From 6f279560b337b638ef2fc0b12c16c52bc880ea1d Mon Sep 17 00:00:00 2001
From: Carlos Eduardo <carlos.bastos@vtex.com>
Date: Mon, 25 Mar 2024 16:44:27 -0300
Subject: [PATCH] fix: update publish stable AWS pipeline

---
 .github/workflows/publish-stable-aws.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish-stable-aws.yml b/.github/workflows/publish-stable-aws.yml
index 0e77015b6..652788b0a 100644
--- a/.github/workflows/publish-stable-aws.yml
+++ b/.github/workflows/publish-stable-aws.yml
@@ -7,6 +7,9 @@ on:
 jobs:
   aws-publish:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-node@v1
@@ -15,6 +18,12 @@ jobs:
           registry-url: https://registry.npmjs.org/
       - name: 'Install makensis (apt)'
         run: sudo apt update && sudo apt install -y nsis nsis-pluginapi
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{secrets.AWS_ROLE_NAME }}
+          role-session-name: github-actions-from-toolbelt
+          aws-region: us-east-1
       - name: Deploy on AWS
         run: |
           yarn install --ignore-scripts
@@ -22,8 +31,6 @@ jobs:
           yarn release:win
         env:
             IS_CI: "true"
-            AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
-            AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}}
   publish-success:
     runs-on: ubuntu-latest
     needs: [aws-publish]