Skip to content

Commit 78cce7b

Browse files
mxiamxiamxiamxia
authored
Update Application observability Action to use IAM assuming role (#249)
*Description of changes:* Update Application observability Action to use IAM assuming role By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
1 parent 727e4e3 commit 78cce7b

File tree

1 file changed

+7
-9
lines changed

1 file changed

+7
-9
lines changed

.github/workflows/awsapm.yml

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3,36 +3,34 @@ name: Application observability for AWS
33
on:
44
issue_comment:
55
types: [created, edited]
6-
pull_request_review_comment:
7-
types: [created]
86
issues:
97
types: [opened, assigned, edited]
10-
pull_request_review:
11-
types: [submitted]
128

139
jobs:
1410
awsapm-investigation:
1511
if: |
1612
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@awsapm')) ||
17-
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@awsapm')) ||
18-
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@awsapm')) ||
1913
(github.event_name == 'issues' && (contains(github.event.issue.body, '@awsapm') || contains(github.event.issue.title, '@awsapm')))
2014
runs-on: ubuntu-latest
2115
permissions:
2216
contents: write
2317
pull-requests: write
2418
issues: write
19+
id-token: write
2520
steps:
2621
- name: Checkout repository
2722
uses: actions/checkout@v4
2823
with:
2924
fetch-depth: 1
3025

26+
- name: Configure AWS credentials
27+
uses: aws-actions/configure-aws-credentials@v4
28+
with:
29+
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} # this should be the ARN of the IAM role created for Github Actions
30+
aws-region: ${{ vars.AWS_REGION || 'us-east-1' }}
31+
3132
- name: Run Application observability for AWS Investigation
3233
id: awsapm
3334
uses: mxiamxia/aws-apm-action@main
3435
with:
35-
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
36-
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
37-
aws_region: ${{ vars.AWS_REGION || 'us-east-1' }}
3836
bot_name: "@awsapm"

0 commit comments

Comments
 (0)