From 5340b28b609aaa8b9b6aa2dafffb0f27e0b11d37 Mon Sep 17 00:00:00 2001
From: Chris Wright <chris@dxw.com>
Date: Mon, 18 Nov 2024 14:03:49 +0000
Subject: [PATCH] Change GitHub workflow to use AWS OIDC

* The OpenID Connector for authenticating with AWS rather than using
  credentials
---
 .github/workflows/deploy-production.yml | 3 +--
 .github/workflows/deploy.yml            | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml
index 77a817a..cf0e514 100644
--- a/.github/workflows/deploy-production.yml
+++ b/.github/workflows/deploy-production.yml
@@ -16,8 +16,7 @@ jobs:
       - uses: aws-actions/setup-sam@v2
       - uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_PRODUCTION_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_PRODUCTION_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
           aws-region: eu-west-2
       - run: sam build --use-container -m requirements/base.txt
       - run: >
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 74898d2..6cb9c52 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -15,8 +15,7 @@ jobs:
       - uses: aws-actions/setup-sam@v2
       - uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
           aws-region: eu-west-2
       - run: sam build --use-container -m requirements/base.txt
       - run: >