From df8b27cab93c52d9a5551ce38edb710a30e4f36f Mon Sep 17 00:00:00 2001
From: Garrett Beatty <gcbeatty@amazon.com>
Date: Thu, 3 Apr 2025 12:35:55 -0400
Subject: [PATCH 1/3] Configure fresh creds for sweeper

---
 .github/workflows/aws-ci.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/aws-ci.yml b/.github/workflows/aws-ci.yml
index 42b39bda2..726750f97 100644
--- a/.github/workflows/aws-ci.yml
+++ b/.github/workflows/aws-ci.yml
@@ -39,6 +39,12 @@ jobs:
         uses: aws-actions/aws-codebuild-run-build@v1
         with:
           project-name: ${{ secrets.CI_TESTING_CODE_BUILD_PROJECT_NAME }}
+      - name: Configure Sweeper Credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 #v4
+        with:
+          role-to-assume: ${{ secrets.CI_MAIN_TESTING_ACCOUNT_ROLE_ARN }}
+          role-duration-seconds: 7200
+          aws-region: us-west-2
       - name: Invoke Test Sweeper Lambda
         if: always()
         shell: pwsh
@@ -49,4 +55,3 @@ jobs:
         run: |
           $buildId = "${{ steps.codebuild.outputs.aws-build-id }}"
           echo $buildId
-

From eedb4badbcc4535a1223b13a1e11c2accc788d11 Mon Sep 17 00:00:00 2001
From: Garrett Beatty <gcbeatty@amazon.com>
Date: Thu, 3 Apr 2025 14:52:14 -0400
Subject: [PATCH 2/3] always get new creds

---
 .github/workflows/aws-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/aws-ci.yml b/.github/workflows/aws-ci.yml
index 726750f97..9564e9688 100644
--- a/.github/workflows/aws-ci.yml
+++ b/.github/workflows/aws-ci.yml
@@ -40,6 +40,7 @@ jobs:
         with:
           project-name: ${{ secrets.CI_TESTING_CODE_BUILD_PROJECT_NAME }}
       - name: Configure Sweeper Credentials
+        if: always()
         uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 #v4
         with:
           role-to-assume: ${{ secrets.CI_MAIN_TESTING_ACCOUNT_ROLE_ARN }}

From 05f430fe109613fdfd5e71ec69e40f4b48192565 Mon Sep 17 00:00:00 2001
From: Garrett Beatty <gcbeatty@amazon.com>
Date: Thu, 3 Apr 2025 15:55:04 -0400
Subject: [PATCH 3/3] always get new creds

---
 .github/workflows/aws-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/aws-ci.yml b/.github/workflows/aws-ci.yml
index 9564e9688..b960c3fa2 100644
--- a/.github/workflows/aws-ci.yml
+++ b/.github/workflows/aws-ci.yml
@@ -39,11 +39,11 @@ jobs:
         uses: aws-actions/aws-codebuild-run-build@v1
         with:
           project-name: ${{ secrets.CI_TESTING_CODE_BUILD_PROJECT_NAME }}
-      - name: Configure Sweeper Credentials
+      - name: Configure Test Sweeper Lambda Credentials
         if: always()
         uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 #v4
         with:
-          role-to-assume: ${{ secrets.CI_MAIN_TESTING_ACCOUNT_ROLE_ARN }}
+          role-to-assume: ${{ steps.lambda.outputs.roleArn }}
           role-duration-seconds: 7200
           aws-region: us-west-2
       - name: Invoke Test Sweeper Lambda