I think the use case for setting the Issue to something besides the default is when you're using your own instance of Github. Also, it would have been useful to show the part where you gave the registered App the permissions it needed to do what it needed to do. For some reason I forgot that you didn't show it and was trying to figure out why it wasn't working. You need the role set in order for it to see or do what it needs to do first. In my case this was not for applying terraform but at least showing that would have given me a bit more context for what was needed here.
Do you have a TT video that does exactly this but uses Azure DevOps Pipelines and configuration with Azure DevOps Service Connection. Essentially a clone of this but not using GHA ? Or are the changes to take this and change to ADO 90% the same plus the differences?
Azure AD (Entra ID) doesn't support wildcards, so you need to add a federated credential for each repo, branch, and PR. I don't love that, but you can use Terraform to do it for you!
The main point is to remove long lived passwords/credentials. There's good documentation from Github on how to set it up: docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
![ILLSLICK - WINTER IS COMING [Official Video]](http://i.ytimg.com/vi/dwTMeM1zIhQ/mqdefault.jpg)
jeez, this guy is a serious pro. nice videos and amazing explanations.
Wow, thanks!
Thanks for covering this topic. Great content
I think the use case for setting the Issue to something besides the default is when you're using your own instance of Github.
Also, it would have been useful to show the part where you gave the registered App the permissions it needed to do what it needed to do. For some reason I forgot that you didn't show it and was trying to figure out why it wasn't working. You need the role set in order for it to see or do what it needs to do first. In my case this was not for applying terraform but at least showing that would have given me a bit more context for what was needed here.
Thanks for the feedback Mike. Sorry for the confusion!
@@NedintheCloud All good, you got me the majority of the way to figuring out how to use this to begin with. Much appreciated.
Thanks Ned. The content is super useful.. and this is what I was looking for..
Do you have a TT video that does exactly this but uses Azure DevOps Pipelines and configuration with Azure DevOps Service Connection. Essentially a clone of this but not using GHA ? Or are the changes to take this and change to ADO 90% the same plus the differences?
Service connections in Azure DevOps now support OIDC natively, so you don't have to set up a service principal and federated credentials.
Many thanks ❤
Ned, do you have a video/example using ADO pipeline parameter values getting passed as a variable in your variables.tf. Thanks.
Thanks for this topic. how to use multi repo for single federated credentials and how to manage subject cliam in that condition
Azure AD (Entra ID) doesn't support wildcards, so you need to add a federated credential for each repo, branch, and PR. I don't love that, but you can use Terraform to do it for you!
I don't know how to do this on AWS Cloud. What will change?
The main point is to remove long lived passwords/credentials. There's good documentation from Github on how to set it up: docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
This for Azure AD
hi Need could do a video of this same implementation in google cloud please?
I already did it, he,hehe