Changelog

Now in beta, Pro workspaces and higher can configure OpenID Connect (OIDC) to authenticate their Render services with AWS. This enables your services to securely access AWS resources at runtime using automatically rotated credentials.

The setup flow looks like this:

1. Add Render as an OIDC identity provider in AWS IAM.
2. Create or update IAM roles that trust the Render OIDC provider.
3. Add an AWS_ROLE_ARN environment variable to each Render service with the IAM role ARN it should assume.
4. Redeploy each service. Render starts issuing and rotating OIDC credentials automatically.

Get started in the documentation.