Move Github CI builds to use Github OIDC for AWS permissions

Question

Move Github CI builds to use Github OIDC for AWS permissions

Opened this issue a year ago · 0 comments

Background

At the moment, we create IAM user for every Github repository that has a build which needs access to AWS, with the exception of iac (Iac was changed to OIDC by Agi to accommodate Biomage's customer requests). This practice is long outdated and the recommended way is to use Github OIDC, which remove the need to maintain IAM users and long-lived AWS credentials.

Goals

Move Cellenics repositories to use Github OIDC
Clean up the commands in rotate-ci that create the IAM users and the long-lived AWS credentials
Clean up the existing IAM users in AWS