'OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint

githubActions connection to aws credential

- name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@master
        with:
          role-to-assume: ${{secrets.ARN_GITHUB_ACTIONS_ROLE_UAT}}
          aws-region: ${{secrets.AWS_REGION}}

Here is where I got the error and I don't have access to access cloud trails to see the history,it's possible that someone changed the credentials or delete the role?



Solution 1:[1]

Note that GitHub (accidentally) updated their thumbprint recently, so the result is now 6938fd4d98bab03faadb97b34396831e3780aea1

More details here https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/

Solution 2:[2]

You shuld update your Thumbprints in AWS. In this link you can find how to create your thumbprints. Obtaining the thumbprint for an OpenID Connect Identity Provider. After that

  • Go to your IAM Identity Providers
  • Choos your provider
  • Manage Thumbprints
  • Update the thumbprint with the one you optaind following the Obtaining the thumbprint for an OpenID Connect Identity Provider

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Carlos Santini
Solution 2 manukyanv07