From 16c7d39c8d1a170913e25a5791d9b1dcc2dd89be Mon Sep 17 00:00:00 2001
From: Sean Stoves <sean.stoves@wizards.com>
Date: Wed, 13 Nov 2024 15:29:21 -0500
Subject: [PATCH] Update deploy-stg.yml

---
 .github/workflows/deploy-stg.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy-stg.yml b/.github/workflows/deploy-stg.yml
index cc74e46..ff5378a 100644
--- a/.github/workflows/deploy-stg.yml
+++ b/.github/workflows/deploy-stg.yml
@@ -6,6 +6,10 @@ on:
       - master
   workflow_dispatch:
 
+permissions:
+  contents: read
+  id-token: write
+  
 jobs:
   deploy:
     name: Deploy
@@ -23,8 +27,8 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.STG_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.STG_AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AVRAE_GITHUB_OIDC_ROLE_ARN }}
+          role-session-name: "avrae-service-deploy-stg"
           aws-region: ${{ env.REGION }}
 
       - name: Login to Amazon ECR