Merge pull request #220 from nationalarchives/change-github-workflow-…

…to-use-aws-oidc

[FCL-447] Change GitHub workflow to use AWS OIDC

.github/workflows/deploy-production.yml

@@ -16,8 +16,7 @@ jobs:
       - uses: aws-actions/setup-sam@v2
       - uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_PRODUCTION_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_PRODUCTION_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
           aws-region: eu-west-2
       - run: sam build --use-container -m requirements/base.txt
       - run: >

.github/workflows/deploy.yml

@@ -15,8 +15,7 @@ jobs:
       - uses: aws-actions/setup-sam@v2
       - uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
           aws-region: eu-west-2
       - run: sam build --use-container -m requirements/base.txt
       - run: >