From ddd7a22e52a4bb5cd703716fb6da5564d0a178d0 Mon Sep 17 00:00:00 2001
From: Khai Do <zaro0508@gmail.com>
Date: Wed, 30 Jul 2025 12:11:24 -0700
Subject: [PATCH 1/2] [IT-4546] setup github OIDC for bixarena-infra

Create github OIDC access to allow CI deployments from github actions.

depends on #1448
---
 .../650-identity-providers/_tasks.yaml        | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/org-formation/650-identity-providers/_tasks.yaml b/org-formation/650-identity-providers/_tasks.yaml
index 1a2379c0..793c0eeb 100644
--- a/org-formation/650-identity-providers/_tasks.yaml
+++ b/org-formation/650-identity-providers/_tasks.yaml
@@ -954,6 +954,28 @@ GithubOidcSynapseStatusLambda:
       - !Ref SynapseProdAccount
     Region: us-east-1
 
+GithubOidcBixArenaInfra:
+  Type: update-stacks
+  DependsOn: GithubOidcSageBionetworks
+  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.7.6/templates/IAM/github-oidc-provider.j2
+  StackName: !Sub ${resourcePrefix}-${appName}-bixarena-infra
+  Parameters:
+    ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]
+    ProviderRoleName: !Sub ${resourcePrefix}-${appName}-bixarena-infra
+    MaxSessionDuration: 7200
+    ManagedPolicyArns:
+      - "arn:aws:iam::aws:policy/AdministratorAccess"
+      - "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser"
+  TemplatingContext:
+    GitHubOrg: "Sage-Bionetworks-IT"
+    Repositories:
+      - name: "bixarena-infra"
+        branches: ["stage","prod"]
+  DefaultOrganizationBinding:
+    Account:
+      - !Ref BixArenaProdAccount
+    Region: us-east-1
+
 ############################### Managed Policies ###############################
 # Managed policies used in github OIDC providers
 # Note: Managed policies can be used as work around for the AWS cloudformation

From 97e77839b04dcdf63db1f8651f6111f1ea707045 Mon Sep 17 00:00:00 2001
From: Khai Do <zaro0508@gmail.com>
Date: Thu, 31 Jul 2025 10:02:33 -0700
Subject: [PATCH 2/2] update template version

---
 org-formation/650-identity-providers/_tasks.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/org-formation/650-identity-providers/_tasks.yaml b/org-formation/650-identity-providers/_tasks.yaml
index 793c0eeb..cf482cca 100644
--- a/org-formation/650-identity-providers/_tasks.yaml
+++ b/org-formation/650-identity-providers/_tasks.yaml
@@ -957,7 +957,7 @@ GithubOidcSynapseStatusLambda:
 GithubOidcBixArenaInfra:
   Type: update-stacks
   DependsOn: GithubOidcSageBionetworks
-  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.7.6/templates/IAM/github-oidc-provider.j2
+  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.2/templates/IAM/github-oidc-provider.j2
   StackName: !Sub ${resourcePrefix}-${appName}-bixarena-infra
   Parameters:
     ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]