Github OIDC

Last updated: 2023-11-07

OIDC Setup

In order to be able to deploy CDK from GitHub to our AWS accounts, we need to provide permissions to GitHub to do so. This can be done with static credentials from an IAM user, but this is not recommended as it is not secure due to the long living credentials. Therefore, chose to use AWS OIDC to authenticate GitHub to AWS. This is done by creating an IAM role that can be assumed by GitHub. The role is then assumed by GitHub using the OIDC protocol.

GitHub Configuration

All necessary steps for the setup in GitHub are describe in the GitHub documentation.

AWS Configuration

The AWS configuration is done via CDK. The role and the OIDC provider are created in the baseline stack.

---

Last updated: March 31, 2026 at 13:19

By: Max Friedrich

📄 View source

Repository: PIT-GPT-Research/StatistaGPT