Use keyless authentication in release (#4109)

elastic · Jun 27, 2024 · 4c57383 · 4c57383
1 parent 62e3022
commit 4c57383
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,9 +18,6 @@ jobs:
     runs-on: ubuntu-latest
     env:
       DOCKER_IMAGE_NAME: docker.elastic.co/observability/apm-agent-nodejs
-      # TODO: use keyless
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -118,6 +115,10 @@ jobs:
           subject-digest: ${{ steps.docker-push-wolfi.outputs.digest }}
           push-to-registry: true
 
+      - uses: elastic/oblt-actions/aws/auth@v1.10.0
+        with:
+          aws-account-id: "267093732750"
+
       - name: Publish AWS lambda (only for tag release)
         if: startsWith(github.ref, 'refs/tags')
         run: make -C .ci publish-in-all-aws-regions create-arn-file