Add GitHub Actions workflow and IAM policies

2026-02-13 00:04:59 +00:00 · 2025-12-21 19:51:39 -08:00
parent 990c8971fb
commit 013e0fdf1d
3 changed files with 80 additions and 0 deletions
--- a/terraform/github-role-trust-policy.json
+++ b/terraform/github-role-trust-policy.json
@@ -0,0 +1,20 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Federated": "arn:aws:iam::471112517070:oidc-provider/token.actions.githubusercontent.com"
+      },
+      "Action": "sts:AssumeRoleWithWebIdentity",
+      "Condition": {
+        "StringEquals": {
+          "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
+        },
+        "StringLike": {
+          "token.actions.githubusercontent.com:sub": "repo:ghndrx/cdn-gregh-dev:*"
+        }
+      }
+    }
+  ]
+}