We are starting to use GitHub Actions more and more for CICD functionality but for them to connect to AWS we need to have an IAM User (sigh!).
What I’d like to do is have each repo have it’s own IAM User and the access keys assigned to that IAM User are rotated daily for security purposes. We’d then update the secret on that repo with the new creds.
The script to do all this would likely run from AWS Lambda and figured I could use the GitHub API’s to achieve the result but authentication is a massive issue here - I’ve tried using a GitHub App and OAuth App but can’t work out how, using Python, I’d actually be able to get this working. Seems Personal Access Tokens are the easiest way forward but that would have to be tied to someone but if that person leaves then the whole thing would fall over.
Anyone have any recommendations on how I’d get this working successfully/
Thanks in advance