From fb938ff23dfa03f371816ffaafcc01315d7f5a30 Mon Sep 17 00:00:00 2001
From: Peter Baker <peter.baker122@csiro.au>
Date: Fri, 2 Aug 2024 13:57:50 +1000
Subject: [PATCH] Adding permission

Signed-off-by: Peter Baker <peter.baker122@csiro.au>
---
 .github/workflows/deploy-aws-cdk.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deploy-aws-cdk.yml b/.github/workflows/deploy-aws-cdk.yml
index 779b596e5..24e9d5e1a 100644
--- a/.github/workflows/deploy-aws-cdk.yml
+++ b/.github/workflows/deploy-aws-cdk.yml
@@ -8,6 +8,10 @@ on:
     branches:
       - bss-214-github-action-deploy
 
+permissions:
+      id-token: write
+      contents: read
+
 jobs:
   cdk-deploy:
     runs-on: ubuntu-latest
@@ -39,9 +43,6 @@ jobs:
           echo "Environment: ${{ vars.CDK_DEPLOY_ENVIRONMENT }}"
         # You can now use these outputs in subsequent steps for AWS configuration
       - uses: aws-actions/configure-aws-credentials@v2
-        env:
-          AWS_REGION: ${{ steps.faims-config-setup.outputs.aws-region }}
-          AWS_ACCOUNT: ${{ steps.faims-config-setup.outputs.aws-account }}
         with:
           role-to-assume: ${{ vars.CDK_DEPLOY_GA_ROLE_ARN }}
           aws-region: ${{ steps.faims-config-setup.outputs.aws-region }}