Skip to content

Migrating AWS Credential CI step to OIDC Role#116

Open
kellygavin96 wants to merge 2 commits intomasterfrom
test/oidc-auth
Open

Migrating AWS Credential CI step to OIDC Role#116
kellygavin96 wants to merge 2 commits intomasterfrom
test/oidc-auth

Conversation

@kellygavin96
Copy link
Copy Markdown

@kellygavin96 kellygavin96 commented Apr 10, 2026

Summary
Replaces static AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY GitHub secrets
with OIDC role assumption across all workflows. This is more secure
as it eliminates long-lived AWS credentials stored as GitHub secrets.

Changes
main-CI.yml — switched to OIDC auth
main-deploy.yml — switched to OIDC auth
All: bumped configure-aws-credentials v1 → v4 (required for OIDC)
All: added permissions: id-token: write block (required for GitHub to issue OIDC token)

Testing
✅ CI passed on this branch
✅ AWS credentials step passes with OIDC role assumption confirmed

The following repo secrets have been added:
AWS_OIDC_ROLE_ARN

@kellygavin96 kellygavin96 marked this pull request as ready for review April 10, 2026 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@willronchetti willronchetti Awaiting requested review from willronchetti

@alexander-veit alexander-veit Awaiting requested review from alexander-veit

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kellygavin96