Configure AWS credentials via OIDC

yaml

- uses: aws-actions/configure-aws-credentials@v4
  with:
    role-to-assume: arn:aws:iam::123456789012:role/github-actions-deploy
    aws-region: us-east-1

Explanation

Pair this with an IAM role trust policy that trusts GitHub's OIDC provider and claims.

View in sheet →

Learn the surrounding workflow

Compare similar commands or jump into common fixes when this command is part of a bigger troubleshooting path.

Compare commands View fixes

Related commands

Same sheet · prioritizing OIDC and fork safety

Enable OIDC token issuance

Grant `id-token: write` when using cloud federation.

Open In sheetyamlsame section

Authenticate to Google Cloud with OIDC

Use workload identity federation for GCP.

Open In sheetyamlsame section

Do not expose secrets to untrusted forks

Avoid unsafe patterns for public repo pull requests.

Open In sheetyamlsame section

Set least-privilege token permissions

Limit the default GITHUB_TOKEN scope.

Open In sheetyaml

Grant write access only where needed

Elevate token permissions on a specific job.

Open In sheetyaml

Expose a secret as an environment variable

Use the `secrets` context in step env.

Open In sheetyaml