How to pass AWS role instead of Access Keys

[h2oearth]

I am trying to use AWS roles with your action by using aws_session_token. This seems to be the best way to go, according to your documentation. I am confused as to why aws_access_key and aws_secret_key are mandatory if aws_session_token is provided.

Could you please clarify?

aws_session_token: If you are running the action with temporary security credentials using the AWS Security Token Service API. For example, you may be assuming a role in AWS to execute the deploy through something like AWS's [configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) action.

[vitalykarasik]

Here is my example - I'm using OIDC:

- name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        id: aws_creds
        with:
          role-to-assume: arn:aws:iam::1234567:role/github-actions-oidc-role
          role-session-name: gharolesession
          aws-region: eu-west-2
          output-credentials: true
.......
- name: Deploy to EB
        uses: einaregilsson/beanstalk-deploy@v22
        with:
          aws_access_key: ${{ steps.aws_creds.outputs.aws-access-key-id }}
          aws_secret_key: ${{ steps.aws_creds.outputs.aws-secret-access-key }}
          aws_session_token : ${{ steps.aws_creds.outputs.aws-session-token }}
........          

[fjcero]

That is the solution @vitalykarasik thanks