https://example.org/tags/oidc/Recent content in Oidc on Lazare's AWS BlogHugoen-usWed, 15 Apr 2026 00:00:00 -0700https://example.org/posts/switch-github-aws-hard-coded-tokens-to-oidc/Wed, 15 Apr 2026 00:00:00 -0700https://example.org/posts/switch-github-aws-hard-coded-tokens-to-oidc/<p>If your GitHub Actions workflow talks to AWS using <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_ACCESS_KEY</code>, you are relying on long-lived credentials stored in GitHub secrets. That works, but it creates more secret management overhead than you need. A better approach is to use <strong>OpenID Connect (OIDC)</strong> so GitHub can request short-lived AWS credentials at runtime.</p> <p>In this guide, I&rsquo;ll walk through how to migrate a typical GitHub-to-AWS deployment from hard-coded tokens to OIDC. The pattern is especially useful for static site deployments, where GitHub Actions builds the site, uploads it to <strong>Amazon S3</strong>, and then invalidates <strong>CloudFront</strong>.</p>