test iam sts assume role

2024-06-17 21:41:02 +08:00
parent 36d68e304a
commit be1d847c0f
2 changed files with 16 additions and 1 deletions
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -4,6 +4,10 @@ on:
  push:
    branches: [ "main" ]

+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+
 jobs:
  build:

@@ -31,3 +35,14 @@ jobs:
      - name: Build with Maven
        run: mvn -B package --file pom.xml

+      - name: Configure AWS Credentials
+        id: configure-aws-credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Get Instance ID
+        id: get_instance_id
+        run: aws ssm start-session --target i-0fc1eb77776dc1758
+