https://www.latacora.com/categories/cloud-security/Recent content in Cloud Security on LatacoraHugo -- gohugo.ioen-usTue, 04 Nov 2025 10:00:00 -0500https://www.latacora.com/blog/2025/11/04/aws-oidc-workload-identity/Tue, 04 Nov 2025 10:00:00 -0500https://www.latacora.com/blog/2025/11/04/aws-oidc-workload-identity/<p><em>Update</em>: after years of being on the wish list of a ton of top AWS teams, AWS released <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_outbound.html" target="_blank" rel="noopener noreferrer">a built-in version of this feature</a> about two weeks after we published this. Never let it be said gentle ribbing doesn&rsquo;t work. Also, thanks AWS! We meant it when we said that the only thing better than having something easy to deploy was not needing to deploy anything at all. Everything in this post about workload identity is still relevant but you should probably use upstream&rsquo;s implementation unless you have a good reason not to (for example, private validators for whom you need a VPC endpoint).</p>