From 4c57383a25c2188629d2bbe26ea8b79eaec73bff Mon Sep 17 00:00:00 2001
From: Jan Calanog <jan.calanog@elastic.co>
Date: Thu, 27 Jun 2024 10:24:20 +0200
Subject: [PATCH] Use keyless authentication in release (#4109)

---
 .github/workflows/release.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 50dc5974c2..2e6ddc020c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,9 +18,6 @@ jobs:
     runs-on: ubuntu-latest
     env:
       DOCKER_IMAGE_NAME: docker.elastic.co/observability/apm-agent-nodejs
-      # TODO: use keyless
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -118,6 +115,10 @@ jobs:
           subject-digest: ${{ steps.docker-push-wolfi.outputs.digest }}
           push-to-registry: true
 
+      - uses: elastic/oblt-actions/aws/auth@v1.10.0
+        with:
+          aws-account-id: "267093732750"
+
       - name: Publish AWS lambda (only for tag release)
         if: startsWith(github.ref, 'refs/tags')
         run: make -C .ci publish-in-all-aws-regions create-arn-file