AWS Security Token Service
(sts)
IAM Changes
Services
2026-02-06
2026-02-06
39 new conditions | 1 updated action
Additions
Conditions
accounts.google.com:organization_number
Description:
Filters access by the organization number that the Google identity belongs to
Type:
String
github.com/enterprises/${EnterpriseName}:actor
Description:
Filters access by the personal account that initiated the workflow run
Type:
String
github.com/enterprises/${EnterpriseName}:actor_id
Description:
Filters access by the ID of the personal account that initiated the workflow run
Type:
String
github.com/enterprises/${EnterpriseName}:enterprise_id
Description:
Filters access by the ID of the enterprise that contains the repository from where the workflow is running
Type:
String
github.com/enterprises/${EnterpriseName}:environment
Description:
Filters access by the name of the environment used by the job
Type:
String
github.com/enterprises/${EnterpriseName}:job_workflow_ref
Description:
Filters access by the reference path to the reusable workflow for jobs using a reusable workflow
Type:
String
github.com/enterprises/${EnterpriseName}:ref
Description:
Filters access by the git ref (branch or tag) that triggered the workflow run
Type:
String
github.com/enterprises/${EnterpriseName}:repository
Description:
Filters access by the repository from where the workflow is running
Type:
String
github.com/enterprises/${EnterpriseName}:repository_id
Description:
Filters access by the ID of the repository from where the workflow is running
Type:
String
github.com/enterprises/${EnterpriseName}:workflow
Description:
Filters access by the name of the workflow
Type:
String
idcs-${OciUniqueIdentifier}.identity.oraclecloud.com:rpst_id
Description:
Filters access by the OCI resource principal session token ID
Type:
String
oidc.circleci.com/org/${OrgId}:project_id
Description:
Filters access by the CircleCI project ID
Type:
String
token.actions.${Domain}.ghe.com:actor
Description:
Filters access by the personal account that initiated the workflow run
Type:
String
token.actions.${Domain}.ghe.com:actor_id
Description:
Filters access by the ID of the personal account that initiated the workflow run
Type:
String
token.actions.${Domain}.ghe.com:enterprise_id
Description:
Filters access by the ID of the enterprise that contains the repository from where the workflow is running
Type:
String
token.actions.${Domain}.ghe.com:environment
Description:
Filters access by the name of the environment used by the job
Type:
String
token.actions.${Domain}.ghe.com:job_workflow_ref
Description:
Filters access by the reference path to the reusable workflow for jobs using a reusable workflow
Type:
String
token.actions.${Domain}.ghe.com:ref
Description:
Filters access by the git ref (branch or tag) that triggered the workflow run
Type:
String
token.actions.${Domain}.ghe.com:repository
Description:
Filters access by the repository from where the workflow is running
Type:
String
token.actions.${Domain}.ghe.com:repository_id
Description:
Filters access by the ID of the repository from where the workflow is running
Type:
String
token.actions.${Domain}.ghe.com:workflow
Description:
Filters access by the name of the workflow
Type:
String
token.actions.githubusercontent.com/${SubPath}:actor
Description:
Filters access by the personal account that initiated the workflow run
Type:
String
token.actions.githubusercontent.com/${SubPath}:actor_id
Description:
Filters access by the ID of the personal account that initiated the workflow run
Type:
String
token.actions.githubusercontent.com/${SubPath}:enterprise_id
Description:
Filters access by the ID of the enterprise that contains the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com/${SubPath}:environment
Description:
Filters access by the name of the environment used by the job
Type:
String
token.actions.githubusercontent.com/${SubPath}:job_workflow_ref
Description:
Filters access by the reference path to the reusable workflow for jobs using a reusable workflow
Type:
String
token.actions.githubusercontent.com/${SubPath}:ref
Description:
Filters access by the git ref (branch or tag) that triggered the workflow run
Type:
String
token.actions.githubusercontent.com/${SubPath}:repository
Description:
Filters access by the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com/${SubPath}:repository_id
Description:
Filters access by the ID of the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com/${SubPath}:workflow
Description:
Filters access by the name of the workflow
Type:
String
token.actions.githubusercontent.com:actor
Description:
Filters access by the personal account that initiated the workflow run
Type:
String
token.actions.githubusercontent.com:actor_id
Description:
Filters access by the ID of the personal account that initiated the workflow run
Type:
String
token.actions.githubusercontent.com:enterprise_id
Description:
Filters access by the ID of the enterprise that contains the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com:environment
Description:
Filters access by the name of the environment used by the job
Type:
String
token.actions.githubusercontent.com:job_workflow_ref
Description:
Filters access by the reference path to the reusable workflow for jobs using a reusable workflow
Type:
String
token.actions.githubusercontent.com:ref
Description:
Filters access by the git ref (branch or tag) that triggered the workflow run
Type:
String
token.actions.githubusercontent.com:repository
Description:
Filters access by the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com:repository_id
Description:
Filters access by the ID of the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com:workflow
Description:
Filters access by the name of the workflow
Type:
String
Updates
Actions
AssumeRoleWithWebIdentity
Conditions
+ accounts.google.com:organization_number
+ token.actions.githubusercontent.com:actor
+ token.actions.githubusercontent.com:actor_id
+ token.actions.githubusercontent.com:enterprise_id
+ token.actions.githubusercontent.com:environment
+ token.actions.githubusercontent.com:job_workflow_ref
+ token.actions.githubusercontent.com:ref
+ token.actions.githubusercontent.com:repository
+ token.actions.githubusercontent.com:repository_id
+ token.actions.githubusercontent.com:workflow
+ token.actions.githubusercontent.com/${SubPath}:actor
+ token.actions.githubusercontent.com/${SubPath}:actor_id
+ token.actions.githubusercontent.com/${SubPath}:enterprise_id
+ token.actions.githubusercontent.com/${SubPath}:environment
+ token.actions.githubusercontent.com/${SubPath}:job_workflow_ref
+ token.actions.githubusercontent.com/${SubPath}:ref
+ token.actions.githubusercontent.com/${SubPath}:repository
+ token.actions.githubusercontent.com/${SubPath}:repository_id
+ token.actions.githubusercontent.com/${SubPath}:workflow
+ token.actions.${Domain}.ghe.com:actor
+ token.actions.${Domain}.ghe.com:actor_id
+ token.actions.${Domain}.ghe.com:enterprise_id
+ token.actions.${Domain}.ghe.com:environment
+ token.actions.${Domain}.ghe.com:job_workflow_ref
+ token.actions.${Domain}.ghe.com:ref
+ token.actions.${Domain}.ghe.com:repository
+ token.actions.${Domain}.ghe.com:repository_id
+ token.actions.${Domain}.ghe.com:workflow
+ github.com/enterprises/${EnterpriseName}:actor
+ github.com/enterprises/${EnterpriseName}:actor_id
+ github.com/enterprises/${EnterpriseName}:enterprise_id
+ github.com/enterprises/${EnterpriseName}:environment
+ github.com/enterprises/${EnterpriseName}:job_workflow_ref
+ github.com/enterprises/${EnterpriseName}:ref
+ github.com/enterprises/${EnterpriseName}:repository
+ github.com/enterprises/${EnterpriseName}:repository_id
+ github.com/enterprises/${EnterpriseName}:workflow
+ oidc.circleci.com/org/${OrgId}:project_id
+ idcs-${OciUniqueIdentifier}.identity.oraclecloud.com:rpst_id