Merged
Conversation
Fix the IAM role trust relationship to properly support both main branch pushes and pull request events. The previous configuration was too restrictive and only allowed main branch access. Changes: - Update trust relationship to include pull_request events - Fix Action from sts:AssumeRole to sts:AssumeRoleWithWebIdentity - Add comprehensive troubleshooting section to OIDC_SETUP.md - Include debug commands for common OIDC issues Root cause of deployment failure: - Trust policy was missing pull_request condition - Action type was incorrect for OIDC authentication This fix enables GitHub Actions to authenticate via OIDC for both main branch deployments and pull request validation. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Update OIDC setup documentation to reflect the final working configuration: - Update trust relationship to use wildcard pattern: repo:smalruby/smalruby-infra:* - Remove temporary JSON files and related troubleshooting references - Replace CLI commands with AWS Console instructions for better usability - Simplify troubleshooting section to focus on essential steps Final configuration: - Trust relationship allows all repository events (*) - Comprehensive IAM permissions for CloudFormation, Lambda, API Gateway, S3, IAM - Secure OIDC authentication with automatic token rotation The configuration has been tested and confirmed working for automatic deployment. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.