configure-aws-credentials: Could not log in (please check credentials)
Describe the issue
Hey, I am trying the approach of assuming the role with OIDC provider. That is my configuration:
name: Continuous Delivery Development
on:
pull_request:
branches:
- development
- production
workflow_dispatch:
permissions:
id-token: write
contents: read
jobs:
cd:
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
# Hello from AWS: WhoAmI
- name: Sts GetCallerIdentity
run: |
aws sts get-caller-identity
- name: Build, tag, and push backend image
uses: whoan/docker-build-with-cache-action@v5
with:
image_name: ${{ secrets.ECR_BACKEND_REPOSITORY }}
registry: ${{ secrets.ECR_REGISTRY }}
image_tag: ${{ github.sha }}
context: ./
dockerfile: ./backend/Dockerfile.development
name: Build, tag, and push backend image
I was trying to debug it via adding Hello from AWS: WhoAmI and it works fine. These errors appear regardless of Login to Amazon ECR step. I’ve tried to assign a maximum level of permissions to the role but it didn’t help.
Also I attempted to use custom script instead of docker-build-with-cache-action
- name: Build, tag, and push backend image
run: |
docker build -f ./backend/Dockerfile.development -t ${{ github.sha }} .
docker tag ${{ github.sha }}:latest ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_BACKEND_REPOSITORY }}:${{ github.sha }}
docker push ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_BACKEND_REPOSITORY }}:${{ github.sha }}
Can you please assist me? Please let me know if you need more additional input data)
About this issue
- Original URL
- State: closed
- Created 10 months ago
- Comments: 17 (8 by maintainers)
This is strange, someone else reported a similar error recently where the credentials aren’t being accepted in a subsequent workflow step. Could be a coincidence. Either way, I can’t see anything going wrong with configure-aws-credentials in particular, especially if the
aws-actions/amazon-ecr-login
step succeeded. I won’t have time for a while to try and reproduce your exact setup for a while, so I hope the folks who work on the action you’re using are able to provide some insight.