change to oidc role

.github/workflows/deploy-staging.yml

@@ -11,6 +11,7 @@ env:
   DEPLOY_BUCKET_STAGING: nasa-apt-v5-staging
   DEPLOY_BUCKET_STAGING_REGION: us-east-1
   STAGING_CLOUDFRONT_DISTRIBUTION_ID: E2XF0H60GJHF3E
+  OIDC_ROLE: arn:aws:iam::552819999234:role/nasa-apt-frontend-ci
 
 jobs:
   build-and-deploy:
@@ -44,11 +45,10 @@ jobs:
       - name: Build staging
         run: PUBLIC_URL="${{ env.DOMAIN_STAGING }}" yarn stage
 
-      - name: Configure AWS credentials
+      - name: Configure AWS credentials using OIDC
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ env.OIDC_ROLE }}
           aws-region: ${{ env.DEPLOY_BUCKET_STAGING_REGION }}
 
       - name: Deploy to S3
@@ -61,4 +61,4 @@ jobs:
         run: |
           aws cloudfront create-invalidation \
             --distribution-id ${{ env.STAGING_CLOUDFRONT_DISTRIBUTION_ID }} \
-            --paths "/*"
+            --paths "/*"