Hi guys,
I followed this document to configure oidc in aws to retrieve temporary credentials but somehow it didn’t work.
Here is the error message:
An error occurred (InvalidIdentityToken) when calling the AssumeRoleWithWebIdentity operation: Incorrect token audience
This is my role trust relationships config:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::xxxxxx:oidc-provider/git.abc.cloud"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringLike": {
"git.abc.cloud:sub": "project_path:mygroup/myproject:ref_type:branch:ref:*"
}
}
}
]
}
Can anyone know what should I correct or check here?
Thanks,