feat(iam): implementa autenticación OIDC entre Bitbucket Pipelines y AWS

- Agrega aws_iam_openid_connect_provider y roles IAM para DEV/PROD
- Actualiza bitbucket-pipelines.yml para usar OIDC en steps 03, 05, 07
- Crea script helper scripts/aws-oidc-setup.sh
- Agrega provider tls en terraform/provider.tf
- Documenta el flujo completo en docs/14-oidc-bitbucket-aws.md

Elimina la dependencia de AWS_ACCESS_KEY_ID y AWS_SECRET_ACCESS_KEY
estáticos en el pipeline, permitiendo autenticación sin credenciales
de larga vida via AssumeRoleWithWebIdentity.

Refs: cuenta DEV 668889063715, PROD 523761210517

This commit is contained in:

Evert Daniel Romero Garrido

2026-04-15 12:50:31 -06:00

parent bc3ff913cf

commit 744c5d1413

5 changed files with 533 additions and 4 deletions

									
										terraform/provider.tf
									
		+4
		
												View File
												
				@@ -17,6 +17,10 @@ terraform {

				      source  = "hashicorp/aws"

				      version = ">= 5.94.0"

				    }

				    tls = {

				      source  = "hashicorp/tls"

				      version = ">= 4.0.0"

				    }

				  }

				}