aws-actions/configure-aws-credentials
1
0
Fork 0
mirror of synced 2026-06-05 14:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity
configure-aws-credentials/action.yml
Tom Keller a7f0c828ac
 feat: Support usage of AWS Profiles (#1696) 
* Support usage of AWS Profiles

* squash merge main updates w feature branch
Squashed commit of the following:

commit ef2df4679f908ff30d5a711258ace2fa906c4bf3
Author: Michael Lehmann <lehmanmj@amazon.com>
Date:   Tue Mar 17 11:24:04 2026 -0700

    dist update

commit db3779a0e9
Author: Jan Feddern <jf@novatec-gmbh.de>
Date:   Sun Dec 21 11:28:36 2025 +0100

    Support usage of AWS Profiles

* chore: Update dist

* consistent outputEnvCredentials

* take out tests temporarily

* chore: Update dist

* debug changes for static creds

* remove debug and only cleanup profile if it was set

* formatting fixes + remove profile from cleanup test

* feat: Support usage of AWS Profiles

Adds a config option to support writing to profile files instead of
exporting environment variables.

Closes #1594. Closes #1586. Closes #112.

* chore: fix failing test case and windows path

* chore: lint project markdown files

* chore: update scripts in package.json and tsconfig update

* make env vars consistent, readme linting

* debug for profile path env vars

* remove debug

* remove profile backups

* error if we try to overwrite

* add option to overwrite existing profiles

* tests for overwrite option

* default to no env vars

* remove default from action file

* add static credential env var support

* validation fix for static creds multi profile

* debug sleep for static creds validation

* wait syntax

* undo sleep for creds validate

* test coverage, readme/action yml updates, validate creds later on self-hosted runner

* security dependency updates

* chore(deps-dev): bump @biomejs/biome from 2.4.8 to 2.4.10 (#1709)

Bumps [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) from 2.4.8 to 2.4.10.
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @aws-sdk/credential-provider-env (#1713)

Bumps [@aws-sdk/credential-provider-env](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages-internal/credential-provider-env) from 3.972.22 to 3.972.24.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages-internal/credential-provider-env/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/HEAD/packages-internal/credential-provider-env)

---
updated-dependencies:
- dependency-name: "@aws-sdk/credential-provider-env"
  dependency-version: 3.972.24
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: Update dist

* chore(deps): bump @aws-sdk/client-sts from 3.1015.0 to 3.1020.0 (#1710)

Bumps [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) from 3.1015.0 to 3.1020.0.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sts/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1020.0/clients/client-sts)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-sts"
  dependency-version: 3.1020.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: Update dist

* fix: do not write empty profile files

Also cleanup fix, additional test, README typo cleanup

* linting fix

* chore: linting fix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jan Feddern <jf@novatec-gmbh.de>
Co-authored-by: Michael Lehmann <lehmanmj@amazon.com>
Co-authored-by: GitHub Actions <github-aws-sdk-osds-automation@amazon.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-03 16:27:00 -07:00

115 lines
5.7 KiB
YAML
Raw Blame History

name: '"Configure AWS Credentials" Action for GitHub Actions'
description: Configures AWS credentials for use in subsequent steps in a GitHub Action workflow
runs:
using: node24
main: dist/index.js
post: dist/cleanup/index.js
post-if: env.AWS_SKIP_CLEANUP_STEP != 'true'
branding:
color: orange
icon: cloud
inputs:
aws-region:
description: AWS Region, e.g. us-east-2
required: true
aws-profile:
description: Name of the AWS profile to configure. When provided, credentials are written to ~/.aws/credentials and ~/.aws/config files instead of env variables (unless output-env-credentials is manually set to true). Name cannot contain whitespace, square brackets, or slashes.
required: false
overwrite-aws-profile:
description: Overwrite the given AWS profile if it already exists. Requires aws-profile. When set to false or not set, an error will be thrown if the profile already exists.
required: false
role-to-assume:
description: The Amazon Resource Name (ARN) of the role to assume. Use the provided credentials to assume an IAM role and configure the Actions environment with the assumed role credentials rather than with the provided credentials.
required: false
aws-access-key-id:
description: AWS Access Key ID. Provide this key if you want to assume a role using access keys rather than a web identity token.
required: false
aws-secret-access-key:
description: AWS Secret Access Key. Required if aws-access-key-id is provided.
required: false
aws-session-token:
description: AWS Session Token.
required: false
web-identity-token-file:
description: Use the web identity token file from the provided file system path in order to assume an IAM role using a web identity, e.g. from within an Amazon EKS worker node.
required: false
role-chaining:
description: Use existing credentials from the environment to assume a new role, rather than providing credentials as input.
required: false
audience:
description: The audience to use for the OIDC provider
required: false
default: sts.amazonaws.com
http-proxy:
description: Proxy to use for the AWS SDK agent
required: false
no-proxy:
description: Hosts to skip for the proxy configuration
required: false
mask-aws-account-id:
description: Whether to mask the AWS account ID for these credentials as a secret value. By default the account ID will not be masked
required: false
role-duration-seconds:
description: Role duration in seconds. Default is one hour.
required: false
role-external-id:
description: The external ID of the role to assume.
required: false
role-session-name:
description: "Role session name (default: GitHubActions)"
required: false
role-skip-session-tagging:
description: Skip session tagging during role assumption
required: false
transitive-tag-keys:
description: Define a list of transitive tag keys to pass when assuming a role
required: false
inline-session-policy:
description: Define an inline session policy to use when assuming a role
required: false
managed-session-policies:
description: Define a list of managed session policies to use when assuming a role
required: false
output-credentials:
description: Whether to set credentials as step output
required: false
output-env-credentials:
description: Whether to export credentials as environment variables. If you set this to false, you probably want to use output-credentials.
required: false
unset-current-credentials:
description: Whether to unset the existing credentials in your runner. May be useful if you run this action multiple times in the same job
required: false
disable-retry:
description: Whether to disable the retry and backoff mechanism when the assume role call fails. By default the retry mechanism is enabled
required: false
retry-max-attempts:
description: The maximum number of attempts it will attempt to retry the assume role call. By default it will retry 12 times
required: false
special-characters-workaround:
description: Some environments do not support special characters in AWS_SECRET_ACCESS_KEY. This option will retry fetching credentials until the secret access key does not contain special characters. This option overrides disable-retry and retry-max-attempts. This option is disabled by default
required: false
use-existing-credentials:
required: false
description: When enabled, this option will check if there are already valid credentials in the environment. If there are, new credentials will not be fetched. If there are not, the action will run as normal.
allowed-account-ids:
required: false
description: An option comma-delimited list of expected AWS account IDs. The action will fail if we receive credentials for the wrong account.
force-skip-oidc:
required: false
description: When enabled, this option will skip using GitHub OIDC provider even if the id-token permission is set. This is sometimes useful when using IAM instance credentials.
action-timeout-s:
required: false
description: A global timeout in seconds for the action. When the timeout is reached, the action immediately exits. The default is to run without a timeout.
outputs:
aws-account-id:
description: The AWS account ID for the provided credentials
aws-access-key-id:
description: The AWS access key ID for the provided credentials
aws-secret-access-key:
description: The AWS secret access key for the provided credentials
aws-session-token:
description: The AWS session token for the provided credentials
aws-expiration:
description: The expiration time for the provided credentials
Reference in a new issue View git blame Copy permalink