short issue description

[shahid23-dev]

Describe the bug

Error: Could not assume role with OIDC: No OpenIDConnect provider found in your account for https://token.actions.githubusercontent.com

Expected Behavior

should able to configure

Current Behavior

Error: Could not assume role with OIDC: No OpenIDConnect provider found in your account for https://token.actions.githubusercontent.com

Reproduction Steps

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Federated": "arn:aws:iam::***:oidc-provider/token.actions.githubusercontent.com/" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "token.actions.githubusercontent.com/:aud": "sts.amazonaws.com" }, "StringLike": { "token.actions.githubusercontent.com/:sub": "repo:shahid23-dev/shahid-project:*" } } } ] }

Sample workflow to access AWS resources when workflow is tied to branch

The workflow Creates static website using aws s3

name: s3 workflow on: push env: BUCKET_NAME : "shahid-terraform-bucket" AWS_REGION : "us-east-1"

permission can be added at job level or workflow level

permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout jobs: S3PackageUpload: runs-on: ubuntu-latest timeout-minutes: 15 steps:

• name: Git clone the repository uses: actions/checkout@v4
• name: configure aws credentials uses: aws-actions/configure-aws-credentials@v3 with: role-to-assume: arn:aws:iam::*****:role/github-actions-role role-session-name: github-actions-role aws-region: ${{ env.AWS_REGION }}

  Upload a file to AWS s3

• name: Copy index.html to s3 run: | aws s3 cp ./index.html s3://${{ env.BUCKET_NAME }}/

Possible Solution

No response

Additional Information/Context

No response

[BogdanDarius]

Did you create the identity provider in AWS? https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/

[zhavir]

I've also the same issue. I've followed the full guide, step by step. Workflow is returning Error: Could not assume role with OIDC: The requested DurationSeconds exceeds the MaxSessionDuration set for this role.

[zhavir]

probably I've find out the issue @shahid23-dev. You must provide the same time, or below, the one configured inside Maximum session duration of your Github Role. For example if you have set as Maximum session duration = 1h, you also need to specify in your github workflow role-duration-seconds: 1200

[tim-finnigan]

Thanks for reaching out and commenting here - @shahid23-dev does the suggestion in the above comment resolve your issue?

[shahid23-dev]

probably I've find out the issue @shahid23-dev. You must provide the same time, or below, the one configured inside Maximum session duration of your Github Role. For example if you have set as Maximum session duration = 1h, you also need to specify in your github workflow role-duration-seconds: 1200

thanks dude. it helped

[shahid23-dev]

Thanks for reaching out and commenting here - @shahid23-dev does the suggestion in the above comment resolve your issue?

resolved , Thanks :)

[github-actions[bot]]

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one.