While renewing GitHub Actions SSL certificates, an unexpected change in the intermediate certificate authority broke workflows using Open ID Connect (OIDC) based deployment to AWS.

To fix the issue please follow the following steps:

  1. In the AWS Console, go to IAM -> Identity Providers
  2. Open the provider(s) for token.actions.githubusercontent.com
  3. Click Manage under Thumbprints
  4. Add the thumbprint 6938fd4d98bab03faadb97b34396831e3780aea1

We’re continuing to investigate, to ensure this issue does not reoccur in the future.

Learn more about using OIDC with GitHub Actions.