https://platformengineering.org logo
#general
Title
# general
s

Samuel Bagattin

02/23/2022, 10:17 PM
Hi Everyone ! I don’t know if I am in the right channel but i will try 😄 Do you use GitHub Actions and AWS ? I’ve just made up a terraform module that automates IAM ressources configuration to allow only certain organisations, repositories, and/branches to assume a specific role. Here is the GitHub repository : https://github.com/SamuelBagattin/terraform-aws-github-oidc-provider I try to make it as “open-sourced” as possible, so people using documentation and examples can easily use it. What do you think ? Am I missing anything ? Would you use it ? I’ll appreciate any feedback 🙌
👀 2
c

Chris Norman

02/24/2022, 12:38 AM
This looks awesome! I'm not sure if you've come across this repo but I recently used this in a Terraform stack: https://github.com/unfunco/terraform-aws-oidc-github. I quite like your modules variables though - it's very readable and maps to settings I'd expect in GitHub. A suggestion: I think using a wildcard
*
for organisations or repositories could cause security issues (especially for organisations, as it means that anyone with a GitHub account could technically assume the role). It might be worth documenting this in your repo - and if there is a way to prevent
*
organisations altogether when using your module that would be great! I am a massive fan of using OIDC with GitHub Actions and AWS, it feels magic and a lot more secure than using access keys 😄
s

Samuel Bagattin

02/25/2022, 12:06 PM
Great ! thanks for your feedback, i’ll take theses security issues in the examples into account 🙂
24 Views