限制对受信任的 OIDC 身份提供商的访问

resource：https://github.com/aws-samples/resource-control-policy-examples/blob/main/Limit-access-to-trusted-OIDC-identity-providers/Limit-access-to-trusted-OIDC-identity-providers.md

resource: https://github.com/aws-samples/resource-control-policy-examples/blob/main/Limit-access-to-trusted-OIDC-identity-providers/Shared-Issuers.json

OIDC 联合身份验证可用于向已通过 OpenID Connect 兼容身份提供商 （IdP） 向 AWS 环境中的 IAM OpenID Connect （OIDC） 身份提供商进行身份验证的用户提供临时安全凭证。本节概述了控制外部 OIDC 身份提供商 （IdP） 用于授予对组织资源的访问权限的授权机制的控制示例。

Here is a list of the service providers covered in this sample, and their documentation:

Provider	Documentation	Issuer/OIDC Provider URL	Policy Statement in Shared-Issuers.json
Terraform Cloud	Terraform Docs	https://app.terraform.io	EnforceTrustedOIDCTenantTerraformCloud
GitLab	GitLab Docs ID Token Auth	https://gitlab.com	EnforceTrustedOIDCTenantGitLabCLoud
IBM Turbonomic SaaS	IBM Docs IBM Docs Support Page	https://rh-oidc.s3.us-east-1.amazonaws.com/22ejnvnnturfmt6km08idd0nt4hekbn7 https://rh-oidc.s3.us-east-1.amazonaws.com/23e3sd27sju1hoou6ohfs68vbno607tr https://rh-oidc.s3.us-east-1.amazonaws.com/23ne21h005qjl3n33d8dui5dlrmv2tmg https://rh-oidc.s3.us-east-1.amazonaws.com/24jrf12m5dj7ljlfb4ta2frhrcoadm26 https://oidc.op1.openshiftapps.com/2f785sojlpb85i7402pk3qogugim5nfb https://oidc.op1.openshiftapps.com/2c51blsaqa9gkjt0o9rt11mle8mmropu	EnforceTrustedOIDCTenantIbmTurboNomic1 EnforceTrustedOIDCTenantIbmTurboNomic2 EnforceTrustedOIDCTenantIbmTurboNomic3 EnforceTrustedOIDCTenantIbmTurboNomic4 EnforceTrustedOIDCTenantIbmTurboNomic5 EnforceTrustedOIDCTenantIbmTurboNomic6
Shisho.dev	Shisho Docs	https://tokens.cloud.shisho.dev	EnforceTrustedOIDCTenantShishoDev
Scalr	Scalr Docs	https://scalr.io	EnforceTrustedOIDCTenantScalr
GitHub Audit Log Streaming	GitHub Docs	https://oidc-configuration.audit-log.githubusercontent.com	EnforceTrustedOIDCTenantGithubLogStreaming
Pulumi	Pulumi Docs	https://api.pulumi.com	EnforceTrustedOIDCTenantPulumi
Buildkite	Buildkite Docs	https://agent.buildkite.com	EnforceTrustedOIDCTenantBuildKite
Upbound	Upbound Docs	https://proidc.upbound.io	EnforceTrustedOIDCTenantUpbound
GitHub Actions - Self Hosted Runners	GitHub Actions Docs	https://vstoken.actions.githubusercontent.com	EnforceTrustedOIDCTenantGithubActionsSelfHosted
Vercel	Vercel Docs	https://oidc.vercel.com	EnforceTrustedOIDCTenantVercel
Sandboxes.cloud	Sandboxes Docs	https://sandboxes.cloud	EnforceTrustedOIDCTenantSandBoxes
Datachain.ai	Datachain Docs	https://studio.datachain.ai/api	EnforceTrustedOIDCTenantDataChain
Codefresh	Codefresh Docs	https://oidc.codefresh.io	EnforceTrustedOIDCTenantCodeFresh

This list may not include all possible third party service providers that use a shared issuer URL with their OIDC integration to access AWS accounts. Please review all relevant documentation from your service providers to ensure your security objectives are met when configuring an OIDC integration to AWS from your third party service providers.