properly accessing secrets

Author: misterzero

.github/workflows/deploy.yml

@@ -11,6 +11,10 @@ on:
     secrets:
       aws-assume-role:
         required: true
+      aws-access-key-id:
+        required: true
+      aws-secret-access-key:
+        required: true
 
 env:
   aws-session-name: shc-reader-github-deploy
@@ -31,8 +35,8 @@ jobs:
     - name: 'Configure AWS Role'
       uses: aws-actions/configure-aws-credentials@v1
       with:
-        aws-access-key-id: ${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }}
+        aws-access-key-id: ${{ secrets.aws-access-key-id }}
+        aws-secret-access-key: ${{ secrets.aws-secret-access-key }}
         aws-region: ${{ inputs.aws-region }}
         role-to-assume: ${{ secrets.aws-assume-role }}
         role-duration-seconds: 1200

.github/workflows/setup.yml

@@ -14,12 +14,16 @@ jobs:
       s3-bucket-name: ips-viewer-app
     secrets:
       aws-assume-role: "${{ secrets.GH_AWS_SERVICE_ROLE_DEV }}"
+      aws-access-key-id: "${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }}"
+      aws-secret-access-key: "${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }}"
   deploy-prod:
     if: contains(github.ref, 'prod')
-    name: 'Call dev deployment workflow'
+    name: 'Call prod deployment workflow'
     uses: ./.github/workflows/deploy.yml
     with:
       aws-region: us-east-1
-      s3-bucket-name: ips-viewer-app
+      s3-bucket-name: ips-viewer-app-prod
     secrets:
-      aws-assume-role: ${{ secrets.GH_AWS_SERVICE_ROLE_PROD }}
+      aws-assume-role: "${{ secrets.GH_AWS_SERVICE_ROLE_PROD }}"
+      aws-access-key-id: "${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }}"
+      aws-secret-access-key: "${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }}"