Skip to content

Add AllowGetServiceQuota permissions (#430) #9

Add AllowGetServiceQuota permissions (#430)

Add AllowGetServiceQuota permissions (#430) #9

name: Update IAM Policy
on:
push:
branches:
- main
paths:
- 'permissions/policy1.json'
- 'permissions/policy2.json'
jobs:
update-iam-policy:
runs-on: ubuntu-latest
permissions:
# We need write permissions to the id-token in order to use GitHub's OIDC provider to get short-lived AWS credentials
id-token: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Replace AWS Account ID
run: |
sed -i 's/123456789012/${{ secrets.AWS_ACCOUNT_ID }}/' permissions/policy1.json
sed -i 's/123456789012/${{ secrets.AWS_ACCOUNT_ID }}/' permissions/policy2.json
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: UpdateIAMPolicy
# 15 mins is the minimum duration for a role session that we can set in this GitHub Action
role-duration-seconds: 900
- name: Update IAM Policy
run: |
./permissions/update-policy.sh ${{ secrets.POLICY_ARN_1 }} permissions/policy1.json
./permissions/update-policy.sh ${{ secrets.POLICY_ARN_2 }} permissions/policy2.json