal is to get easy to Configure AWS credential and region environment variables for use in other GitHub Actions.
-
App with self-contained infrastructure on AWS
In order to achieve this, AWS credentials need to be properly configured. Here we use a handy Github action called configure-aws-credential, from AWS itself. You can also read more about the many methods of authentication available. This step requires the AWS_REGION and AWS_ROLE_ARN secrets to be properly configured in the repo, both of which that should be shared by the platform team.
login
-
Playwright, GitHub Actions and Azure Static Web Apps staging environments
name: Static Web App - Build and Deploy ποΈ on: push: branches: - main pull_request: types: [opened, synchronize, reopened, closed] branches: - main workflow_dispatch: permissions: id-token: write contents: write pull-requests: write env: LOCATION: westeurope STATICWEBAPPNAME: blog.johnnyreilly.com jobs: build_and_deploy_swa_job: if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed') runs-on: ubuntu-latest name: Site build and deploy ποΈ steps: - name: Checkout π₯ uses: actions/checkout@v3 # Auth between GitHub and Azure is handled by https://github.com/jongio/github-azure-oidc # https://github.com/Azure/login#sample-workflow-that-uses-azure-login-action-using-oidc-to-run-az-cli-linux # other login options are possible too - name: AZ CLI login π uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Get preview URL π id: static_web_app_preview_url uses: azure/CLI@v1 with: inlineScript: | DEFAULTHOSTNAME=$(az staticwebapp show -n '${{ env.STATICWEBAPPNAME }}' | jq -r '.defaultHostname') PREVIEW_URL="https://${DEFAULTHOSTNAME/.[1-9]./-${{github.event.pull_request.number }}.${{ env.LOCATION }}.1.}" echo "PREVIEW_URL=$PREVIEW_URL" >> $GITHUB_OUTPUT - name: Setup Node.js π§ uses: actions/setup-node@v3 with: node-version: '18' cache: 'yarn' - name: Install and build site π§ run: | cd blog-website yarn install --frozen-lockfile yarn run build cp staticwebapp.config.json build/staticwebapp.config.json - name: Get API key π id: static_web_app_apikey uses: azure/CLI@v1 with: inlineScript: | APIKEY=$(az staticwebapp secrets list --name '${{ env.STATICWEBAPPNAME }}' | jq -r '.properties.apiKey') echo "APIKEY=$APIKEY" >> $GITHUB_OUTPUT - name: Deploy site π id: static_web_app_build_and_deploy uses: Azure/static-web-apps-deploy@v1 with: azure_static_web_apps_api_token: ${{ steps.static_web_app_apikey.outputs.APIKEY }} repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments) action: 'upload' skip_app_build: true app_location: '/blog-website/build' # App source code path api_location: '/blog-website/api' # Api source code path - optional outputs: preview-url: ${{steps.static_web_app_preview_url.outputs.PREVIEW_URL}} integration_tests_job: name: Integration tests π‘π needs: build_and_deploy_swa_job if: github.event_name == 'pull_request' && github.event.action != 'closed' runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Wait for preview ${{ needs.build_and_deploy_swa_job.outputs.preview-url }} β id: static_web_app_wait_for_preview uses: nev7n/wait_for_response@v1 with: url: '${{ needs.build_and_deploy_swa_job.outputs.preview-url }}' responseCode: 200 timeout: 600000 interval: 1000 - uses: actions/setup-node@v3 with: node-version: 18 - name: Install dependencies run: npm ci working-directory: ./blog-website-tests - name: Install Playwright Browsers run: npx playwright install --with-deps working-directory: ./blog-website-tests - name: Run Playwright tests env: PLAYWRIGHT_TEST_BASE_URL: '${{ needs.build_and_deploy_swa_job.outputs.preview-url }}' run: npx playwright test working-directory: ./blog-website-tests - uses: actions/upload-artifact@v3 if: always() with: name: playwright-report path: blog-website-tests/playwright-report/ retention-days: 30 close_pull_request_job: if: github.event_name == 'pull_request' && github.event.action == 'closed' runs-on: ubuntu-latest name: Cleanup staging π₯ steps: - name: AZ CLI login π uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Get API key π id: apikey uses: azure/CLI@v1 with: inlineScript: | APIKEY=$(az staticwebapp secrets list --name '${{ env.STATICWEBAPPNAME }}' | jq -r '.properties.apiKey') echo "APIKEY=$APIKEY" >> $GITHUB_OUTPUT - name: Destroy staging environment π₯ id: closepullrequest uses: Azure/static-web-apps-deploy@v1 with: azure_static_web_apps_api_token: ${{ steps.apikey.outputs.APIKEY }} action: 'close'
-
Deploying C# Azure Functions via GitHub Actions
Azure Login
-
CICD experience: Source-2-image and deploy to Oracle WebLogic Server on AKS
We leveraged many existing GitHub Actions such as actions/checkout, azure/CLI and azure/login to build our pipeline. The built-in support for bash scripts provides all the flexibilities we needed to complete it.
-
How do you handle Azure/Google cloud creds in GitHub Actions?
Interesting - do you use https://github.com/Azure/login in GitHub Actions, or do you just create GitHub secrets and use those as env vars in the action steps?
-
Multiple Azure Subs One Github Action
In order for the workflow to successfully log in to the Azure subscriptions, you will need to make sure that you have created a Service Principal with the appropriate permissions. Once the Service Principal has been created you can add the details to a repository secret on GitHub. You can find out more about how to create this Service Principal on the βAzure/Loginβ GitHub repo. Once created, you secrets might look like the below.
-
Using the GitHub self-hosted runner and Azure Virtual Machines to login with a System Assigned Managed Identity
This error actually makes sense. If you've seen any of my recent talks / posts, you may have noticed that I talk about how each GitHub Action is just another GitHub repository that follows a specific standard. Each GitHub Action has an action.yml file in the root of the GitHub repository. This is available for the Azure/login action here.
What are some alternatives?
kubectl-aws-eks - A Github action for kubectl, the Kubernetes CLI
auth - A GitHub Action for authenticating to Google Cloud.
buildkit - concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
actions - GitHub Action for Infracost. See cloud cost estimates for Terraform in pull requests. π°π Love your cloud bill!
setup-buildx-action - GitHub Action to set up Docker Buildx
auth - Authenticator via oauth2, direct, email and telegram
goss - Quick and Easy server testing/validation
github-azure-oidc - Some scripts and info to help you get your GitHub action connected to Azure
cargotracker - The project demonstrates how you can develop applications with Jakarta EE using widely adopted architectural best practices like Domain-Driven Design (DDD).
s3-sync-action - π GitHub Action to sync a directory with a remote S3 bucket π§Ί
cli - Automate your GitHub workflows using Azure CLI scripts