Setting up OIDC Authentication for GitHub Actions

In this section, we’ll set up OIDC authentication between GitHub Actions and AWS using a CloudFormation template.

🔑 Getting the Template

  1. Download the CloudFormation template from our GitHub repository:

    • Download to your local machine

    :button[Download GitHub OIDC Template]{href=":assetUrl{path=’/infrastructure/github-oidc.yaml’}" action=“download”}

Download Template

🚀 Deploying the Template

:::alert{header=“Important” type=“warning”}

  1. If you are in an AWS Event, click here to access the provisioned AWS Account. If you are working on this in your own AWS Account, please ignore this message. :::

  2. Open the AWS CloudFormation Console

  3. Click “Create stack” → “With new resources (standard)”

  4. Under “Specify template”:

Upload Template

📝 Stack Configuration

  1. Enter stack details:
    • Stack name: github-oidc-stack
    • Owners: Your GitHub username —> This is CASE-SENSITIVE
    • RepositoriesPerOwner: Your repository name (or * for all repositories)

Stack Parameters

  1. Click “Next” through the stack options
  2. Review and click “Create stack”

✅ Getting Your Role ARN

Once the stack creation is complete:

  1. Go to the “Outputs” tab in CloudFormation
  2. Find the “GitHubActionsRoleArn”
  3. Copy this value - we’ll use it in our next steps!

Stack Outputs

🎯 Next Steps

Once you have your Role ARN, proceed to the next section where we’ll set up our GitHub Secrets.

🔧 Troubleshooting

If your stack fails to create:

  • Check the “Events” tab for error messages
  • Verify your GitHub username is correct
  • Ensure you have sufficient AWS permissions