Use IAM role and update publish workflow

Author: ziyiz-amzn

.github/workflows/publish.yml

@@ -4,6 +4,9 @@ on:
   release:
     types: [published]
 
+permissions:
+  id-token: write   # This is required for requesting the JWT
+
 jobs:
   publish:
     runs-on: ubuntu-latest
@@ -33,15 +36,12 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
   deploy_chime_prod_demo:
     needs: publish
-    name: Prod - Chime and ChimeSDKMeetings Client - Deploy the Serverless Meeting Demos
+    name: Deploy Meeting Demos with the latest NPM release
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        name: [ ChimeProd, ChimeSDKMeetingsProdIAD, ChimeSDKMeetingsProdPDX, ChimeSDKMeetingsProdFRA, ChimeSDKMeetingsProdSIN, ChimeSDKMeetingsIAD_ChimeSDKMediaPipelinesProdIAD, Chime_ChimeSDKMediaPipelinesProdIAD ]
     env:
       AWS_DEFAULT_REGION: us-east-1
       AWS_DEFAULT_OUTPUT: text
-      NAME: ${{ matrix.name }}
+      NAME: PROD
     steps:
       - name: Verify the npm version is available
         id: npm_version
@@ -72,10 +72,10 @@ jobs:
             done
         shell: bash
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.PROD_CANARY_AWS_ACCESS_KEY }}
-          aws-secret-access-key: ${{ secrets.PROD_CANARY_AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME_CANARY_PROD }}
+          role-session-name: publish-demo-deployment
           aws-region: us-east-1
       - name: Checkout Package
         uses: actions/checkout@v2

script/deploy-canary-demo

@@ -21,54 +21,10 @@ GAMMA)
     npm run deploy -- -b chime-sdk-meeting-readiness-checker-media-gamma$canarySuffix -s chime-sdk-meeting-readiness-checker-media-gamma$canarySuffix -a meetingReadinessChecker -m $GAMMA_CHIME_ENDPOINT_US_EAST_1 -t -l
     ;;
 
-ChimeProd)
-    echo "Deploying to prod stage for canary that talks to prod Chime client for meetings and prod Chime client for media pipelines"
-
-    # Uses Chime Client
+PROD)
+    echo "Deploying to canary-prod with latest NPM release"
     npm run deploy -- -b chime-sdk-demo-prod-canary$canarySuffix -o chime-sdk-demo-prod-canary$canarySuffix -s chime-sdk-demo-prod-canary$canarySuffix -i eu-south-1 -t -l -p chime.amazonaws.com
     npm run deploy -- -b chime-sdk-meeting-readiness-checker-prod-canary$canarySuffix -s chime-sdk-meeting-readiness-checker-prod-canary$canarySuffix -a meetingReadinessChecker -t -l
     ;;
 
-ChimeSDKMeetingsProdIAD)
-    echo "Deploying to prod stage for canary that talks to prod IAD ChimeSDKMeetings client for meetings and prod Chime client for media pipelines"
-
-    # Uses ChimeSDKMeetings client
-    npm run deploy -- -r us-east-1 -b chime-sdk-meetings-demo-prod-canary-us-east-1$canarySuffix -o chime-sdk-meetings-iad-demo-prod-canary$canarySuffix -s chime-sdk-meetings-demo-prod-canary-us-east-1$canarySuffix -t -l -p chime.amazonaws.com
-    ;;
-
-ChimeSDKMeetingsIAD_ChimeSDKMediaPipelinesProdIAD)
-    echo "Deploying to prod stage for canary that talks to prod IAD ChimeSDKMeetings client for meetings and prod IAD ChimeSDKMediaPipelines client for media pipelines"
-
-    # Uses ChimeSDKMeetings client
-    npm run deploy -- -r us-east-1 -b chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-demo-prod-canary-us-east-1$canarySuffix -o chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-iad-demo-prod-canary$canarySuffix -s chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-demo-prod-canary-us-east-1$canarySuffix -t -l
-    ;;
-
-Chime_ChimeSDKMediaPipelinesProdIAD)
-    echo "Deploying to prod stage for canary that talks to prod Chime client for meetings and prod IAD ChimeSDKMediaPipelines client for media pipelines"
-
-    # Uses ChimeSDKMeetings client
-    npm run deploy -- -r us-east-1 -b chime-sdk-$chimeSDKMediaPipelinesStackId-demo-prod-canary-us-east-1$canarySuffix -o chime-sdk-$chimeSDKMediaPipelinesStackId-iad-demo-prod-canary$canarySuffix -s chime-sdk-$chimeSDKMediaPipelinesStackId-demo-prod-canary-us-east-1$canarySuffix -t -l
-    ;;
-
-ChimeSDKMeetingsProdPDX)
-    echo "Deploying to prod stage for canary that talks to prod PDX ChimeSDKMeetings client and prod PDX ChimeSDKMediaPipelines client"
-
-    # Uses ChimeSDKMeetings client
-    npm run deploy -- -r us-west-2 -b chime-sdk-meetings-demo-prod-canary-us-west-2$canarySuffix -o chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-pdx-demo-prod-canary$canarySuffix -s chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-demo-prod-canary-us-west-2$canarySuffix -t -l  --chime-sdk-media-pipelines-region us-west-2 --chime-sdk-media-pipelines-endpoint https://media-pipelines-chime.us-west-2.amazonaws.com
-    ;;
-
-ChimeSDKMeetingsProdFRA)
-    echo "Deploying to prod stage for canary that talks to prod FRA ChimeSDKMeetings client and prod FRA ChimeSDKMediaPipelines client"
-
-    # Uses ChimeSDKMeetings client
-    npm run deploy -- -r eu-central-1 -b chime-sdk-meetings-demo-prod-canary-eu-central-1$canarySuffix -o chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-fra-demo-prod-canary$canarySuffix -s chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-demo-prod-canary-eu-central-1$canarySuffix -t -l  --chime-sdk-media-pipelines-region eu-central-1 --chime-sdk-media-pipelines-endpoint https://media-pipelines-chime.eu-central-1.amazonaws.com
-    ;;
-
-ChimeSDKMeetingsProdSIN)
-    echo "Deploying to prod stage for canary that talks to prod SIN ChimeSDKMeetings client and prod SIN ChimeSDKMediaPipelines client"
-
-    # Uses ChimeSDKMeetings client
-    npm run deploy -- -r ap-southeast-1 -b chime-sdk-meetings-demo-prod-canary-ap-southeast-1$canarySuffix -o chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-sin-demo-prod-canary$canarySuffix -s chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-demo-prod-canary-ap-southeast-1$canarySuffix -t -l  --chime-sdk-media-pipelines-region ap-southeast-1 --chime-sdk-media-pipelines-endpoint https://media-pipelines-chime.ap-southeast-1.amazonaws.com
-    ;;
-
 esac