当前位置：首页 > news >正文

AWS创建github相关的角色

news 2025/7/17 17:30:22

创建`github-actions`角色

{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Federated": "arn:aws:iam::11111111:oidc-provider/token.actions.githubusercontent.com"},"Action": "sts:AssumeRoleWithWebIdentity","Condition": {"StringEquals": {"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"},"StringLike": {"token.actions.githubusercontent.com:sub": ["repo:project-ventures/test-crawler:*","repo:project-ventures/test-dash:*","repo:project-ventures/test-fspa:*","repo:project-ventures/test-gep:*","repo:project-network/repl-monitor:*","repo:project-network/*","repo:projectdevops/github-actions-demo:*"]}}},{"Effect": "Allow","Principal": {"AWS": "arn:aws:iam::11111111:root"},"Action": "sts:AssumeRole"},{"Effect": "Allow","Principal": {"Service": "ec2.amazonaws.com"},"Action": "sts:AssumeRole"}]
}

在创建一个github-actions用户，将github-actions角色添加到github-actions用户

创建`github-cicd`角色

{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Federated": "arn:aws:iam::1111111:oidc-provider/token.actions.githubusercontent.com"},"Action": "sts:AssumeRoleWithWebIdentity","Condition": {"StringEquals": {"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"},"StringLike": {"token.actions.githubusercontent.com:sub": "repo:project-network/*"}}}]
}