From a864f5ceb2986c9717b53deb2d64ef55a8883217 Mon Sep 17 00:00:00 2001
From: Viren Nadkarni <viren.nadkarni@gmail.com>
Date: Thu, 29 Jan 2026 18:46:18 +0530
Subject: [PATCH 1/3] Unskip all data update actions by updating conditions

---
 .github/workflows/data-update_config-managed-rules.yml   | 2 +-
 .github/workflows/data-update_ec2-instance-offerings.yml | 2 +-
 .github/workflows/data-update_ec2-instance-types.yml     | 2 +-
 .github/workflows/data-update_emr_instance_types.yml     | 2 +-
 .github/workflows/data-update_iam-managed-policies.yml   | 2 +-
 .github/workflows/data-update_ssm-default-amis.yml       | 2 +-
 .github/workflows/data-update_ssm-default-parameters.yml | 2 +-
 .github/workflows/data-update_ssm-optimized-amis.yml     | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/data-update_config-managed-rules.yml b/.github/workflows/data-update_config-managed-rules.yml
index 9d6d115d56fe..55338d18d507 100644
--- a/.github/workflows/data-update_config-managed-rules.yml
+++ b/.github/workflows/data-update_config-managed-rules.yml
@@ -16,7 +16,7 @@ jobs:
   update:
     name: Update Config Managed Rules
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }}
+    if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }}
     permissions:
       id-token: write
       contents: write
diff --git a/.github/workflows/data-update_ec2-instance-offerings.yml b/.github/workflows/data-update_ec2-instance-offerings.yml
index c3922c3ff00f..223a68a8f89a 100644
--- a/.github/workflows/data-update_ec2-instance-offerings.yml
+++ b/.github/workflows/data-update_ec2-instance-offerings.yml
@@ -16,7 +16,7 @@ jobs:
   update:
     name: Update EC2 Instance Offerings
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }}
+    if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }}
     permissions:
       id-token: write
       contents: write
diff --git a/.github/workflows/data-update_ec2-instance-types.yml b/.github/workflows/data-update_ec2-instance-types.yml
index 27a47f7f179f..260e0ae02199 100644
--- a/.github/workflows/data-update_ec2-instance-types.yml
+++ b/.github/workflows/data-update_ec2-instance-types.yml
@@ -16,7 +16,7 @@ jobs:
   update:
     name: Update EC2 Instance Types
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }}
+    if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }}
     permissions:
       id-token: write
       contents: write
diff --git a/.github/workflows/data-update_emr_instance_types.yml b/.github/workflows/data-update_emr_instance_types.yml
index 099f39cf727b..6bb84b2798f5 100644
--- a/.github/workflows/data-update_emr_instance_types.yml
+++ b/.github/workflows/data-update_emr_instance_types.yml
@@ -16,7 +16,7 @@ jobs:
   update:
     name: Update EMR Instance Types
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }}
+    if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }}
     permissions:
       id-token: write
       contents: write
diff --git a/.github/workflows/data-update_iam-managed-policies.yml b/.github/workflows/data-update_iam-managed-policies.yml
index 10d2dab62850..9a0104e50396 100644
--- a/.github/workflows/data-update_iam-managed-policies.yml
+++ b/.github/workflows/data-update_iam-managed-policies.yml
@@ -16,7 +16,7 @@ jobs:
   update:
     name: Update IAM Managed Policies
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }}
+    if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }}
     permissions:
       id-token: write
       contents: write
diff --git a/.github/workflows/data-update_ssm-default-amis.yml b/.github/workflows/data-update_ssm-default-amis.yml
index 5e10c4f99f20..86ec9dbbc8f9 100644
--- a/.github/workflows/data-update_ssm-default-amis.yml
+++ b/.github/workflows/data-update_ssm-default-amis.yml
@@ -16,7 +16,7 @@ jobs:
   update:
     name: Update SSM default AMIs
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }}
+    if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }}
     permissions:
       id-token: write
       contents: write
diff --git a/.github/workflows/data-update_ssm-default-parameters.yml b/.github/workflows/data-update_ssm-default-parameters.yml
index ca8a375662e2..6cd781ffe678 100644
--- a/.github/workflows/data-update_ssm-default-parameters.yml
+++ b/.github/workflows/data-update_ssm-default-parameters.yml
@@ -16,7 +16,7 @@ jobs:
   update:
     name: Update SSM default parameters
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }}
+    if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }}
     permissions:
       id-token: write
       contents: write
diff --git a/.github/workflows/data-update_ssm-optimized-amis.yml b/.github/workflows/data-update_ssm-optimized-amis.yml
index e04fc12412ee..f4bde8ecc364 100644
--- a/.github/workflows/data-update_ssm-optimized-amis.yml
+++ b/.github/workflows/data-update_ssm-optimized-amis.yml
@@ -16,7 +16,7 @@ jobs:
   update:
     name: Update SSM Optimized AMIs
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }}
+    if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }}
     permissions:
       id-token: write
       contents: write

From 7c14cabfc1862f0d98bc52f17c687a7a6942f309 Mon Sep 17 00:00:00 2001
From: Viren Nadkarni <viren.nadkarni@gmail.com>
Date: Thu, 29 Jan 2026 19:48:23 +0530
Subject: [PATCH 2/3] Change the OIDC role

---
 .github/workflows/data-update_ec2-instance-offerings.yml | 2 +-
 .github/workflows/data-update_ec2-instance-types.yml     | 2 +-
 .github/workflows/data-update_emr_instance_types.yml     | 2 +-
 .github/workflows/data-update_iam-managed-policies.yml   | 2 +-
 .github/workflows/data-update_ssm-default-amis.yml       | 2 +-
 .github/workflows/data-update_ssm-default-parameters.yml | 2 +-
 .github/workflows/data-update_ssm-optimized-amis.yml     | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/data-update_ec2-instance-offerings.yml b/.github/workflows/data-update_ec2-instance-offerings.yml
index 223a68a8f89a..b5bb54d39e37 100644
--- a/.github/workflows/data-update_ec2-instance-offerings.yml
+++ b/.github/workflows/data-update_ec2-instance-offerings.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole
+        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
 
     - name: Pull EC2 instance types from AWS
       run: |
diff --git a/.github/workflows/data-update_ec2-instance-types.yml b/.github/workflows/data-update_ec2-instance-types.yml
index 260e0ae02199..d8e882f76117 100644
--- a/.github/workflows/data-update_ec2-instance-types.yml
+++ b/.github/workflows/data-update_ec2-instance-types.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole
+        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
 
     - name: Pull EC2 instance types from AWS
       run: |
diff --git a/.github/workflows/data-update_emr_instance_types.yml b/.github/workflows/data-update_emr_instance_types.yml
index 6bb84b2798f5..4dc3f89ef225 100644
--- a/.github/workflows/data-update_emr_instance_types.yml
+++ b/.github/workflows/data-update_emr_instance_types.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole
+        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
 
     - name: Pull EMR instance types from AWS
       run: |
diff --git a/.github/workflows/data-update_iam-managed-policies.yml b/.github/workflows/data-update_iam-managed-policies.yml
index 9a0104e50396..68925ebf1af6 100644
--- a/.github/workflows/data-update_iam-managed-policies.yml
+++ b/.github/workflows/data-update_iam-managed-policies.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole
+        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
 
     - name: Pull IAM managed policies from AWS
       run: |
diff --git a/.github/workflows/data-update_ssm-default-amis.yml b/.github/workflows/data-update_ssm-default-amis.yml
index 86ec9dbbc8f9..7836bcdbb877 100644
--- a/.github/workflows/data-update_ssm-default-amis.yml
+++ b/.github/workflows/data-update_ssm-default-amis.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole
+        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
 
     - name: Pull SSM default AMIs from AWS
       run: |
diff --git a/.github/workflows/data-update_ssm-default-parameters.yml b/.github/workflows/data-update_ssm-default-parameters.yml
index 6cd781ffe678..93149226412a 100644
--- a/.github/workflows/data-update_ssm-default-parameters.yml
+++ b/.github/workflows/data-update_ssm-default-parameters.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole
+        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Rol
 
     - name: Pull SSM default Parameters from AWS
       run: |
diff --git a/.github/workflows/data-update_ssm-optimized-amis.yml b/.github/workflows/data-update_ssm-optimized-amis.yml
index f4bde8ecc364..87b460bb456b 100644
--- a/.github/workflows/data-update_ssm-optimized-amis.yml
+++ b/.github/workflows/data-update_ssm-optimized-amis.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole
+        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
 
     - name: Pull SSM Optimized AMIs from AWS
       run: |

From fcd9cd6352e6d97493786b35af29eb42c7d3ba13 Mon Sep 17 00:00:00 2001
From: Viren Nadkarni <viren.nadkarni@gmail.com>
Date: Fri, 30 Jan 2026 13:00:28 +0530
Subject: [PATCH 3/3] Use prod role

---
 .github/workflows/data-update_ec2-instance-offerings.yml | 2 +-
 .github/workflows/data-update_ec2-instance-types.yml     | 2 +-
 .github/workflows/data-update_emr_instance_types.yml     | 2 +-
 .github/workflows/data-update_iam-managed-policies.yml   | 2 +-
 .github/workflows/data-update_ssm-default-amis.yml       | 2 +-
 .github/workflows/data-update_ssm-default-parameters.yml | 2 +-
 .github/workflows/data-update_ssm-optimized-amis.yml     | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/data-update_ec2-instance-offerings.yml b/.github/workflows/data-update_ec2-instance-offerings.yml
index b5bb54d39e37..db11141a95ff 100644
--- a/.github/workflows/data-update_ec2-instance-offerings.yml
+++ b/.github/workflows/data-update_ec2-instance-offerings.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
+        role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role
 
     - name: Pull EC2 instance types from AWS
       run: |
diff --git a/.github/workflows/data-update_ec2-instance-types.yml b/.github/workflows/data-update_ec2-instance-types.yml
index d8e882f76117..b519b615cd9f 100644
--- a/.github/workflows/data-update_ec2-instance-types.yml
+++ b/.github/workflows/data-update_ec2-instance-types.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
+        role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role
 
     - name: Pull EC2 instance types from AWS
       run: |
diff --git a/.github/workflows/data-update_emr_instance_types.yml b/.github/workflows/data-update_emr_instance_types.yml
index 4dc3f89ef225..f48ddab06ab6 100644
--- a/.github/workflows/data-update_emr_instance_types.yml
+++ b/.github/workflows/data-update_emr_instance_types.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
+        role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role
 
     - name: Pull EMR instance types from AWS
       run: |
diff --git a/.github/workflows/data-update_iam-managed-policies.yml b/.github/workflows/data-update_iam-managed-policies.yml
index 68925ebf1af6..3f699d69d41f 100644
--- a/.github/workflows/data-update_iam-managed-policies.yml
+++ b/.github/workflows/data-update_iam-managed-policies.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
+        role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role
 
     - name: Pull IAM managed policies from AWS
       run: |
diff --git a/.github/workflows/data-update_ssm-default-amis.yml b/.github/workflows/data-update_ssm-default-amis.yml
index 7836bcdbb877..a34cd19077ef 100644
--- a/.github/workflows/data-update_ssm-default-amis.yml
+++ b/.github/workflows/data-update_ssm-default-amis.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
+        role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role
 
     - name: Pull SSM default AMIs from AWS
       run: |
diff --git a/.github/workflows/data-update_ssm-default-parameters.yml b/.github/workflows/data-update_ssm-default-parameters.yml
index 93149226412a..c68f886c5068 100644
--- a/.github/workflows/data-update_ssm-default-parameters.yml
+++ b/.github/workflows/data-update_ssm-default-parameters.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Rol
+        role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role
 
     - name: Pull SSM default Parameters from AWS
       run: |
diff --git a/.github/workflows/data-update_ssm-optimized-amis.yml b/.github/workflows/data-update_ssm-optimized-amis.yml
index 87b460bb456b..c759b49c026a 100644
--- a/.github/workflows/data-update_ssm-optimized-amis.yml
+++ b/.github/workflows/data-update_ssm-optimized-amis.yml
@@ -35,7 +35,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v5
       with:
         aws-region: us-east-1
-        role-to-assume: arn:aws:iam::623948600419:role/MotoExt-CI-Role
+        role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role
 
     - name: Pull SSM Optimized AMIs from AWS
       run: |