https://jamesteddy.com/tags/openid/Recent content in Openid on My BlogHugo -- 0.136.5en-usWed, 01 Jan 2025 14:43:37 +0100https://jamesteddy.com/posts/proper-github-actions/Wed, 01 Jan 2025 14:43:37 +0100https://jamesteddy.com/posts/proper-github-actions/<p>I have always wondered the best course of action when giving access to a repo from Github to access and deploy resources to AWS. More often than not, what I see is using credentials in the from of AWS Secret and Access keys curated from a user on AWS IAM. I believein exploring everything through <strong>Infrastructure as Code (IAC)</strong>.</p> <p>This blog post would be exploring using IAM Roles and setting it up through cloudformation, and granting access to the role and implementing the role in Github Actions. I would be leveraging <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers.html">AWS IAM Idenity Provider</a>, specifically the <strong>OpenID Connect (OIDC)</strong>.<br> Basically, there are 3 parties involved, an OIDC provider, a user and an application. If a user goes to an application and instead of filling the form, using a username and a password, they could decided to sign up using an OIDC provider (Signup with Google as an example). In that case, Google handles the authentication process also optaining the consent from the user to provide the specific information needed by the application. For more on OpenID Connect, read this blog from Microsoft <a href="https://www.microsoft.com/en-us/security/business/security-101/what-is-openid-connect-oidc?ef_id=_k_Cj0KCQiAyoi8BhDvARIsAO_CDsC46Z_TiPY_6Yday5NJU0UCSjnB93J5IDoUQwxEhBGx-e6iWGMAs1gaAhsDEALw_wcB_k_&amp;OCID=AIDcmmdamuj0pc_SEM__k_Cj0KCQiAyoi8BhDvARIsAO_CDsC46Z_TiPY_6Yday5NJU0UCSjnB93J5IDoUQwxEhBGx-e6iWGMAs1gaAhsDEALw_wcB_k_&amp;gad_source=1&amp;gclid=Cj0KCQiAyoi8BhDvARIsAO_CDsC46Z_TiPY_6Yday5NJU0UCSjnB93J5IDoUQwxEhBGx-e6iWGMAs1gaAhsDEALw_wcB">here.</a></p>