search

aws-actions / configure-aws-credentials

Configure AWS credential environment variables for use in other GitHub Actions.
MIT License
2.41k stars 465 forks source link

Could not assume role with OIDC: Not authorized to perform sts:AssumeRoleWithWebIdentity #1100

Closed JarvisPrestidge closed 1 month ago

JarvisPrestidge commented 1 month ago

Describe the bug

Failed to assume role with a meticulously following OIDC setup:

Assuming role with OIDC
Error: Could not assume role with OIDC: Not authorized to perform sts:AssumeRoleWithWebIdentity

Expected Behavior

For the role to assume successfully.

Current Behavior

An error during the action:

Assuming role with OIDC
Error: Could not assume role with OIDC: Not authorized to perform sts:AssumeRoleWithWebIdentity

Reproduction Steps

In the trust policy for the role, for the field: token.actions.githubusercontent.com:sub add a incorrectly cased organisation value.

For example:

repo:jarvisprestidge/repo-name...

instead of:

repo:JarvisPrestidge/repo-name...

Possible Solution

Fix the casing for the organisation / github account name.

Additional Information/Context

This caused me hours of pain, i'm just hoping someone with the same issue finds this issue.

JarvisPrestidge commented 1 month ago

I'm posting and closing purely to document the fix, as this is an issue that others are bound to run into.

github-actions[bot] commented 1 month ago

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one.