Merge pull request #91 from scribd/helen/SERF-3090/oidc

[SERF-3090] Use role base access in AWS deployment

Author: helenff

.github/workflows/release.yml

@@ -7,6 +7,11 @@ env:
   DOCKER_BUILDKIT: 1
   DOCKER_CACHE_PATH: ${{ github.workspace }}/tmp/docker-cache
 
+permissions:
+  id-token: write
+  contents: read
+  actions: read
+
 jobs:
   release:
     name: Release
@@ -27,10 +32,9 @@ jobs:
         uses: rlespinasse/[email protected]
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v3
         with:
-          aws-access-key-id: ${{ secrets.DEPLOYER_PRODUCTION_ACCESS_KEY }}
-          aws-secret-access-key: ${{ secrets.DEPLOYER_PRODUCTION_SECRET_KEY }}
+          role-to-assume: ${{ secrets.DEPLOYER_PRODUCTION_ROLE_ARN }}
           aws-region: ${{ env.AWS_REGION }}
 
       - name: Login to Amazon ECR