trigger.dev icon indicating copy to clipboard operation
trigger.dev copied to clipboard
Published 2 weeks ago verified publisher icon triggerdotdev

feat: Support AWS OIDC Authentication on Hosted Trigger Runners

Open hongkongkiwi opened this issue 9 months ago • 0 comments

Is your feature request related to a problem? Please describe.

Authenticating with AWS currently requires setting up access keys.

However many other providers (e.g. Github, Fly.io etc) allow you to authenticate machines via OIDC requests.

It would be really great to support authenticating to AWS via OIDC. This means you just pass a role via an environment variable in the trigger task and set it up once in your AWS account to give a trigger task access, then it makes a request to trigger via OIDC and authenticates per run. You don't need to pass around access keys and such and your giving access to a role rather than keys.

This is how I often authenticate with say Github repos, so I'm not managing keys.

Great feature add.

Describe the solution you'd like to see

Setup my AWS account with correct trigger.dev OIDC credentials and give permission to a specific task name (or names).

Then, when authenticating the trigger OIDC server says yes/no and my app can authenticate to AWS and assume a role without passing any credentials.

Describe alternate solutions

Right now, the other solution is passing access credentials directly. This is less secure.

Additional information

No response

hongkongkiwi avatar Mar 30 '25 11:03 hongkongkiwi