AWS Security Token Service
(sts)
IAM Changes
Services
2026-02-07
2026-02-07
1 updated action | 39 removed conditions
Updates
Actions
AssumeRoleWithWebIdentity
Conditions
- accounts.google.com:organization_number
- token.actions.githubusercontent.com:actor
- token.actions.githubusercontent.com:actor_id
- token.actions.githubusercontent.com:enterprise_id
- token.actions.githubusercontent.com:environment
- token.actions.githubusercontent.com:job_workflow_ref
- token.actions.githubusercontent.com:ref
- token.actions.githubusercontent.com:repository
- token.actions.githubusercontent.com:repository_id
- token.actions.githubusercontent.com:workflow
- token.actions.githubusercontent.com/${SubPath}:actor
- token.actions.githubusercontent.com/${SubPath}:actor_id
- token.actions.githubusercontent.com/${SubPath}:enterprise_id
- token.actions.githubusercontent.com/${SubPath}:environment
- token.actions.githubusercontent.com/${SubPath}:job_workflow_ref
- token.actions.githubusercontent.com/${SubPath}:ref
- token.actions.githubusercontent.com/${SubPath}:repository
- token.actions.githubusercontent.com/${SubPath}:repository_id
- token.actions.githubusercontent.com/${SubPath}:workflow
- token.actions.${Domain}.ghe.com:actor
- token.actions.${Domain}.ghe.com:actor_id
- token.actions.${Domain}.ghe.com:enterprise_id
- token.actions.${Domain}.ghe.com:environment
- token.actions.${Domain}.ghe.com:job_workflow_ref
- token.actions.${Domain}.ghe.com:ref
- token.actions.${Domain}.ghe.com:repository
- token.actions.${Domain}.ghe.com:repository_id
- token.actions.${Domain}.ghe.com:workflow
- github.com/enterprises/${EnterpriseName}:actor
- github.com/enterprises/${EnterpriseName}:actor_id
- github.com/enterprises/${EnterpriseName}:enterprise_id
- github.com/enterprises/${EnterpriseName}:environment
- github.com/enterprises/${EnterpriseName}:job_workflow_ref
- github.com/enterprises/${EnterpriseName}:ref
- github.com/enterprises/${EnterpriseName}:repository
- github.com/enterprises/${EnterpriseName}:repository_id
- github.com/enterprises/${EnterpriseName}:workflow
- oidc.circleci.com/org/${OrgId}:project_id
- idcs-${OciUniqueIdentifier}.identity.oraclecloud.com:rpst_id
Deletions
Conditions
accounts.google.com:organization_number
Description:
Filters access by the organization number that the Google identity belongs to
Type:
String
github.com/enterprises/${EnterpriseName}:actor
Description:
Filters access by the personal account that initiated the workflow run
Type:
String
github.com/enterprises/${EnterpriseName}:actor_id
Description:
Filters access by the ID of the personal account that initiated the workflow run
Type:
String
github.com/enterprises/${EnterpriseName}:enterprise_id
Description:
Filters access by the ID of the enterprise that contains the repository from where the workflow is running
Type:
String
github.com/enterprises/${EnterpriseName}:environment
Description:
Filters access by the name of the environment used by the job
Type:
String
github.com/enterprises/${EnterpriseName}:job_workflow_ref
Description:
Filters access by the reference path to the reusable workflow for jobs using a reusable workflow
Type:
String
github.com/enterprises/${EnterpriseName}:ref
Description:
Filters access by the git ref (branch or tag) that triggered the workflow run
Type:
String
github.com/enterprises/${EnterpriseName}:repository
Description:
Filters access by the repository from where the workflow is running
Type:
String
github.com/enterprises/${EnterpriseName}:repository_id
Description:
Filters access by the ID of the repository from where the workflow is running
Type:
String
github.com/enterprises/${EnterpriseName}:workflow
Description:
Filters access by the name of the workflow
Type:
String
idcs-${OciUniqueIdentifier}.identity.oraclecloud.com:rpst_id
Description:
Filters access by the OCI resource principal session token ID
Type:
String
oidc.circleci.com/org/${OrgId}:project_id
Description:
Filters access by the CircleCI project ID
Type:
String
token.actions.${Domain}.ghe.com:actor
Description:
Filters access by the personal account that initiated the workflow run
Type:
String
token.actions.${Domain}.ghe.com:actor_id
Description:
Filters access by the ID of the personal account that initiated the workflow run
Type:
String
token.actions.${Domain}.ghe.com:enterprise_id
Description:
Filters access by the ID of the enterprise that contains the repository from where the workflow is running
Type:
String
token.actions.${Domain}.ghe.com:environment
Description:
Filters access by the name of the environment used by the job
Type:
String
token.actions.${Domain}.ghe.com:job_workflow_ref
Description:
Filters access by the reference path to the reusable workflow for jobs using a reusable workflow
Type:
String
token.actions.${Domain}.ghe.com:ref
Description:
Filters access by the git ref (branch or tag) that triggered the workflow run
Type:
String
token.actions.${Domain}.ghe.com:repository
Description:
Filters access by the repository from where the workflow is running
Type:
String
token.actions.${Domain}.ghe.com:repository_id
Description:
Filters access by the ID of the repository from where the workflow is running
Type:
String
token.actions.${Domain}.ghe.com:workflow
Description:
Filters access by the name of the workflow
Type:
String
token.actions.githubusercontent.com/${SubPath}:actor
Description:
Filters access by the personal account that initiated the workflow run
Type:
String
token.actions.githubusercontent.com/${SubPath}:actor_id
Description:
Filters access by the ID of the personal account that initiated the workflow run
Type:
String
token.actions.githubusercontent.com/${SubPath}:enterprise_id
Description:
Filters access by the ID of the enterprise that contains the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com/${SubPath}:environment
Description:
Filters access by the name of the environment used by the job
Type:
String
token.actions.githubusercontent.com/${SubPath}:job_workflow_ref
Description:
Filters access by the reference path to the reusable workflow for jobs using a reusable workflow
Type:
String
token.actions.githubusercontent.com/${SubPath}:ref
Description:
Filters access by the git ref (branch or tag) that triggered the workflow run
Type:
String
token.actions.githubusercontent.com/${SubPath}:repository
Description:
Filters access by the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com/${SubPath}:repository_id
Description:
Filters access by the ID of the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com/${SubPath}:workflow
Description:
Filters access by the name of the workflow
Type:
String
token.actions.githubusercontent.com:actor
Description:
Filters access by the personal account that initiated the workflow run
Type:
String
token.actions.githubusercontent.com:actor_id
Description:
Filters access by the ID of the personal account that initiated the workflow run
Type:
String
token.actions.githubusercontent.com:enterprise_id
Description:
Filters access by the ID of the enterprise that contains the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com:environment
Description:
Filters access by the name of the environment used by the job
Type:
String
token.actions.githubusercontent.com:job_workflow_ref
Description:
Filters access by the reference path to the reusable workflow for jobs using a reusable workflow
Type:
String
token.actions.githubusercontent.com:ref
Description:
Filters access by the git ref (branch or tag) that triggered the workflow run
Type:
String
token.actions.githubusercontent.com:repository
Description:
Filters access by the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com:repository_id
Description:
Filters access by the ID of the repository from where the workflow is running
Type:
String
token.actions.githubusercontent.com:workflow
Description:
Filters access by the name of the workflow
Type:
String