Establish an IAM SAML 2.0 identity provider (IdP) within AWS IAM. Develop a new IAM role with a trust policy permitting the sts:AssumeRole API call. Attach the existing IAM policy to this new role. Modify GitHub to utilize SAML authentication for the pipeline.

Set up an IAM OpenID Connect (OIDC) identity provider (IdP) in AWS IAM. Create a new IAM role with a trust policy allowing the sts:AssumeRoleWithWebIdentity API call from the GitHub OIDC IdP. Update GitHub to assume this role for the pipeline.

Deploy an Amazon Cognito identity pool. Configure the authentication provider to integrate with GitHub. Establish a new IAM role with a trust policy that enables the sts:AssumeRoleWithWebIdentity API call from the GitHub authentication provider. Set up the pipeline to authenticate using Cognito.

Configure a trust anchor with AWS Private Certificate Authority. Produce a client certificate for use with AWS IAM Roles Anywhere. Generate a new IAM role with a trust policy that supports the sts:AssumeRole API call. Attach the existing IAM policy to the new role. Adjust the pipeline to utilize the credential helper tool and reference the client certificate public key to assume the new IAM role.