[IT-4658] Setup github OIDC access to bixarena dev account

zaro0508 · zaro0508 · commit 21eee58c4867 · 2025-10-15T18:09:18.000-07:00
Create github OIDC access to allow CI deployments from github actions to org-sagebase-bixarena-dev account. depends on #1483
diff --git a/org-formation/650-identity-providers/_tasks.yaml b/org-formation/650-identity-providers/_tasks.yaml
@@ -917,6 +917,28 @@ GithubOidcSynapseStatusLambda:
       - !Ref SynapseProdAccount
     Region: us-east-1
 
+GithubOidcBixArenaDevInfra:
+  Type: update-stacks
+  DependsOn: GithubOidcSageBionetworks
+  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.4/templates/IAM/github-oidc-provider.j2
+  StackName: !Sub ${resourcePrefix}-${appName}-bixarena-dev-infra
+  Parameters:
+    ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]
+    ProviderRoleName: !Sub ${resourcePrefix}-${appName}-bixarena-dev-infra
+    ManagedPolicyArns:
+      - "arn:aws:iam::aws:policy/AdministratorAccess"
+      - "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser"
+    MaxSessionDuration: 7200
+  TemplatingContext:
+    Repositories:
+      - owner: "Sage-Bionetworks"
+        name: "sage-monorepo"
+        branches: ["main"]
+  DefaultOrganizationBinding:
+    Account:
+      - !Ref BixArenaDevAccount
+    Region: us-east-1
+
 GithubOidcBixArenaInfra:
   Type: update-stacks
   DependsOn: GithubOidcSageBionetworks
