Slackbot
02/23/2022, 10:17 PMChris Norman
02/24/2022, 12:38 AM*
for organisations or repositories could cause security issues (especially for organisations, as it means that anyone with a GitHub account could technically assume the role). It might be worth documenting this in your repo - and if there is a way to prevent *
organisations altogether when using your module that would be great!
I am a massive fan of using OIDC with GitHub Actions and AWS, it feels magic and a lot more secure than using access keys 😄Samuel Bagattin
02/25/2022, 12:06 PM