Summary: Configure the AWS account to trust GitHub Actions and create the IAM Role that the pipeline will assume. Description: We need to set up the "handshake" between GitHub and AWS. This involves adding GitHub as an Identity Provider in AWS IAM and creating a role that trusts your specific GitHub repository.

• Tasks:

1. 1. Create OIDC Provider (if not exists):

• • • URL: https://token.actions.githubusercontent.com

• • • Audience: sts.amazonaws.com

1. 1. Create IAM Role: Name it standardly, e.g., GitHubAction-PackerBuild-Role.

1. 1. Attach Trust Policy: Allow sts:AssumeRoleWithWebIdentity only for your specific repo/branch.

• • • Condition: token.actions.githubusercontent.com:sub StringLike repo:YourOrg/YourRepo:*

1. 1. Attach Permission Policy: Attach the policy drafted in Story 1.

Acceptance Criteria:

• [ ] AWS OIDC Provider is configured.

• [ ] IAM Role is created with the correct Trust Policy (scoped to this repo).

• [ ] Permissions are attached to the Role.

• [ ] The Role ARN is captured for the next story.