Skip to content

Add AWS IAM configuration guide for GitHub Actions#5

Open
pulumi[bot] wants to merge 1 commit into
mainfrom
neo-changes-1762787727834
Open

Add AWS IAM configuration guide for GitHub Actions#5
pulumi[bot] wants to merge 1 commit into
mainfrom
neo-changes-1762787727834

Conversation

@pulumi
Copy link
Copy Markdown
Contributor

@pulumi pulumi Bot commented Nov 10, 2025

Summary

Added documentation for configuring AWS IAM trust policy to enable GitHub Actions to use the ESC environment aws-login/pulumi-dev-sandbox-env.

Current Issue

The GitHub Actions workflow is properly configured and PULUMI_ACCESS_TOKEN is set, but the AWS IAM role used by the ESC environment doesn't trust GitHub's OIDC provider.

Error:

api error AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity

Solution

The new AWS_IAM_SETUP.md file provides step-by-step instructions to:

  1. Add GitHub OIDC provider to AWS (if needed)
  2. Update the IAM role trust policy to allow GitHub Actions
  3. Verify the configuration

IAM Role

Role: arn:aws:iam::616138583583:role/pulumi-esc-oidc-test-org-ijh-AdministratorAccess-role

Needs trust policy updated to include GitHub Actions OIDC provider.

Once Configured

After the AWS IAM trust policy is updated, the GitHub Actions workflow will automatically work for:

  • Pull request previews
  • Main branch deployments

All infrastructure is already deployed and operational.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pulumi-neo