CI (Github Actions): Move from AWS Access Keys to OIDC and Assume Roles

[dev-slatto]

Please select the type of request

Enhancement

Tell us more

Describe the request

• As of now the different pipelines communicating with AWS is using traditional access keys. To follow AWS best practices when it comes to application access and service accounts, the repository should move to Assume Role using a OIDC between Github and AWS.

Expected behavior

• When this is implemented there should be no need for Access Keys and the maintainers shouldn't need to spend time on rotating these to keep environment compliant with security standards.

Splunk setup on K8S

• Not affected

Reproduction/Testing steps

• An OIDC provider needs to be added in AWS IAM. Please see these docs for more information.
• There should be dedicated IAM roles for this repository so there can be added conditions in the trust relationship for the AWS role with this repository.
• The permission schema for the workflows needs to be updated according to the docs.

K8s environment

• Not affected

Proposed changes(optional)

• Described in testing steps

K8s collector data(optional)

• Not affected

Additional context(optional)

• I've implemented this in several repos and it brings a deeper level of security to the project and cloud environments. I'm more than happy to talk about it here or on Slack if more context is wanted.

[dev-slatto]

Note that #1142 should be merged first so that we have v2 of the aws-actions/configure-aws-credentials

[vivekr-splunk]

@dev-slatto we will look this issue and get back to you