From 570111722c8ce70c9cfef52f1391a5829c68ec17 Mon Sep 17 00:00:00 2001
From: Khai Do <zaro0508@gmail.com>
Date: Thu, 16 Jan 2025 09:07:03 -0800
Subject: [PATCH 1/2] [IT-4228] Setup github OIDC access for codeocean-infra

We have setup a SageBionetworks-IT/codeocean-infra[1] repo to deploy the
code ocean application to AWS.  This will allow the repo access to deploy
resources to the AWS org-sagebase-codeocean-prod account.

[1] https://github.com/Sage-Bionetworks-IT/codeocean-infra
---
 .../650-identity-providers/_tasks.yaml        | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/org-formation/650-identity-providers/_tasks.yaml b/org-formation/650-identity-providers/_tasks.yaml
index 4e723405..71e0a0e3 100644
--- a/org-formation/650-identity-providers/_tasks.yaml
+++ b/org-formation/650-identity-providers/_tasks.yaml
@@ -1041,3 +1041,24 @@ SynapseMonorepoCloudfrontAccessPolicy:
         ]
       }
     PolicyName: SynapseMonorepoCloudfrontAccessPolicy
+
+GithubOidcSageBionetworksItCodeOceanInfra:
+  Type: update-stacks
+  DependsOn: GithubOidcSageBionetworks
+  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.7.6/templates/IAM/github-oidc-provider.j2
+  StackName: !Sub ${resourcePrefix}-${appName}-sage-bionetworks-it-codeocean-infra
+  Parameters:
+    ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]
+    ProviderRoleName: !Sub ${resourcePrefix}-${appName}-sage-bionetworks-it-codeocean-infra
+    ManagedPolicyArns:
+      - "arn:aws:iam::aws:policy/AdministratorAccess"
+      - "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser"
+  TemplatingContext:
+    GitHubOrg: "Sage-Bionetworks-IT"
+    Repositories:
+      - name: "codeocean-infra"
+        branches: ["main"]
+  DefaultOrganizationBinding:
+    Account:
+      - !Ref CodeOceanInfraAccount
+    Region: us-east-1

From 90e69e9bc46e2f418e0153e46903739eff8d8fd5 Mon Sep 17 00:00:00 2001
From: Khai Do <zaro0508@gmail.com>
Date: Thu, 16 Jan 2025 09:13:01 -0800
Subject: [PATCH 2/2] fix

---
 org-formation/650-identity-providers/_tasks.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/org-formation/650-identity-providers/_tasks.yaml b/org-formation/650-identity-providers/_tasks.yaml
index 71e0a0e3..5cea5f01 100644
--- a/org-formation/650-identity-providers/_tasks.yaml
+++ b/org-formation/650-identity-providers/_tasks.yaml
@@ -1060,5 +1060,5 @@ GithubOidcSageBionetworksItCodeOceanInfra:
         branches: ["main"]
   DefaultOrganizationBinding:
     Account:
-      - !Ref CodeOceanInfraAccount
+      - !Ref CodeOceanProdAccount
     Region: us-east-1