issues Search Results · language:Edge language:Python language:JavaScript language:Java language:JavaScript
Filter by
55.5M results
Phase 3 apply 403 d: OwnedBy can create app registrations but not service principals/federated creds. Bumped to
Application.ReadWrite.All (ADR-0011).
Refs: #5
area:entra
bug
phase-3
App-only Graph permission needs tenant admin consent; verified the SP appRoleAssignment before declaring Flow 2 ready
(RUNBOOK §4).
Refs: #4
area:entra
chore
phase-3
issuer/subject/audience = issuer_url / eop-dev-workload / api://AzureADTokenExchange. azuread provider via GitHub OIDC
(ARM_USE_OIDC).
Refs: #4
area:entra
phase-3
story
The cross-cloud trust: the Entra app + federated credential pointing at the Phase-2 issuer. Refs #4, #5.
Refs: #4
area:entra
epic
phase-3
Generate-on-first-boot RSA key stored only in Secrets Manager; kid = RFC-7638 thumbprint; publishes public JWKS. Gated
by wif.enabled (ADR-0010).
Refs: #3
area:app
phase-2
story
issuer field == the CloudFront domain exactly; CachingDisabled; empty CMK-encrypted Secrets Manager secret (ADR-0007).
Refs: #3
area:terraform
phase-2
story
Self-hosted OIDC issuer so the AWS workload can prove identity to Entra with no stored credential. Ref #3.
Refs: #3
area:terraform
epic
phase-2
Declaring environment changed the OIDC sub to environment: env , breaking AssumeRoleWithWebIdentity against the
ref:refs/heads/main-scoped deploy role.
Refs: #2
area:ci-cd
bug
phase-1
Pushing .github/workflows/* required the workflow scope; no SSH key so switched origin to HTTPS via gh credential
helper.
Refs: #1
area:ci-cd
bug
phase-1
First real resources so the pipeline has something to plan/apply and app-deploy has an ECR target.
Refs: #1
area:terraform
phase-1
story

Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.