configure-aws-credentials: AWS authentication for GitHub Actions
GitHub Action for AWS credential resolution in workflows.
Learn more about Configure AWS Credentials
configure-aws-credentials is a GitHub Action that establishes AWS authentication within workflow environments by setting credential-related environment variables. The action implements multiple credential resolution paths including OpenID Connect token exchange, static credential re-export, and AWS STS AssumeRole operations. It leverages the AWS JavaScript SDK credential resolution flow for Node.js, allowing workflows to access AWS resources through various identity mechanisms. Common deployment patterns include CI/CD pipelines requiring AWS API access, infrastructure automation, and deployment workflows that interact with AWS services.
Multiple authentication methods
Supports five distinct authentication scenarios including OIDC token exchange, static IAM credentials, STS AssumeRole with static credentials, web identity token flows, and credential chaining. This flexibility accommodates different security postures and organizational requirements.
OIDC-based temporary credentials
Implements GitHub OIDC provider integration to obtain temporary credentials without storing long-lived secrets in repositories. The action uses federated identity with configurable trust policies scoped to specific repositories and branches.
AWS SDK credential resolution integration
Operates within the AWS JavaScript SDK's credential resolution chain, allowing the action to work alongside other credential sources and respecting standard AWS credential precedence rules. This design enables role chaining and credential composition patterns.
// In your GitHub Actions workflow JavaScript step
import * as core from '@actions/core';
import { STSClient, GetCallerIdentityCommand } from '@aws-sdk/client-sts';
// Credentials are already set by configure-aws-credentials action
const stsClient = new STSClient({ region: 'us-east-1' });
const identity = await stsClient.send(new GetCallerIdentityCommand({}));
core.info(`Authenticated as: ${identity.Account}`);Major update to Node 24 with transitive tag keys support and improved role-chaining output.
- –Update action to use node24 - requires GitHub action runner version v2.327.1 or later
- –add support to define transitive tag keys
- –properly output `aws-account-id` and `authenticated-arn` when using role-chaining
Maintenance release with dependency updates and no functional changes.
- –various dependency updates
Adds global timeout support, no-proxy configuration, and improves debug logging.
- –Add global timeout support
- –add no-proxy support
- –Improve debug logging in retry logic
- –properly expose getProxyForUrl
Top in Cloud & DevOps
Related Repositories
Discover similar tools and frameworks used by developers
Build Push Action
GitHub Action for building and publishing Docker images.
Kubespray
Production-grade Kubernetes deployment via Ansible playbooks.
ProxmoxVE
Bash scripts for automated Proxmox LXC/VM provisioning.
Upload Artifact
Store workflow files as versioned zip artifacts.
cAdvisor
Daemon for monitoring container resource usage and metrics.