From 19d3da3403b8ccecff22762ec1e4d1d3a36ee7b9 Mon Sep 17 00:00:00 2001
From: Marc Farra <marcfarra@gmail.com>
Date: Thu, 12 Sep 2024 18:14:06 +0300
Subject: [PATCH] change to oidc role

---
 .github/workflows/deploy-staging.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
index a172965e..f3affa2a 100644
--- a/.github/workflows/deploy-staging.yml
+++ b/.github/workflows/deploy-staging.yml
@@ -11,6 +11,7 @@ env:
   DEPLOY_BUCKET_STAGING: nasa-apt-v5-staging
   DEPLOY_BUCKET_STAGING_REGION: us-east-1
   STAGING_CLOUDFRONT_DISTRIBUTION_ID: E2XF0H60GJHF3E
+  OIDC_ROLE: arn:aws:iam::552819999234:role/nasa-apt-frontend-ci
 
 jobs:
   build-and-deploy:
@@ -44,11 +45,10 @@ jobs:
       - name: Build staging
         run: PUBLIC_URL="${{ env.DOMAIN_STAGING }}" yarn stage
 
-      - name: Configure AWS credentials
+      - name: Configure AWS credentials using OIDC
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ env.OIDC_ROLE }}
           aws-region: ${{ env.DEPLOY_BUCKET_STAGING_REGION }}
 
       - name: Deploy to S3
@@ -61,4 +61,4 @@ jobs:
         run: |
           aws cloudfront create-invalidation \
             --distribution-id ${{ env.STAGING_CLOUDFRONT_DISTRIBUTION_ID }} \
-            --paths "/*"
\ No newline at end of file
+            --paths "/*"