Add OIDC for aws-cdk-ecs-infra-template repo (#1491)

In an effort to keep the github aws-cdk-ecs-infra-template template
in a working state we are going to setup AWS CDK CI deployments to
AWS from that template project.

Author: zaro0508

org-formation/650-identity-providers/_tasks.yaml

@@ -967,6 +967,28 @@ GithubOidcBixArenaInfra:
       - !Ref BixArenaProdAccount
     Region: us-east-1
 
+GithubOidcItSandboxDeploy:   # allow repos to make test deployments into ITSandbox account
+  Type: update-stacks
+  DependsOn: GithubOidcSageBionetworks
+  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.4/templates/IAM/github-oidc-provider.j2
+  StackName: !Sub ${resourcePrefix}-${appName}-sage-it-deploy
+  Parameters:
+    ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]
+    ProviderRoleName: !Sub ${resourcePrefix}-${appName}-sage-it-deploy
+    ManagedPolicyArns:
+      - "arn:aws:iam::aws:policy/AdministratorAccess"
+    MaxSessionDuration: 43200
+  TemplatingContext:
+    Repositories:
+      - owner: "Sage-Bionetworks-IT"
+        name: "aws-cdk-ecs-infra-template"
+        branches: ["dev"]
+  DefaultOrganizationBinding:
+    Account:
+      - !Ref ITSandboxAccount
+    Region: us-east-1
+
+
 ############################### Managed Policies ###############################
 # Managed policies used in github OIDC providers
 # Note: Managed policies can be used as work around for the AWS cloudformation