Support OIDC credentials

[jankatins]

You can use a github provided token to authenticate against AWS if you setup OIDC on the AWS side.

• Setup OIDC in AWS to allow access from a specific repo/branch to a specific role: https://github.com/WtfJoke/aws-gh-oidc (TF + CDK versions available)
  • needs to be deployed once by a real person, afterwards you can use it from github actions
  • The specific role needs then cdk deploy rights...
• To get credentials from that role in a github action workflow: https://github.com/aws-actions/configure-aws-credentials

It would be nice if this workflow could be supported in this cdk action.

[Oatelaus]

This is possible currently

configure-aws-credentials exposes the correct credentials within its action so you can simply call this package without credentials.

For example:

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: ${{ secrets.AWS_ROLE_ARN_TO_ASSUME }}
      - name: Diff
        uses: youyo/aws-cdk-github-actions@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          cdk_subcommand: "diff"