This message was deleted.
# general
s
This message was deleted.
👀 2
c
This looks awesome! I'm not sure if you've come across this repo but I recently used this in a Terraform stack: https://github.com/unfunco/terraform-aws-oidc-github. I quite like your modules variables though - it's very readable and maps to settings I'd expect in GitHub. A suggestion: I think using a wildcard
*
for organisations or repositories could cause security issues (especially for organisations, as it means that anyone with a GitHub account could technically assume the role). It might be worth documenting this in your repo - and if there is a way to prevent
*
organisations altogether when using your module that would be great! I am a massive fan of using OIDC with GitHub Actions and AWS, it feels magic and a lot more secure than using access keys 😄
s
Great ! thanks for your feedback, i’ll take theses security issues in the examples into account 🙂