AWS-specific
Authenticating with OIDC on AWS
Getting Started
Features
How To
- Specify terraform version
- Apply on Merge
- Apply Requirements
- Auto-merge
- Backendless mode
- Commenting strategies
- Custom commands
- Destroy via manual workflow
- Draft PRs
- Disable auto-checkout
- Disable telemetry
- Generate projects
- Group plans by source module
- Include / exclude patterns
- Multiple AWS accounts
- Policy overrides
- Project Level Roles for AWS
- Segregate cloud accounts
- Store plans in a Bucket
- Trigger workflow directly
- Using Checkov
- Using Infracost
- Inline policies (conftest)
- Using Terragrunt
- Specifying version
Self-host Digger
AWS-specific
Troubleshooting
AWS-specific
Authenticating with OIDC on AWS
In order to set up OIDC simply swap the AWS Keys with assume role ARN and you are good to go. Here is an example, don’t forget to replace the line starting in ** with your own ARN for the account.
name: Digger Workflow
on:
workflow_dispatch:
inputs:
run_name:
required: false
spec:
required: true
run-name: '${{inputs.run_name}}'
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write # required to merge PRs
id-token: write # required for workload-identity-federation
pull-requests: write # required to post PR comments
issues: read # required to check if PR number is an issue or not
statuses: write # required to validate combined PR status
steps:
- name: digger run
uses: diggerhq/digger@vLatest
with:
digger-spec: ${{ inputs.spec }}
setup-aws: true
**aws-role-to-assume: arn:aws:iam::{AccountID}:role/{RoleName}**
aws-region: us-east-1
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}