Analysis updated 2026-07-09 · repo last pushed 2026-07-01
Let your GitHub Actions deployment pipeline securely upload new application builds to AWS.
Allow automated workflows to update configurations on your AWS servers without static keys.
Grant specific GitHub repositories temporary, secure access to your AWS account.
| moritzheiber/terraform-aws-oidc-github-actions-module | aaklon/akinator | candratama/tamagosh | |
|---|---|---|---|
| Stars | 9 | 9 | 11 |
| Language | Go | Go | Go |
| Last pushed | 2026-07-01 | — | — |
| Maintenance | Active | — | — |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 3/5 | 3/5 | 2/5 |
| Audience | ops devops | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires an existing AWS account and Terraform installation to configure the dynamic authentication between GitHub Actions and AWS.
If your team uses GitHub Actions to run automated tasks like tests or deployments, and you also use Amazon Web Services (AWS) to host your infrastructure, you usually need to give GitHub a way to securely access your AWS account. Traditionally, this meant creating and managing long-lived secret access keys that could be stolen or expire. This project eliminates that problem by letting GitHub Actions authenticate with AWS dynamically, using a secure, temporary handshake instead of stored passwords. The module works by setting up something called an OIDC (OpenID Connect) provider on your AWS account. You tell the module which specific GitHub repositories should be allowed access, and what AWS roles to create. It then links the two together. When a GitHub Actions workflow runs, it identifies itself to AWS using a cryptographically signed token. If the request comes from a repository you previously approved, AWS grants temporary access based on the permissions you assigned to that role. No permanent passwords ever change hands. This is ideal for engineering teams that manage their cloud infrastructure with Terraform and want to follow security best practices without adding extra manual overhead. For example, if your deployment pipeline runs on GitHub Actions and needs to upload new application builds to AWS, or update configurations on your servers, this module lets those jobs securely interact with AWS. You simply list your repository name, define a role, and your GitHub workflows are ready to securely assume that role. One notable detail is that the module automatically handles a specific security maintenance task. AWS requires you to store a digital "thumbprint" of GitHub's security certificate to verify the connection is legitimate. Since these certificates rotate periodically, this can cause pipelines to break unexpectedly. The module automatically fetches the latest thumbprint when you apply your Terraform configuration, though the README thoughtfully includes a detailed guide on how to manually verify a new certificate is legitimate if things stop working.
A Terraform module that lets GitHub Actions securely access your AWS account without stored passwords by using temporary, dynamic authentication instead of long-lived secret keys.
Mainly Go. The stack also includes Terraform, AWS, GitHub Actions.
Active — commit in last 30 days (last push 2026-07-01).
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.