GitHub OIDC token for AWS Creds in all workflows (#48)

NathanielRN · web-flow · commit e872febdfa0c · 2021-12-21T18:37:16.000-08:00
diff --git a/.github/workflows/integration-testing.yml b/.github/workflows/integration-testing.yml
@@ -8,6 +8,7 @@ jobs:
     name: Publish and Test Apps
     runs-on: ubuntu-latest
     permissions:
+      id-token: write
       packages: write
     strategy:
       fail-fast: false
@@ -34,8 +35,6 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
           role-duration-seconds: 1200
           aws-region: us-east-1
diff --git a/.github/workflows/soak-testing.yml b/.github/workflows/soak-testing.yml
@@ -37,6 +37,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      id-token: write
       issues: write
     strategy:
       fail-fast: false
@@ -117,8 +118,6 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
           role-duration-seconds: 21600 # 6 Hours
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
