Skip to content

Commit 46606bf

Browse files
niraj8niraj8
committed
use oidc role
1 parent 7807534 commit 46606bf

File tree

2 files changed

+12
-8
lines changed

2 files changed

+12
-8
lines changed

.github/workflows/infra-apply.yml

+4-5
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@ on:
1111
env:
1212
TF_STATE_BUCKET: "stackgen-meetup-terraform-state"
1313
AWS_REGION: "us-west-2"
14-
STATIC_ASSETS_BUCKET: "stackgen-meetup-static-assets"
1514

1615
jobs:
1716
apply-appstack:
@@ -27,15 +26,15 @@ jobs:
2726
- name: Configure AWS credentials
2827
uses: aws-actions/configure-aws-credentials@v4
2928
with:
30-
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
31-
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
32-
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
29+
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
30+
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
31+
# aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
3332
aws-region: ${{ env.AWS_REGION }}
33+
role-to-assume: arn:aws:iam::222634395437:role/sep-24-meetup-oidc-github
3434

3535
- name: Apply TF Changes
3636
uses: ./.github/workflows/apply
3737
with:
3838
tf_state_bucket: ${{ env.TF_STATE_BUCKET }}
3939
tf_state_key: ${{ github.repository }}/terraform.tfstate
4040
aws_region: ${{ env.AWS_REGION }}
41-
static_assets_bucket: ${{ env.STATIC_ASSETS_BUCKET }}

.github/workflows/infra-pr.yaml

+8-3
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,10 @@ env:
1414

1515
jobs:
1616
plan:
17+
permissions:
18+
id-token: write
19+
contents: read
20+
pull-requests: write
1721
runs-on: ubuntu-latest
1822
steps:
1923
- name: Checkout repository
@@ -25,10 +29,11 @@ jobs:
2529
- name: Configure AWS credentials
2630
uses: aws-actions/configure-aws-credentials@v4
2731
with:
28-
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
29-
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
30-
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
32+
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
33+
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
34+
# aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
3135
aws-region: ${{ env.AWS_REGION }}
36+
role-to-assume: arn:aws:iam::222634395437:role/sep-24-meetup-oidc-github
3237

3338
- name: Create backend.tf
3439
run: |

0 commit comments

Comments
 (0)