Search code examples
xmlamazon-web-servicesopenid-connectgithub-actionsopenid

OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint

githubActions connection to aws credential

- name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@master
        with:
          role-to-assume: ${{secrets.ARN_GITHUB_ACTIONS_ROLE_UAT}}
          aws-region: ${{secrets.AWS_REGION}}

Here is where I got the error and I don't have access to access cloud trails to see the history,it's possible that someone changed the credentials or delete the role?

Solution

  • Note that GitHub (accidentally) updated their thumbprint recently, so the result is now 6938fd4d98bab03faadb97b34396831e3780aea1

    More details here https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/