Uploading .zip files to the AWS console gets old really fast. Today, I completely automated my serverless backend deployments.
Instead of taking the easy route and storing AWS Access Keys in my GitHub Secrets (a major security anti-pattern), I implemented OIDC (OpenID Connect) authentication.
How it works:
Trust: AWS IAM is configured to trust GitHub's OIDC provider.
Assume Role: My GitHub Action workflow uses aws-actions/configure-aws-credentials to assume a specific IAM role.
Deploy: On every git push, the action packages my Python code and updates the Lambda function via the AWS CLI.
The funny part? The automation worked so well that my Lambda executed faster than my third-party banking API (Plaid) could generate test data, throwing a PRODUCT_NOT_READY timeout error! A quick time.sleep(8) fixed the race condition.
YAML
The magic step in the workflow
- name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::123456789012:role/GitHubActions-LambdaDeployRole aws-region: eu-north-1
Now, my deployments take 15 seconds, and I have zero static credentials lying around. Escaping ClickOps feels great.
Top comments (0)