Skip to content

docs: add OIDC-based AWS authentication example for ECR scanning#537

Open
doyindevops wants to merge 1 commit intoaquasecurity:masterfrom
doyindevops:master
Open

docs: add OIDC-based AWS authentication example for ECR scanning#537
doyindevops wants to merge 1 commit intoaquasecurity:masterfrom
doyindevops:master

Conversation

@doyindevops
Copy link

@doyindevops doyindevops commented Mar 19, 2026

The current AWS ECR section uses static AWS credentials
(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY). This is discouraged
by AWS as it involves long-lived credentials that increase security risk.

This PR adds an alternative example using GitHub Actions OIDC with
aws-actions/configure-aws-credentials@v4 — the current AWS-recommended
approach. No static credentials required; authentication happens via
short-lived tokens tied to the workflow.

This pattern is commonly used in production EKS environments and
aligns with AWS security best practices.

@doyindevops
Update README with OIDC and Trivy scanner details
0452e54 
Added OIDC configuration for AWS credentials and updated Trivy scanner usage in the README.

docs: add OIDC-based AWS auth example for ECR scanning
@CLAassistant
Copy link

CLAassistant commented Mar 19, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@doyindevops @CLAassistant