aws-lambda-api-tools 0.1.12 → 0.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +90 -4
  2. package/bin/cli.js +1 -1
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -234,12 +234,98 @@ MIT
234
234
 
235
235
  ## GitHub Actions IAM Setup
236
236
 
237
- This package includes a utility to set up IAM OIDC authentication for GitHub Actions so that you can deploy to AWS from your GitHub Actions:
237
+ This package includes a utility to set up IAM OIDC authentication for GitHub Actions, allowing secure deployments to AWS without storing long-lived credentials.
238
+
239
+ ### Installation
240
+
241
+ ```bash
242
+ npm install aws-lambda-api-tools
243
+ ```
244
+
245
+ ### Usage
246
+
247
+ Create or update an IAM stack for GitHub Actions OIDC authentication:
238
248
 
239
249
  ```bash
240
- npx gh-oidc-iam --repo=owner/repo-name [--policy=PolicyName]
250
+ npx aws-lambda-api-tools create-gha-iam-stack --repo=owner/repo-name
241
251
  ```
242
252
 
243
- Options:
244
- - `--repo`: (Required) Your GitHub repository in the format `owner/repo-name`
253
+ ### Options
254
+
255
+ - `--repo`: (Required, Multiple) GitHub repository in the format `owner/repo-name`. Can be specified multiple times to grant access to multiple repositories
245
256
  - `--policy`: (Optional) AWS managed policy name to attach to the role. Defaults to 'AdministratorAccess'
257
+ - Uses AWS credentials from your environment or AWS_PROFILE
258
+
259
+ ### Examples
260
+
261
+ **Single Repository:**
262
+ ```bash
263
+ npx aws-lambda-api-tools create-gha-iam-stack --repo=myorg/my-service
264
+ ```
265
+
266
+ **Multiple Repositories:**
267
+ ```bash
268
+ npx aws-lambda-api-tools create-gha-iam-stack \
269
+ --repo=myorg/service-a \
270
+ --repo=myorg/service-b \
271
+ --repo=myorg/service-c
272
+ ```
273
+
274
+ **Custom IAM Policy:**
275
+ ```bash
276
+ npx aws-lambda-api-tools create-gha-iam-stack \
277
+ --repo=myorg/my-service \
278
+ --policy=AWSLambda_FullAccess
279
+ ```
280
+
281
+ **Using AWS Profile:**
282
+ ```bash
283
+ AWS_PROFILE=staging npx aws-lambda-api-tools create-gha-iam-stack \
284
+ --repo=myorg/my-service
285
+ ```
286
+
287
+ ### Implementation Details
288
+
289
+ The tool creates a CloudFormation stack named `GithubActionsIam` containing:
290
+
291
+ 1. An OIDC Provider for GitHub Actions (if it doesn't exist)
292
+ 2. An IAM Role with:
293
+ - Trust policy configured for the specified GitHub repositories
294
+ - Specified AWS managed policy attached (defaults to AdministratorAccess)
295
+
296
+ The role ARN is output after stack creation/update and can be used in your GitHub Actions workflows.
297
+
298
+ ### Using in GitHub Actions
299
+
300
+ Add the following to your GitHub Actions workflow:
301
+
302
+ ```yaml
303
+ permissions:
304
+ id-token: write
305
+ contents: read
306
+
307
+ jobs:
308
+ deploy:
309
+ runs-on: ubuntu-latest
310
+ steps:
311
+ - uses: actions/checkout@v3
312
+
313
+ - name: Configure AWS Credentials
314
+ uses: aws-actions/configure-aws-credentials@v4
315
+ with:
316
+ role-to-assume: ${{ secrets.AWS_ROLE_ARN }} # Role ARN from stack output
317
+ aws-region: us-east-1
318
+
319
+ - name: Deploy
320
+ run: |
321
+ # Your deployment steps here
322
+ ```
323
+
324
+ Set the `AWS_ROLE_ARN` secret in your GitHub repository to the role ARN output by the create-gha-iam-stack command.
325
+
326
+ ### Updating Existing Stacks
327
+
328
+ You can run the command again with different repositories to update the stack:
329
+ - New repositories will be added to the trust policy
330
+ - Existing repositories will remain unchanged
331
+ - The attached policy can be updated by specifying a new --policy value
package/bin/cli.js CHANGED
@@ -1,2 +1,2 @@
1
1
  #!/usr/bin/env node
2
- "use strict";var o=require("commander"),a=require("path");o.program.name("aws-lambda-api-tools").description("CLI tools for AWS Lambda and API Gateway").version("0.1.5");o.program.command("create-gha-iam-stack").description("Create IAM stack for GitHub Actions OIDC authentication").requiredOption("--repo <owner/repo>","GitHub repository (owner/repo)").option("--policy <name>","AWS managed policy name","AdministratorAccess").action(async r=>{process.argv=[process.argv[0],process.argv[1],`--repo=${r.repo}`,`--policy=${r.policy}`],require((0,a.join)(__dirname,"bootstrap-iam.js"))});o.program.parse();
2
+ "use strict";var o=require("commander"),a=require("path");o.program.name("aws-lambda-api-tools").description("CLI tools for AWS Lambda and API Gateway").version("0.1.5");o.program.command("create-gha-iam-stack").description("Create IAM stack for GitHub Actions OIDC authentication").option("--repo <owner/repo>","GitHub repository (owner/repo)",t,[]).option("--policy <name>","AWS managed policy name","AdministratorAccess").action(async r=>{r.repo.length===0&&(console.error("Error: at least one --repo argument is required"),process.exit(1)),process.argv=[process.argv[0],process.argv[1],...r.repo.map(e=>`--repo=${e}`),`--policy=${r.policy}`],require((0,a.join)(__dirname,"bootstrap-iam.js"))});function t(r,e){return e.concat([r])}o.program.parse();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "aws-lambda-api-tools",
3
- "version": "0.1.12",
3
+ "version": "0.1.14",
4
4
  "description": "",
5
5
  "main": "dist/index.js",
6
6
  "bin": {