Identity

AWS STS Identity Provider Claims Validation: Secure OIDC Trust Policies

AWS STS Identity Provider Claims Validation: Secure OIDC Trust Policies

If you’ve ever written an IAM trust policy for GitHub Actions OIDC federation, you’ve probably done the thing we all did. You set the sub condition to repo:my-org/my-repo:*, told yourself “that’s scoped enough,” and moved on with your day.

Read More