diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 06904ff..cb32c79 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,10 @@ concurrency:
   group: ${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   build:
     name: Build PDF
@@ -55,9 +59,9 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: eu-west-1
+          role-to-assume: arn:aws:iam::570943329925:role/github-gb-ctr
+          role-session-name: Github-Actions
       - name: Download built PDF
         uses: actions/download-artifact@v4
         with: