I've created a GitHub action that works that allows GitHub Actions to exchange a GitHub token for AWS Access Credentials.
I've cultivated a few examples of it in action:
https://github.com/saml-to/aws-assume-role-action-examples
I've always found management of AWS Credentials has been a pain. So this setting up this Action works like this:
1) A SAML Identity Provider is created in AWS
2) A Role in AWS is set up to trust that Identity Provider
3) A config file is added to the repository indicating which role can be assumed
4) The GitHub Action exchanges the Repo Secret for AWS Credentials using the SAML.to backend for the exchange
Let me know what you think! I'm Happy to take questions and comments here or on Gitter: