chore: flip 2 GHAs to use short lived creds. (#4839)

aws · Oct 16, 2024 · c9b0634 · c9b0634
1 parent 66e90d7
commit c9b0634
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 11 deletions.
diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml
@@ -34,10 +34,10 @@ jobs:
         run: cargo criterion --message-format json > criterion_output.log
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4.0.1
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
+          role-session-name: s2ntlsghabenchsession
           aws-region: us-west-2
 
       - name: Emit CloudWatch metrics

diff --git a/.github/workflows/usage_guide.yml b/.github/workflows/usage_guide.yml
@@ -39,22 +39,22 @@ jobs:
         run: |
           cd docs/usage-guide
           mdbook build
-      
+
       - name: Deploy documentation to gh-pages
         uses: JamesIves/[email protected]
         if: github.event_name == 'push'
         with:
           target-folder: usage-guide
           folder: docs/usage-guide/book
-  
+
       - name: Configure AWS credentials
         uses: aws-actions/[email protected]
         if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-west-1
-      
+          role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
+          role-session-name: s2ntlsghauseageguidesession
+          aws-region: us-west-2
+
       - name: Upload to S3
         if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
         id: s3
@@ -63,8 +63,8 @@ jobs:
           aws s3 sync docs/usage-guide/book "s3://s2n-tls-ci-artifacts/$TARGET" --acl private --follow-symlinks
           URL="$CDN/$TARGET/index.html"
           echo "URL=$URL" >> $GITHUB_OUTPUT
-      
-      - name: Output mdbook url 
+
+      - name: Output mdbook url
         uses: ouzi-dev/[email protected]
         if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
         with: