AWS创建github相关的角色

创建github-actions角色

json 复制代码
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "arn:aws:iam::11111111:oidc-provider/token.actions.githubusercontent.com"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
                },
                "StringLike": {
                    "token.actions.githubusercontent.com:sub": [
                        "repo:project-ventures/test-crawler:*",
                        "repo:project-ventures/test-dash:*",
                        "repo:project-ventures/test-fspa:*",
                        "repo:project-ventures/test-gep:*",
                        "repo:project-network/repl-monitor:*",
                        "repo:project-network/*",
                        "repo:projectdevops/github-actions-demo:*"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::11111111:root"
            },
            "Action": "sts:AssumeRole"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

在创建一个github-actions用户,将github-actions角色添加到github-actions用户

创建github-cicd角色
json 复制代码
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "arn:aws:iam::1111111:oidc-provider/token.actions.githubusercontent.com"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
                },
                "StringLike": {
                    "token.actions.githubusercontent.com:sub": "repo:project-network/*"
                }
            }
        }
    ]
}

AmazonS3FullAccess策略完全添加上到github-cicd

相关推荐
老马啸西风36 分钟前
v0.29.2 敏感词性能优化之基本类型拆箱、装箱的进一步优化的尝试
性能优化·开源·nlp·github·敏感词
伴杯猫4 小时前
【ESP32-IDF】基础外设开发2:系统中断矩阵
c语言·单片机·嵌入式硬件·mcu·物联网·github
程序视点6 小时前
GitHub Copilot代码审查大升级!路径级指令+组织级规范,开发者效率再提升!
github·github copilot
360智汇云6 小时前
Kata Container 部署与应用实践
云计算
thinktik7 小时前
还在手把手教AI写代码么? 让你的AWS Kiro AI IDE直接读飞书需求文档给你打工吧!
后端·serverless·aws
XXX-X-XXJ10 小时前
腾讯云语音接口实现会议系统
云计算·腾讯云
行思理10 小时前
linux 安全与防护,全方向讲解
linux·安全·github
NocoBase10 小时前
6 个最佳无代码 IT 资产管理工具推荐
低代码·开源·github
uhakadotcom11 小时前
DuckDB相比于ClickHouse有什么不同点和优势?
后端·面试·github
掘金安东尼13 小时前
Node.js 如何在 2025 年挤压 I/O 性能
前端·javascript·github