Cloud Automation

GitHub OIDC → AWS (No Long-Lived Keys): Cloud Automation the Right Way

January 10, 202610 min read
AWSIAMOIDCGitHub ActionsTerraformSecurity
Share:

Static AWS keys in CI are a footgun.

If you want cloud automation that scales (and passes security review), use OIDC-based federation:

  • GitHub Actions issues a short-lived identity token (OIDC)
  • AWS STS exchanges it for short-lived AWS credentials
  • Your workflow assumes a least-privilege role and does the work

This portfolio uses the same pattern to support Cloud telemetry mode (AWS S3) without ever embedding long-lived credentials.

The architecture

\

Related reading

All posts →
Why I Treat My Portfolio Like a Production System
Cloud Automation

Why I Treat My Portfolio Like a Production System

10 min read
Terraform Module Patterns: How I Structure IaC for Reuse
Cloud Automation

Terraform Module Patterns: How I Structure IaC for Reuse

11 min read
AWS Cost Optimization: How I Keep a Production Platform Under $50/Month
Cloud Automation

AWS Cost Optimization: How I Keep a Production Platform Under $50/Month

10 min read
Jason Teixeira
Written by
Jason Teixeira
Founder, Sage Ideas Studio
More about Jason →

Want to see this in action?

Check out the projects and case studies behind these articles.

View ProjectsRead Case Studies
livebuild 29be8ec2026-06-11 06:38Z
// solo studio// no analytics resold// every commit human-reviewed