nabeken/aws_rotate_key.yml

## aws_rotate_key.yml
name: AWS Key Rotation

on:
  push:
    branches:
      - actions/aws_key_rotate

  schedule:
    - cron: '* 0 * * 1'

jobs:
  rotate:
    name: rotate iam user keys
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2.0.0

      - name: Assume the role for the rotation
        run: |
          CREDENTIAL=$(aws sts assume-role \
            --role-arn arn:aws:iam::**********:role/******** \
            --role-session-name 'GithubActions'
          )
          echo "ACTION_AWS_ACCESS_KEY_ID=$(echo $CREDENTIAL | jq -r '.Credentials.AccessKeyId')" >> $GITHUB_ENV
          echo "ACTION_AWS_SECRET_ACCESS_KEY=$(echo $CREDENTIAL | jq -r '.Credentials.SecretAccessKey')" >> $GITHUB_ENV
          echo "ACTION_AWS_SESSION_TOKEN=$(echo $CREDENTIAL | jq -r '.Credentials.SessionToken')" >> $GITHUB_ENV
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}

      - name: Get GITHUB_TOKEN for Github Apps
        uses: nabeken/go-github-apps@v0
        id: go-github-apps
        with:
          installation_id: ${{ secrets.APP_INST_ID }}
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.APP_GITHUB_PRIV_KEY }}

      - name: rotate aws keys
        uses: kneemaa/github-action-rotate-aws-secrets@v1.0.3
        env:
          AWS_ACCESS_KEY_ID: ${{ env.ACTION_AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ env.ACTION_AWS_SECRET_ACCESS_KEY }}
          AWS_SESSION_TOKEN: ${{ env.ACTION_AWS_SESSION_TOKEN }}
          GITHUB_ACCESS_KEY_NAME: AWS_ACCESS_KEY_ID
          GITHUB_SECRET_KEY_NAME: AWS_SECRET_ACCESS_KEY
          GITHUB_TOKEN: ${{ steps.go-github-apps.outputs.app_github_token }}
          IAM_USERNAME: '<YOUR USERNAME>'
          OWNER_REPOSITORY: ${{ github.repository }}

      - name: Send Slack Status
        if: failure()
        uses: 8398a7/action-slack@v2.7.0
        with:
          status: ${{job.status}}
          author_name: kneemaa-aws-rotation-action
          username: kneemaa-rotation-bot
          text: Rotating the token had a status of ${{ job.status }}
          channel: general
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
	name: AWS Key Rotation

	on:
	push:
	branches:
	- actions/aws_key_rotate

	schedule:
	- cron: '* 0 * * 1'

	jobs:
	rotate:
	name: rotate iam user keys
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v2.0.0

	- name: Assume the role for the rotation
	run: \|
	CREDENTIAL=$(aws sts assume-role \
	--role-arn arn:aws:iam::********:role/****** \
	--role-session-name 'GithubActions'
	)
	echo "ACTION_AWS_ACCESS_KEY_ID=$(echo $CREDENTIAL \| jq -r '.Credentials.AccessKeyId')" >> $GITHUB_ENV
	echo "ACTION_AWS_SECRET_ACCESS_KEY=$(echo $CREDENTIAL \| jq -r '.Credentials.SecretAccessKey')" >> $GITHUB_ENV
	echo "ACTION_AWS_SESSION_TOKEN=$(echo $CREDENTIAL \| jq -r '.Credentials.SessionToken')" >> $GITHUB_ENV
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}

	- name: Get GITHUB_TOKEN for Github Apps
	uses: nabeken/go-github-apps@v0
	id: go-github-apps
	with:
	installation_id: ${{ secrets.APP_INST_ID }}
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_GITHUB_PRIV_KEY }}

	- name: rotate aws keys
	uses: kneemaa/github-action-rotate-aws-secrets@v1.0.3
	env:
	AWS_ACCESS_KEY_ID: ${{ env.ACTION_AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ env.ACTION_AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ env.ACTION_AWS_SESSION_TOKEN }}
	GITHUB_ACCESS_KEY_NAME: AWS_ACCESS_KEY_ID
	GITHUB_SECRET_KEY_NAME: AWS_SECRET_ACCESS_KEY
	GITHUB_TOKEN: ${{ steps.go-github-apps.outputs.app_github_token }}
	IAM_USERNAME: '<YOUR USERNAME>'
	OWNER_REPOSITORY: ${{ github.repository }}

	- name: Send Slack Status
	if: failure()
	uses: 8398a7/action-slack@v2.7.0
	with:
	status: ${{job.status}}
	author_name: kneemaa-aws-rotation-action
	username: kneemaa-rotation-bot
	text: Rotating the token had a status of ${{ job.status }}
	channel: general
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}