Attempt at making use of OIDC for AWS deployment

danniehansen · Apr 16, 2024 · ba9288d · ba9288d
1 parent 6c133d3
commit ba9288d
Show file tree

Hide file tree

Showing 4 changed files with 308 additions and 247 deletions.
diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml
@@ -4,13 +4,22 @@ on:
     branches: ['develop']
     types:
       - completed
+permissions:
+  id-token: write
+  contents: read
 name: Release - develop
 jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     environment: Develop
     steps:
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::265358888522:role/github-deployment
+          role-session-name: github-main-deployment
+          aws-region: eu-west-1
       - uses: actions/checkout@v4
         with:
           ref: 'develop'

diff --git a/.github/workflows/deploy_prod.yml b/.github/workflows/deploy_prod.yml
@@ -4,13 +4,22 @@ on:
     branches: ['master']
     types:
       - completed
+permissions:
+  id-token: write
+  contents: read
 name: Release - production
 jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     environment: Production
     steps:
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::265358888522:role/github-deployment
+          role-session-name: github-main-deployment
+          aws-region: eu-west-1
       - uses: actions/checkout@v4
         with:
           ref: 'master'

diff --git a/infrastructure/package-lock.json b/infrastructure/package-lock.json