3cc0e19239* Revert "chore: Update dist" This reverts commite8614cfbf0. * Revert "chore(deps): bump @aws-sdk/client-sts from 3.1045.0 to 3.1049.0 (#1782)" This reverts commit4684f47f89. * Revert "chore: Update dist" This reverts commit48b8685c96. * Revert "chore(deps-dev): bump @smithy/property-provider from 4.3.1 to 4.3.3 (#1783)" This reverts commitfe6ad3af19. * Revert "chore: Update dist" This reverts commit2520c5e921. * Revert "chore(deps-dev): bump @aws-sdk/credential-provider-env (#1784)" This reverts commitbc1093db1d. * Revert "chore(deps-dev): bump @types/node from 25.7.0 to 25.9.0 (#1785)" This reverts commitffde832a1d. * Revert "chore: Update dist" This reverts commit707acd96f6. * Revert "chore(deps): bump @smithy/node-http-handler from 4.7.1 to 4.7.3 (#1781)" This reverts commita7c33ae483. * Revert "chore: update README for additional claim support (#1779)" This reverts commit713aaabfec. * Revert "chore: Update dist" This reverts commite6e8eba750. * Revert "fix: skip credential check on output-env-credentials: false (#1778)" This reverts commit58e7c47adf. * Revert "chore: document forgejo compatibility (#1776)" This reverts commitf35a7d7d7e. * Revert "chore: Update dist" This reverts commit3884f59ecd. * Revert "feat: add additional session tags by default (#1775)" This reverts commite0ba768507. * Revert "chore: Update dist" This reverts commit6795889618. * Revert "feat: expose run id in STS client user-agent (#1774)" This reverts commit29d1be3027. * Revert "chore(deps-dev): bump @types/node from 25.6.0 to 25.7.0 (#1773)" This reverts commitef734cca81. * Revert "chore(deps-dev): bump @biomejs/biome from 2.4.14 to 2.4.15 (#1772)" This reverts commit7521c55910. * Revert "chore: Update dist" This reverts commitc0e2737f14. * Revert "chore(deps): bump @smithy/node-http-handler from 4.6.1 to 4.7.1 (#1770)" This reverts commitdbd503f368. * Revert "chore: Update dist" This reverts commit18a236fbd1. * Revert "chore(deps-dev): bump @smithy/property-provider from 4.2.14 to 4.3.1 (#1771)" This reverts commit1ab31502aa. * Revert "chore(deps-dev): bump @vitest/coverage-v8 from 4.1.5 to 4.1.6 (#1768)" This reverts commit1fb495c4b2. * Revert "chore: Update dist" This reverts commit1e8fec8ea1. * Revert "chore(deps): bump @aws-sdk/client-sts from 3.1044.0 to 3.1045.0 (#1767)" This reverts commita388f23f7d. * Revert "chore: update documentation for environment workflows (#1766)" This reverts commit3f7e1b63d7. * Revert "feat: add regex validation to role-session-name (#1765)" This reverts commite35449909c. * Revert "chore: Update dist" This reverts commit958a80fc34. * Revert "feat: add more retry logic and better logging (#1764)" This reverts commit540d0c13ae. * Revert "chore: automate README version bumping (#1763)" This reverts commit07ada0fe07. * Revert "chore: Update dist" This reverts commitf8d4eb68a9. * Revert "feat: support custom STS endpoints (#1762)" This reverts commit8d52d05d7a. * Revert "chore: Update dist" This reverts commit681892c11b. * Revert "chore: configure codeql to ignore generated code (#1760)" This reverts commitdc2353e57a. * Revert "feat: Allow custom session tags to be passed when assuming a role (#1759)" This reverts commit61f50f630f. * Revert "chore: automatic major version tagging (#1565)" This reverts commitc36525a567. * Revert "chore: bump unit test node version (#1758)" This reverts commit39d1702721. * Revert "chore(deps): bump @aws-sdk/client-sts from 3.1043.0 to 3.1044.0 (#1754)" This reverts commit4cfda40a13. * Revert "chore(deps-dev): bump @biomejs/biome from 2.4.13 to 2.4.14 (#1756)" This reverts commit8856e12f3a. * Revert "chore(deps): bump @actions/core from 2.0.3 to 3.0.1 (#1746)" This reverts commit64d8e82527. * Revert "chore(deps-dev): bump vitest from 3.2.4 to 4.1.5 (#1748)" This reverts commit78f374f6d1.
115 lines
5.7 KiB
YAML
115 lines
5.7 KiB
YAML
|
|
name: '"Configure AWS Credentials" Action for GitHub Actions'
|
|
description: Configures AWS credentials for use in subsequent steps in a GitHub Action workflow
|
|
runs:
|
|
using: node24
|
|
main: dist/index.js
|
|
post: dist/cleanup/index.js
|
|
post-if: env.AWS_SKIP_CLEANUP_STEP != 'true'
|
|
branding:
|
|
color: orange
|
|
icon: cloud
|
|
inputs:
|
|
aws-region:
|
|
description: AWS Region, e.g. us-east-2
|
|
required: true
|
|
aws-profile:
|
|
description: Name of the AWS profile to configure. When provided, credentials are written to ~/.aws/credentials and ~/.aws/config files instead of env variables (unless output-env-credentials is manually set to true). Name cannot contain whitespace, square brackets, or slashes.
|
|
required: false
|
|
overwrite-aws-profile:
|
|
description: Overwrite the given AWS profile if it already exists. Requires aws-profile. When set to false or not set, an error will be thrown if the profile already exists.
|
|
required: false
|
|
role-to-assume:
|
|
description: The Amazon Resource Name (ARN) of the role to assume. Use the provided credentials to assume an IAM role and configure the Actions environment with the assumed role credentials rather than with the provided credentials.
|
|
required: false
|
|
aws-access-key-id:
|
|
description: AWS Access Key ID. Provide this key if you want to assume a role using access keys rather than a web identity token.
|
|
required: false
|
|
aws-secret-access-key:
|
|
description: AWS Secret Access Key. Required if aws-access-key-id is provided.
|
|
required: false
|
|
aws-session-token:
|
|
description: AWS Session Token.
|
|
required: false
|
|
web-identity-token-file:
|
|
description: Use the web identity token file from the provided file system path in order to assume an IAM role using a web identity, e.g. from within an Amazon EKS worker node.
|
|
required: false
|
|
role-chaining:
|
|
description: Use existing credentials from the environment to assume a new role, rather than providing credentials as input.
|
|
required: false
|
|
audience:
|
|
description: The audience to use for the OIDC provider
|
|
required: false
|
|
default: sts.amazonaws.com
|
|
http-proxy:
|
|
description: Proxy to use for the AWS SDK agent
|
|
required: false
|
|
no-proxy:
|
|
description: Hosts to skip for the proxy configuration
|
|
required: false
|
|
mask-aws-account-id:
|
|
description: Whether to mask the AWS account ID for these credentials as a secret value. By default the account ID will not be masked
|
|
required: false
|
|
role-duration-seconds:
|
|
description: Role duration in seconds. Default is one hour.
|
|
required: false
|
|
role-external-id:
|
|
description: The external ID of the role to assume.
|
|
required: false
|
|
role-session-name:
|
|
description: "Role session name (default: GitHubActions)"
|
|
required: false
|
|
role-skip-session-tagging:
|
|
description: Skip session tagging during role assumption
|
|
required: false
|
|
transitive-tag-keys:
|
|
description: Define a list of transitive tag keys to pass when assuming a role
|
|
required: false
|
|
inline-session-policy:
|
|
description: Define an inline session policy to use when assuming a role
|
|
required: false
|
|
managed-session-policies:
|
|
description: Define a list of managed session policies to use when assuming a role
|
|
required: false
|
|
output-credentials:
|
|
description: Whether to set credentials as step output
|
|
required: false
|
|
output-env-credentials:
|
|
description: Whether to export credentials as environment variables. If you set this to false, you probably want to use output-credentials.
|
|
required: false
|
|
unset-current-credentials:
|
|
description: Whether to unset the existing credentials in your runner. May be useful if you run this action multiple times in the same job
|
|
required: false
|
|
disable-retry:
|
|
description: Whether to disable the retry and backoff mechanism when the assume role call fails. By default the retry mechanism is enabled
|
|
required: false
|
|
retry-max-attempts:
|
|
description: The maximum number of attempts it will attempt to retry the assume role call. By default it will retry 12 times
|
|
required: false
|
|
special-characters-workaround:
|
|
description: Some environments do not support special characters in AWS_SECRET_ACCESS_KEY. This option will retry fetching credentials until the secret access key does not contain special characters. This option overrides disable-retry and retry-max-attempts. This option is disabled by default
|
|
required: false
|
|
use-existing-credentials:
|
|
required: false
|
|
description: When enabled, this option will check if there are already valid credentials in the environment. If there are, new credentials will not be fetched. If there are not, the action will run as normal.
|
|
allowed-account-ids:
|
|
required: false
|
|
description: An option comma-delimited list of expected AWS account IDs. The action will fail if we receive credentials for the wrong account.
|
|
force-skip-oidc:
|
|
required: false
|
|
description: When enabled, this option will skip using GitHub OIDC provider even if the id-token permission is set. This is sometimes useful when using IAM instance credentials.
|
|
action-timeout-s:
|
|
required: false
|
|
description: A global timeout in seconds for the action. When the timeout is reached, the action immediately exits. The default is to run without a timeout.
|
|
|
|
outputs:
|
|
aws-account-id:
|
|
description: The AWS account ID for the provided credentials
|
|
aws-access-key-id:
|
|
description: The AWS access key ID for the provided credentials
|
|
aws-secret-access-key:
|
|
description: The AWS secret access key for the provided credentials
|
|
aws-session-token:
|
|
description: The AWS session token for the provided credentials
|
|
aws-expiration:
|
|
description: The expiration time for the provided credentials
|