From eb82d84011c1a6aea12f447e2c38f4d01d179448 Mon Sep 17 00:00:00 2001
From: Sharon Li <83460627+sharonxiaohanli@users.noreply.github.com>
Date: Fri, 4 Oct 2024 15:58:46 -0400
Subject: [PATCH 1/2] Update cicd-demo.yml

---
 .github/workflows/cicd-demo.yml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/cicd-demo.yml b/.github/workflows/cicd-demo.yml
index 83052c0..95ebc7e 100644
--- a/.github/workflows/cicd-demo.yml
+++ b/.github/workflows/cicd-demo.yml
@@ -8,8 +8,10 @@ env:
   AWS_REGION: us-east-1                   # set this to your preferred AWS region, e.g. us-west-1
   
 
+# Permission can be added at job level or workflow level    
 permissions:
-  contents: read
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
 
 jobs:
   deploy:
@@ -19,12 +21,17 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v4
 
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v4
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v1.7.0
       with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-to-assume: ${{ vars.ACTION_EXECUTE_IAM_ROLE_ARN }}
+        role-session-name: GitHub_to_AWS_via_FederatedOIDC
         aws-region: ${{ env.AWS_REGION }}
+        
+    # Hello from AWS: WhoAmI
+    - name: Sts GetCallerIdentity
+      run: |
+        aws sts get-caller-identity
 
     - name: Install agent-evaluation
       run: |

From a6f6c32746d69b513bc2ad8014073ce34d9d35c6 Mon Sep 17 00:00:00 2001
From: Sharon Li <83460627+sharonxiaohanli@users.noreply.github.com>
Date: Fri, 4 Oct 2024 16:04:55 -0400
Subject: [PATCH 2/2] Update cicd-demo.yml

---
 .github/workflows/cicd-demo.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cicd-demo.yml b/.github/workflows/cicd-demo.yml
index 95ebc7e..0cff299 100644
--- a/.github/workflows/cicd-demo.yml
+++ b/.github/workflows/cicd-demo.yml
@@ -22,7 +22,7 @@ jobs:
       uses: actions/checkout@v4
 
     - name: configure aws credentials
-      uses: aws-actions/configure-aws-credentials@v1.7.0
+      uses: aws-actions/configure-aws-credentials@v4.0.2
       with:
         role-to-assume: ${{ vars.ACTION_EXECUTE_IAM_ROLE_ARN }}
         role-session-name: GitHub_to_AWS_via_FederatedOIDC