policy1 eks improvements (#432) #10

	name: Update IAM Policy

	on:
	push:
	branches:
	- main
	paths:
	- 'permissions/policy1.json'
	- 'permissions/policy2.json'

	jobs:
	update-iam-policy:
	runs-on: ubuntu-latest
	permissions:
	# We need write permissions to the id-token in order to use GitHub's OIDC provider to get short-lived AWS credentials
	id-token: write
	contents: read
	steps:
	- name: Checkout repository
	uses: actions/checkout@v2

	- name: Replace AWS Account ID
	run: \|
	sed -i 's/123456789012/${{ secrets.AWS_ACCOUNT_ID }}/' permissions/policy1.json
	sed -i 's/123456789012/${{ secrets.AWS_ACCOUNT_ID }}/' permissions/policy2.json

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: us-east-1
	role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
	role-session-name: UpdateIAMPolicy
	# 15 mins is the minimum duration for a role session that we can set in this GitHub Action
	role-duration-seconds: 900

	- name: Update IAM Policy
	run: \|
	./permissions/update-policy.sh ${{ secrets.POLICY_ARN_1 }} permissions/policy1.json
	./permissions/update-policy.sh ${{ secrets.POLICY_ARN_2 }} permissions/policy2.json

Provide feedback