### AWS CLI Command Example

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

This snippet shows a basic AWS CLI command to get the caller identity. It's often used after configuring AWS credentials to verify the active IAM principal.

```bash
aws sts get-caller-identity
```

--------------------------------

### AssumeRole with Temporary Credentials and Output

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

This example demonstrates assuming an AWS role using temporary credentials. It first configures credentials, retrieves them as step outputs, and then uses these outputs to configure subsequent actions. The `output-credentials: true` flag is crucial for making credentials available as outputs.

```yaml
- name: Configure AWS Credentials 1
      id: creds
      uses: aws-actions/configure-aws-credentials@v5.0.0
      with:
        aws-region: us-east-2
        role-to-assume: arn:aws:iam::123456789100:role/my-github-actions-role
        output-credentials: true
    - name: get caller identity 1
      run: |
        aws sts get-caller-identity
    - name: Configure AWS Credentials 2
      uses: aws-actions/configure-aws-credentials@v5.0.0
      with:
        aws-region: us-east-2
        aws-access-key-id: ${{ steps.creds.outputs.aws-access-key-id }}
        aws-secret-access-key: ${{ steps.creds.outputs.aws-secret-access-key }}
        aws-session-token: ${{ steps.creds.outputs.aws-session-token }}
        role-to-assume: arn:aws:iam::123456789100:role/my-other-github-actions-role
    - name: get caller identity2
      run: |
        aws sts get-caller-identity
```

--------------------------------

### GitHub Actions Workflow for AWS Credentials (OIDC)

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

An example GitHub Actions workflow that configures AWS credentials using the `aws-actions/configure-aws-credentials` action with OIDC. It assumes a role and sets up subsequent steps to use AWS credentials.

```yaml
# Need ID token write permission to use OIDC
permissions:
  id-token: write
jobs:
  run_job_with_aws:
    runs-on: ubuntu-latest
    steps:
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@main # Or a specific version
        with:
          role-to-assume: <Role ARN you created in step 2>
          aws-region: <AWS Region you want to use>
      - name: Additional steps
        run: |
          # Your commands that require AWS credentials
          aws sts get-caller-identity
```

--------------------------------

### Inline Session Policy Example

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

Shows how to define an inline session policy for AWS credentials. This allows limiting the scope of fetched credentials directly within the workflow file. Both single-line and multi-line JSON formats are supported.

```yaml
uses: aws-actions/configure-aws-credentials@v5.0.0
with:
   inline-session-policy: '{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:List*","Resource":"*"}]}'
```

```yaml
uses: aws-actions/configure-aws-credentials@v5.0.0
with:
   inline-session-policy: >-
    {
     "Version": "2012-10-17",
     "Statement": [
      {
       "Sid":"Stmt1",
       "Effect":"Allow",
       "Action":"s3:List*",
       "Resource":"*"
      }
     ]
    }
```

--------------------------------

### Configure AWS Credentials with Chained Role Assumption

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

This example demonstrates how to chain role assumptions. The first step assumes a primary AWS role using OIDC, and the second step uses the credentials from the first role to assume a different AWS role. This is useful for more complex access control scenarios.

```yaml
- name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v5.0.0
      with:
        aws-region: us-east-2
        role-to-assume: arn:aws:iam::123456789100:role/my-github-actions-role
        role-session-name: MySessionName
    - name: Configure other AWS Credentials
      uses: aws-actions/configure-aws-credentials@v5.0.0
      with:
        aws-region: us-east-2
        role-to-assume: arn:aws:iam::987654321000:role/my-second-role
        role-session-name: MySessionName
        role-chaining: true
```

--------------------------------

### Configure AWS Credentials with Single Managed Session Policy

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

Example of using the configure-aws-credentials action with a single IAM managed policy for session permissions. This policy must exist in the same AWS account as the role.

```yaml
uses: aws-actions/configure-aws-credentials@v5.0.0
with:
   managed-session-policies: arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
```

--------------------------------

### Create IAM OpenID Connect Provider using AWS CLI

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

Command to create an IAM OpenID Connect provider in AWS using the AWS CLI. This is a prerequisite for using GitHub's OIDC provider to obtain temporary AWS credentials.

```bash
aws iam create-open-id-connect-provider \
    --url https://token.actions.githubusercontent.com \
    --client-id-list sts.amazonaws.com 
```

--------------------------------

### Configure AWS Credentials with AssumeRoleWithWebIdentity

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

This snippet shows the basic usage of the `configure-aws-credentials` action to assume an AWS role using OIDC. It specifies the AWS region, the role ARN to assume, and a session name. The action automatically retrieves the OIDC token from the GitHub environment.

```yaml
- name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v5.0.0
      with:
        aws-region: us-east-2
        role-to-assume: arn:aws:iam::123456789100:role/my-github-actions-role
        role-session-name: MySessionName
```

--------------------------------

### Configure HTTP Proxy

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

Demonstrates how to configure an HTTP proxy for the AWS credentials action. This can be done manually via the `http-proxy` input or by setting the `HTTP_PROXY` environment variable.

```yaml
uses: aws-actions/configure-aws-credentials@v5.0.0
with:
  aws-region: us-east-2
  role-to-assume: my-github-actions-role
  http-proxy: "http://companydomain.com:3128"
```

```bash
# Your environment configuration
HTTP_PROXY="http://companydomain.com:3128"
```

--------------------------------

### GitHub OIDC Trust Policy for IAM Role

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

Defines the trust policy for an IAM role in AWS, allowing GitHub Actions to assume the role using OIDC. It specifies the principal, action, and conditions for the trust relationship.

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Federated": "arn:aws:iam::<AWS_ACCOUNT_ID>:oidc-provider/token.actions.githubusercontent.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "token.actions.githubusercontent.com:aud": "sts.amazonaws.com",
          "token.actions.githubusercontent.com:sub": "repo:<GITHUB_ORG>/<GITHUB_REPOSITORY>:ref:refs/heads/<GITHUB_BRANCH>"
        }
      }
    }
  ]
}
```

--------------------------------

### Configure AWS Credentials for China Region Audience using OIDC

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

Shows how to configure the AWS credentials action for a specific AWS partition, like the China region, by setting a custom audience for the OIDC token. Requires specifying the AWS region and the role to assume.

```yaml
- name: Configure AWS Credentials for China region audience
  uses: aws-actions/configure-aws-credentials@v5.0.0
  with:
    audience: sts.amazonaws.com.cn
    aws-region: cn-northwest-1
    role-to-assume: arn:aws-cn:iam::123456789100:role/my-github-actions-role
```

--------------------------------

### Configure AWS Credentials with Multiple Managed Session Policies

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

Demonstrates how to specify multiple IAM managed policies for session permissions within the configure-aws-credentials action. Each policy must be in the same AWS account as the role.

```yaml
uses: aws-actions/configure-aws-credentials@v5.0.0
with:
   managed-session-policies: |
    arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
    arn:aws:iam::aws:policy/AmazonS3OutPostsReadOnlyAccess
```

--------------------------------

### Configure AWS Credentials with Static IAM

Source: https://github.com/aws-actions/configure-aws-credentials/blob/main/README.md

This snippet shows how to configure AWS credentials using static IAM credentials stored in GitHub repository secrets. It specifies the AWS access key ID, secret access key, region, and optionally a role to assume.

```yaml
- name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v5.0.0
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-2
        role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
        role-external-id: ${{ secrets.AWS_ROLE_EXTERNAL_ID }}
        role-duration-seconds: 1200
        role-session-name: MySessionName
```

=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.