Home > database >  Is it possible to run a GitHub Action with a 2FA?
Is it possible to run a GitHub Action with a 2FA?

Time:03-16

I have the following scenario. Currently a Wordpress site was hosted on an EC2 server. There is no deployment strategy in place. It was using the AWS CLI to deploy the data from local to the server.

Problem For various reasons, I don't want to take it over that way of deployment and am currently considering putting the deployment process into a GitHub Action. Which in itself wouldn't be a problem if it weren't for the 2FA check.

Using the AWS CLI, I am forced to enter the code displayed in my MS Authenticator app into the CLI to proceed.

Question: Is it possible to deploy via GitHub Action and 2FA? I guess almost no? But what do I know?

CodePudding user response:

No, you can't have GitHub Actions prompt and enter the 2FA tokens on your behalf. But what you can do, is setup OpenID Connect between GitHub actions and AWS.

That way you can authorize GitHub Actions to make changes to specific resources in AWS and OIDC handles the magic key exchange parts to make sure it can safely do its thing.

More info here:

  • Related