At the moment, we create IAM user for every Github repository that has a build which needs access to AWS, with the exception of iac (Iac was changed to OIDC by Agi to accommodate Biomage's customer requests). This practice is long outdated and the recommended way is to use Github OIDC, which remove the need to maintain IAM users and long-lived AWS credentials.
Goals
Move Cellenics repositories to use Github OIDC
Clean up the commands in rotate-ci that create the IAM users and the long-lived AWS credentials
Background
At the moment, we create IAM user for every Github repository that has a build which needs access to AWS, with the exception of iac (Iac was changed to OIDC by Agi to accommodate Biomage's customer requests). This practice is long outdated and the recommended way is to use Github OIDC, which remove the need to maintain IAM users and long-lived AWS credentials.
Goals