As a leader, it can be tempting to push your team to get the most out of them and to get results. People don’t like like saying no and often just want to be helpful and give it their all. Many people will even offer to do things like take [...]
todayMay 14, 2022
I recently helped a client migrate their Devops Pipelines to Github Actions. One of the nice features about GH is that its relatively easy to setup and use an identity provider that will allow Github to do what it needs without having to store credentials. I found some great resources online for how to do this, including this one for terraform. In my case I needed to write one using CloudFormation. Thought I’d share:
The above contains a sample CFN doc for creating the Identity Provider and a sample role that allows access to ECR. The condition in the IAM policy restricts its usage to a specific repo so that other arbitrary Github users can’t assume the role.
Written by: Jake