You can create and manage an IAM OIDC identity provider using the AWS Management Console, the AWS Command Line Interface, the Tools for Windows PowerShell, or the IAM API.
2 Matching Annotations
- Jan 2023
-
docs.aws.amazon.com docs.aws.amazon.com
-
-
github.com github.com
-
To align with the Amazon IAM best practice of granting least privilege, the assume role policy document should contain a Condition that specifies a subject allowed to assume the role. Without a subject condition, any GitHub user or repository could potentially assume the role. The subject can be scoped to a GitHub organization and repository as shown in the CloudFormation template.
Set a Condition to scope the assumed role to a Github repository or organization.
-