From 75600d16eec80d3bef66d8f9e34db6b9003e8811 Mon Sep 17 00:00:00 2001 From: jc-clark Date: Wed, 22 Nov 2023 15:24:01 -0800 Subject: [PATCH] fixes https://github.com/github/docs-content/issues/12519 --- ...onfiguring-openid-connect-in-amazon-web-services.md | 10 ++++++++-- data/reusables/actions/about-oidc-short-overview.md | 6 ++++++ .../actions/oidc-custom-claims-aws-restriction.md | 1 + 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 data/reusables/actions/oidc-custom-claims-aws-restriction.md diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md b/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md index bc545cc414..6ce030caac 100644 --- a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md +++ b/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md @@ -10,7 +10,7 @@ type: tutorial topics: - Security --- - + {% data reusables.actions.enterprise-github-hosted-runners %} ## Overview @@ -19,6 +19,12 @@ OpenID Connect (OIDC) allows your {% data variables.product.prodname_actions %} This guide explains how to configure AWS to trust {% data variables.product.prodname_dotcom %}'s OIDC as a federated identity, and includes a workflow example for the [`aws-actions/configure-aws-credentials`](https://github.com/aws-actions/configure-aws-credentials) that uses tokens to authenticate to AWS and access resources. +{% note %} + +**Note:** {% data reusables.actions.oidc-custom-claims-aws-restriction %} + +{% endnote %} + ## Prerequisites {% data reusables.actions.oidc-link-to-intro %} @@ -132,7 +138,7 @@ on: env: BUCKET_NAME : "" AWS_REGION : "" -# permission can be added at job level or workflow level +# permission can be added at job level or workflow level permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout diff --git a/data/reusables/actions/about-oidc-short-overview.md b/data/reusables/actions/about-oidc-short-overview.md index 9e62e3e0d1..a63435e6ba 100644 --- a/data/reusables/actions/about-oidc-short-overview.md +++ b/data/reusables/actions/about-oidc-short-overview.md @@ -1,2 +1,8 @@ If your {% data variables.product.prodname_actions %} workflows need to access resources from a cloud provider that supports OpenID Connect (OIDC), you can configure your workflows to authenticate directly to the cloud provider. This will let you stop storing these credentials as long-lived secrets and provide other security benefits. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)" + +{% note %} + +**Note:** {% data reusables.actions.oidc-custom-claims-aws-restriction %} + +{% endnote %} diff --git a/data/reusables/actions/oidc-custom-claims-aws-restriction.md b/data/reusables/actions/oidc-custom-claims-aws-restriction.md new file mode 100644 index 0000000000..b1d9f681a6 --- /dev/null +++ b/data/reusables/actions/oidc-custom-claims-aws-restriction.md @@ -0,0 +1 @@ +Support for custom claims for OIDC is unavailable in AWS.