Skip to content

ministryofjustice/modernisation-platform-github-oidc-provider

BranchesTags

Repository files navigation

Modernisation Platform Github OIDC Provider Module

Standards Icon Format Code Icon Scorecards IconSCA Icon Terraform SCA Icon

This module allows users to create an OIDC Provider and the associated IAM resources required to make use of the connect provider.

Usage

module "github-oidc-provider" {

  source                 = "https://github.com/ministryofjustice/modernisation-platform-terraform-github-oidc-provider"
  github_repositories    = ["ministryofjustice/your-repository-name:*"]
  additional_permissions = data.aws_iam_policy_document.extra_permissions.json
  tags_common            = local.tags
  tags_prefix            = terraform.workspace

}

The additional_permissions variable will allow you to supply any required IAM permissions beyond ReadOnlyAccess in the form of an aws_iam_policy_document data call.

Looking for issues?

If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.

Requirements

Name Version
terraform ~> 1.0
aws ~> 6.0
tls ~> 4.0

Providers

Name Version
aws ~> 6.0
tls ~> 4.0

Modules

No modules.

Resources

Name Type
aws_iam_openid_connect_provider.github_actions resource
aws_iam_policy.extra_permissions resource
aws_iam_role.github_actions resource
aws_iam_role_policy_attachment.additional_managed_policies resource
aws_iam_role_policy_attachment.extra_permissions resource
aws_iam_role_policy_attachment.read_only resource
aws_caller_identity.current data source
aws_iam_openid_connect_provider.github_actions data source
aws_iam_policy_document.github_oidc_assume_role data source
tls_certificate.github data source

Inputs

Name Description Type Default Required
additional_managed_policies accept a list of arns for aws managed policies to attach to OIDC-provider role list(string) [] no
additional_permissions accept aws_iam_policy_document with additional permissions to attach to the OIDC-provider role string n/a yes
create_github_oidc_provider n/a bool true no
github_known_thumbprints The known intermediary thumbprints for the GitHub OIDC provider list(string) 
[
  "1c58a3a8518e8759bf075b76b750d4f2df264fcd",
  "6938fd4d98bab03faadb97b34396831e3780aea1"
]
 no
github_repositories The github repositories, for example ["ministryofjustice/modernisation-platform-environments:*"] list(string) n/a yes
role_name OIDC Role Name string "github-actions" no
tags_common MOJ required tags map(string) n/a yes
tags_prefix prefix for name tags string n/a yes

Outputs

Name Description
github_actions_provider This module configures an OIDC provider for use with GitHub actions
github_actions_role IAM Role created for use by the OIDC provider
github_actions_role_trust_policy Assume role policy for the github-actions role

About

Module for creating OIDC providers to use in GitHub Actions • This repository is defined and managed in Terraform

Topics

github aws actions oidc terraform-module civil-service modernisation-platform

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

2 stars

Watchers

111 watching

Forks

2 forks
Report repository

Releases 14

v4.3.0 Latest
Apr 20, 2026
+ 13 releases

Packages

 
 
 

Contributors

Languages

Generated from ministryofjustice/modernisation-platform-terraform-module-template