Research and Implement OIDC Setup for GH-Actions / AWS

[galenatjpl]

1) MCP wants to link each GH account to a NASA account, and that needs to be worked out.

2) Need to link,

3) then submit documentation to MCP.

[jonathansmolenski]

The latest news is that we're in the implementation stage. There's a MOA for us to sign that is with Mike Gangl right now, and our ticket in MCD's Jira is GSD-1263

The latest update from Gabe is this:

Since I’ve not seen the signed MOA, we made some updates due to how AWS supports Github OIDC claims. The biggest difference is that ensuring only Github Users that have NASA Identities can trigger deployments falls to a Tenant responsibility. I will need an explanation of how that will be done. Here is the updated non CUI MOA for review and signing.

[galenatjpl]

Looks like we are in the final stages of getting this access. See: https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-1263

[galenatjpl]

Need to tell terraform to use pre-existing resource IDS. For example, we can't create an internet gateway. Need to pipe in these variables, perhaps from GH secrets.

[galenatjpl]

GH Actions "CI Deploying OIDC" job is now leveraging OIDC. Some roles need to be fleshed out, but that's a separate issue.