auth
configure-aws-credentials
auth | configure-aws-credentials | |
---|---|---|
13 | 20 | |
826 | 2,287 | |
2.9% | 1.2% | |
7.6 | 9.4 | |
17 days ago | 11 days ago | |
TypeScript | TypeScript | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
auth
-
Push code with GitHub Actions to Google Cloudโs Artifact Registry
This workflow will authenticate with Google Cloud using the Google Cloud auth GitHub Action and use Docker to authenticate and push to the registry. To make this workflow work (or flow?) we need to set up some Google Cloud resources and add in those values for our environment variables. Make sure to add in the value for PROJECT_ID where you have permission to create resources. The value for IMAGE_NAME can be anything โ itโll be created the first time this workflow runs:
-
GitHub Actions could be so much better
The issue of integration with other tools is also quite strange. Of course, this is not directly related to github actions. For example, what needs to be done to use cloud run https://github.com/google-github-actions/auth#setting-up-wor...
- you must have the "bigquery.datasets.create" permission on the selected project
-
IAM Best Practices [cheat sheet included]
While it is commonly associated with AWS, and their AWS IAM service, IAM is not limited to their platform. All cloud providers, such as Google Cloud and Azure DevOps, offer IAM solutions that allow users to access resources and systems. If you are looking for specific AWS IAM best practices, look no further than our AWS IAM Security Best Practices article:\ For the rest of this article, we will look at the generic best practices that have evolved over the last decade around each part of the basic question we started with, "who can access what?":
-
How would I use Github Actions to run a Python Script to make changes to a Google Sheets Spreadsheet?
I found this but I don't quite get how it works. I haven't done all the steps yet but I get how to set it up. I just don't understand how this just magically authenticates future steps since my code still needs a token. Should I use this to authenticate the script? If so, how do I do it and what would I need in my code? If not what should I use instead?
-
Cloud Incident Response
Cloud Identity and Access Management: This service provides fine-grained control over who has access to what resources within an organization's Google Cloud environment. It can be used to quickly revoke access to compromised accounts or limit access to sensitive resources. https://cloud.google.com/iam
-
Advanced GitHub Actions - Conditional Workflow
I use google-github-actions/auth in the first step in my job to authenticate to GCP. At this point, I have 6 different GitHub secrets to test out the concept. Each branch has two secrets with the format BRANCH_WIP and BRANCH_SA.
-
Learning Journal 3: Brainstorm a deployment process from GitHub to Google App Engine and Cloud SQL (Part 2)
There are 2 core parts authentication to GCP and App Engine deployment. Authentication is performed using auth, while a deployment uses deploy-appengine.
-
CI/CD from GitHub to Google Cloud Platform(GAE)
You should have a look at using workload identity federation and OIDC tokens. Thereโs a guide on https://github.com/google-github-actions/auth It means you no longer need to hardcode service account credentials in GitHub secrets anymore.
-
Learning Journal 2: Brainstorm a deployment process from GitHub to Google App Engine and Cloud SQL (Part 1)
Yes, there is a deploy-appengine action that automates the whole App Engine deployment process. Indeed, it uses gcloud commands underneath too. Either way, both approaches need an auth action to authenticate to GCP before any task can be performed.
configure-aws-credentials
-
CI/CI deploy a static website to AWS S3 bucket through Github Actions
The AWS configure-aws-credentials Github Action allows the connection to the AWS S3 bucket through an AWS Role. The configuration of this role is explained in the next chapter
-
How to Get Preview Environments for Every Pull Request
In this example, we'll be using the aws-actions/configure-aws-credentials action with GitHub's OIDC provider. Make sure the configured role has the required permissions.
-
Better GitHub AWS Secrets with OIDC
The first step is to set up GitHub Actions as a recognized identity provider in my AWS account. This is also called an "OIDC Trust" relationship. In AWS IAM, create an Identity Provider with GitHub's provider URL and Audience. I am using the open-source action configure-aws-credentials (link) which means I want to use an Audience value of sts.amazonaws.com. Be sure to click the "Get Thumbprint" button to save a copy of the x.509 certificate used by GitHub into the AWS identity provider.
-
Deployment github and aws, how to correctly use secrets?
You can use configure-aws-credentials Github aciton. Which is pretty good. Here is a blog post about it from AWS: https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/
-
AWS SSO & GitHub OpenID Connect Setup
We are now ready to utilize configure-aws-credentials within our GitHub Actions as we move onto deploying our code!
-
AssumeRoleWithWebIdentity WHAT?! Solving the Github to AWS OIDC InvalidIdentityToken Failure Loop
The AssumeRoleWithWebIdentity error manifests itself mostly around parallel access attempts, and how the various AWS interfaces are able to authenticate, as well as run and deploy services. We started encountering this issue when running our pipelines for deployment, and attempting to authenticate our Github account to AWS via the OIDC plugin. This is a well-known (and widely discussed) limitation for authentication to AWS for web application providers. In our case it was Github, but this is true for pretty much any web application integration.
- request critical feedback on the yaml for my first github action, please
-
Deploying to AWS from GitHub actions: is this something Fortune 500 security reviews will cry about?
What you are looking at is totally doable, you MUST use: https://github.com/aws-actions/configure-aws-credentials
-
Trending open source repositories on GitHub
AWS Actions: It's an open source project from AWS which the goal is to get easy to Configure AWS credential and region environment variables for use in other GitHub Actions.
-
App with self-contained infrastructure on AWS
In order to achieve this, AWS credentials need to be properly configured. Here we use a handy Github action called configure-aws-credential, from AWS itself. You can also read more about the many methods of authentication available. This step requires the AWS_REGION and AWS_ROLE_ARN secrets to be properly configured in the repo, both of which that should be shared by the platform team.
What are some alternatives?
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
kubectl-aws-eks - A Github action for kubectl, the Kubernetes CLI
angular-auth-oidc-client - npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
buildkit - concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
google-auth-library-nodejs - ๐ Google Auth Library for Node.js
setup-buildx-action - GitHub Action to set up Docker Buildx
act - Run your GitHub Actions locally ๐
goss - Quick and Easy server testing/validation
azure-pipelines-agent - Azure Pipelines Agent ๐
actions - GitHub Action for Infracost. See cloud cost estimates for Terraform in pull requests. ๐ฐ๐ Love your cloud bill!
harden-runner - Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
s3-sync-action - ๐ GitHub Action to sync a directory with a remote S3 bucket ๐งบ