Switch AWS deploy to use OIDC

.github/workflows/release-candidate.yml

@@ -36,8 +36,7 @@ jobs:
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v1-node16
       with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-to-assume: ${{ secrets.AWS_ROLE_STAGING }}
         aws-region: ${{ secrets.AWS_ACCESS_REGION }}
 
     - name: Deploy RC to release-candidate bucket

.github/workflows/release.yml

@@ -35,8 +35,7 @@ jobs:
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v1-node16
       with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-to-assume: ${{ secrets.AWS_ROLE_PROD }}
         aws-region: ${{ secrets.AWS_ACCESS_REGION }}
 
     - name: Deploy master to release bucket

.github/workflows/rolling.yml

@@ -46,8 +46,7 @@ jobs:
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v1-node16
       with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-to-assume: ${{ secrets.AWS_ROLE_PROD }}
         aws-region: ${{ secrets.AWS_ACCESS_REGION }}
 
     - name: Deploy master to rolling bucket