search

unfunco / terraform-aws-oidc-github

Terraform module to configure GitHub Actions as an IAM OIDC identity provider in AWS.
https://registry.terraform.io/modules/unfunco/oidc-github/aws/latest
Apache License 2.0
91 stars 51 forks source link

Error when using enterprise_slug #57

Open joshblease opened 3 weeks ago

joshblease commented 3 weeks ago

I've just tried to use this module but added the enterprise slug parameter and ended up with this error:

Error: creating IAM Role (github): operation error IAM: CreateRole, https response error StatusCode: 400, RequestID: c8c0d8c3-58f2-4f71-9b17-b84fa3cf65e5, MalformedPolicyDocument: Trust policy with trusted principal arn:aws:iam::358411131270:oidc-provider/token.actions.githubusercontent.com/myslug/myslug must evaluate, using StringEquals, StringLike or StringEqualsIgnoreCase, token.actions.githubusercontent.com/myslug/myslug:sub which is not scoped to all.

I'll be proceeding without the enterprise slug for now but just thought I'd raise an issue.

unfunco commented 2 weeks ago

Thanks for reporting @joshblease – I no longer have access to an Enterprise GitHub instance but I'll look for a workaround soon.

georgegeddes commented 2 weeks ago

I experienced this bug as well. It looks like the enterprise slug is being added twice, but I'm not sure if that's the cause of the issue. https://github.com/unfunco/terraform-aws-oidc-github/blob/6a67a48bf466eb0a0820c90a4753aa205a6b0230/data.tf#L40 https://github.com/unfunco/terraform-aws-oidc-github/blob/6a67a48bf466eb0a0820c90a4753aa205a6b0230/main.tf#L75

I have access to an enterprise github and I would be willing to test a fix for this.