From eb0306e333330e0e80a63b63b0faa190637f426a Mon Sep 17 00:00:00 2001
From: Prashant Srivastava <srprash@amazon.com>
Date: Wed, 18 Dec 2024 10:11:46 -0800
Subject: [PATCH] switch from iam user to role

---
 .github/workflows/IntegrationTesting.yml    | 10 ++++------
 .github/workflows/continuous-monitoring.yml |  5 ++---
 .github/workflows/ecr-publish.yml           |  5 ++---
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/IntegrationTesting.yml b/.github/workflows/IntegrationTesting.yml
index 308e71d8..b62523f2 100644
--- a/.github/workflows/IntegrationTesting.yml
+++ b/.github/workflows/IntegrationTesting.yml
@@ -51,10 +51,9 @@ jobs:
         run: cp deploy.zip ./terraform
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.INTEG_TEST_AWS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.INTEG_TEST_AWS_KEY_SECRET }}
+          role-to-assume: ${{ secrets.AWS_INTEG_TEST_ROLE_ARN }}
           aws-region: us-west-2
 
       - name: Setup Terraform
@@ -98,10 +97,9 @@ jobs:
           java-version: 14
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.INTEG_TEST_AWS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.INTEG_TEST_AWS_KEY_SECRET }}
+          role-to-assume: ${{ secrets.AWS_INTEG_TEST_ROLE_ARN }}
           aws-region: us-west-2
 
       - name: Checkout test framework
diff --git a/.github/workflows/continuous-monitoring.yml b/.github/workflows/continuous-monitoring.yml
index ed774cb3..4a9c4a88 100644
--- a/.github/workflows/continuous-monitoring.yml
+++ b/.github/workflows/continuous-monitoring.yml
@@ -13,10 +13,9 @@ jobs:
         uses: actions/checkout@v2
       
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.INTEG_TEST_AWS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.INTEG_TEST_AWS_KEY_SECRET }}
+          role-to-assume: ${{ secrets.AWS_INTEG_TEST_ROLE_ARN }}
           aws-region: us-east-1
       
       - uses: actions/setup-go@v2
diff --git a/.github/workflows/ecr-publish.yml b/.github/workflows/ecr-publish.yml
index ce4810d4..e7d884d4 100644
--- a/.github/workflows/ecr-publish.yml
+++ b/.github/workflows/ecr-publish.yml
@@ -25,10 +25,9 @@ jobs:
           key: ${{ runner.os }}-buildx-${{ github.sha }}
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.INTEG_TEST_AWS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.INTEG_TEST_AWS_KEY_SECRET }}
+          role-to-assume: ${{ secrets.AWS_INTEG_TEST_ROLE_ARN }}
           aws-region: us-east-1
 
       - name: Login to Public ECR