configure-aws-credentials: Could not log in (please check credentials)

Describe the issue

Hey, I am trying the approach of assuming the role with OIDC provider. That is my configuration:

name: Continuous Delivery Development

on:
  pull_request:
    branches:
      - development
      - production

  workflow_dispatch:

permissions:
  id-token: write
  contents: read

jobs:
  cd:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout Source Code
        uses: actions/checkout@v3

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@master
        with:
          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }}
          role-session-name: GitHub_to_AWS_via_FederatedOIDC
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      # Hello from AWS: WhoAmI
      - name: Sts GetCallerIdentity
        run: |
          aws sts get-caller-identity

      - name: Build, tag, and push backend image
        uses: whoan/docker-build-with-cache-action@v5
        with:
          image_name: ${{ secrets.ECR_BACKEND_REPOSITORY }}
          registry: ${{ secrets.ECR_REGISTRY }}
          image_tag: ${{ github.sha }}
          context: ./
          dockerfile: ./backend/Dockerfile.development

name: Build, tag, and push backend image image I was trying to debug it via adding Hello from AWS: WhoAmI and it works fine. These errors appear regardless of Login to Amazon ECR step. I’ve tried to assign a maximum level of permissions to the role but it didn’t help. Also I attempted to use custom script instead of docker-build-with-cache-action

- name: Build, tag, and push backend image
   run: |
          docker build -f ./backend/Dockerfile.development -t ${{ github.sha }} .
          docker tag ${{ github.sha }}:latest ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_BACKEND_REPOSITORY }}:${{ github.sha }}
          docker push ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_BACKEND_REPOSITORY }}:${{ github.sha }}

Can you please assist me? Please let me know if you need more additional input data)

About this issue

  • Original URL
  • State: closed
  • Created 10 months ago
  • Comments: 17 (8 by maintainers)

Most upvoted comments

This is strange, someone else reported a similar error recently where the credentials aren’t being accepted in a subsequent workflow step. Could be a coincidence. Either way, I can’t see anything going wrong with configure-aws-credentials in particular, especially if the aws-actions/amazon-ecr-login step succeeded. I won’t have time for a while to try and reproduce your exact setup for a while, so I hope the folks who work on the action you’re using are able to provide some insight.