From e4904563b29ba7bafc34bab3f157bbea3d9cc40d Mon Sep 17 00:00:00 2001 From: John Watson Date: Mon, 11 Nov 2024 18:12:03 +0000 Subject: [PATCH] chore: implementing web-identity via github into aws --- .github/workflows/deploy-module-index.yml | 8 ++++---- .github/workflows/down-service.yml | 8 ++++---- .github/workflows/instance-refresh.yml | 8 ++++---- .github/workflows/invoke-and-check-invalidations.yml | 8 ++++---- .github/workflows/migrate-sdf.yml | 8 ++++---- .github/workflows/set-maintenance-mode.yml | 8 ++++---- .github/workflows/set-service-version.yml | 8 ++++---- .github/workflows/up-service.yml | 8 ++++---- .github/workflows/upgrade-service.yml | 8 ++++---- .github/workflows/upgrade-web.yml | 8 ++++---- 10 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/deploy-module-index.yml b/.github/workflows/deploy-module-index.yml index cbf06757a0..2345276e7a 100644 --- a/.github/workflows/deploy-module-index.yml +++ b/.github/workflows/deploy-module-index.yml @@ -12,11 +12,11 @@ jobs: environment: shared runs-on: ubuntu-latest steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: us-east-1 - name: Trigger ECS Deploy run: | diff --git a/.github/workflows/down-service.yml b/.github/workflows/down-service.yml index da76d518c9..a62ebff711 100644 --- a/.github/workflows/down-service.yml +++ b/.github/workflows/down-service.yml @@ -20,11 +20,11 @@ jobs: name: ${{ inputs.service }} Down runs-on: ubuntu-latest steps: - - name: Configure AWS credentials for ${{ inputs.environment }} - uses: aws-actions/configure-aws-credentials@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: us-east-1 - name: Checkout code diff --git a/.github/workflows/instance-refresh.yml b/.github/workflows/instance-refresh.yml index 100ee07f2d..af1f92cfe0 100644 --- a/.github/workflows/instance-refresh.yml +++ b/.github/workflows/instance-refresh.yml @@ -23,11 +23,11 @@ jobs: name: Instance refresh runs-on: ubuntu-latest steps: - - name: Configure AWS credentials for ${{ inputs.environment }} - uses: aws-actions/configure-aws-credentials@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: us-east-1 - name: Instance refresh run: | diff --git a/.github/workflows/invoke-and-check-invalidations.yml b/.github/workflows/invoke-and-check-invalidations.yml index 13d3a3a17d..d09f31c5b6 100644 --- a/.github/workflows/invoke-and-check-invalidations.yml +++ b/.github/workflows/invoke-and-check-invalidations.yml @@ -16,11 +16,11 @@ jobs: environment: ${{ inputs.environment }} runs-on: ubuntu-latest steps: - - name: Configure AWS credentials for ${{ inputs.environment }} - uses: aws-actions/configure-aws-credentials@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: us-east-1 - name: Invalidate web cache diff --git a/.github/workflows/migrate-sdf.yml b/.github/workflows/migrate-sdf.yml index b033a992b7..42c9f17aff 100644 --- a/.github/workflows/migrate-sdf.yml +++ b/.github/workflows/migrate-sdf.yml @@ -14,11 +14,11 @@ jobs: name: Migrate SDF runs-on: ubuntu-latest steps: - - name: Configure AWS credentials for ${{ inputs.environment }} - uses: aws-actions/configure-aws-credentials@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: us-east-1 - name: Checkout code diff --git a/.github/workflows/set-maintenance-mode.yml b/.github/workflows/set-maintenance-mode.yml index 0b0332946f..ec96a3f9c8 100644 --- a/.github/workflows/set-maintenance-mode.yml +++ b/.github/workflows/set-maintenance-mode.yml @@ -14,11 +14,11 @@ jobs: name: Set maintenance mode runs-on: ubuntu-latest steps: - - name: Configure AWS credentials for ${{ inputs.environment }} - uses: aws-actions/configure-aws-credentials@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: us-east-1 - name: Checkout code diff --git a/.github/workflows/set-service-version.yml b/.github/workflows/set-service-version.yml index c8410165f0..6de16d2849 100644 --- a/.github/workflows/set-service-version.yml +++ b/.github/workflows/set-service-version.yml @@ -24,11 +24,11 @@ jobs: environment: ${{ inputs.environment }} runs-on: ubuntu-latest steps: - - name: Configure AWS credentials for ${{ inputs.environment }} - uses: aws-actions/configure-aws-credentials@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: us-east-1 - name: Set service version diff --git a/.github/workflows/up-service.yml b/.github/workflows/up-service.yml index 48f0daeaff..aa3aec495e 100644 --- a/.github/workflows/up-service.yml +++ b/.github/workflows/up-service.yml @@ -20,11 +20,11 @@ jobs: name: ${{ inputs.service }} Up runs-on: ubuntu-latest steps: - - name: Configure AWS credentials for ${{ inputs.environment }} - uses: aws-actions/configure-aws-credentials@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: us-east-1 - name: Checkout code diff --git a/.github/workflows/upgrade-service.yml b/.github/workflows/upgrade-service.yml index a952d0d944..3c9a999171 100644 --- a/.github/workflows/upgrade-service.yml +++ b/.github/workflows/upgrade-service.yml @@ -21,11 +21,11 @@ jobs: outputs: upgrade_failed: ${{ steps.check_failure.outputs.failed }} steps: - - name: Configure AWS credentials for ${{ inputs.environment }} - uses: aws-actions/configure-aws-credentials@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: us-east-1 - name: Checkout code diff --git a/.github/workflows/upgrade-web.yml b/.github/workflows/upgrade-web.yml index 7368e6cc19..37c3306196 100644 --- a/.github/workflows/upgrade-web.yml +++ b/.github/workflows/upgrade-web.yml @@ -24,11 +24,11 @@ jobs: name: Deploy Service runs-on: ubuntu-latest steps: - - name: Configure AWS credentials for ${{ inputs.environment }} - uses: aws-actions/configure-aws-credentials@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: us-east-1 - uses: actions/checkout@v4