Start using OIDC Provider today, and STOP immediately using the static AWS credentials in your GitHub Actions CI/CD Pipeline to prevent the risk of credentials leaks

I have personally used the static AWS credentials for many years, and that's pretty bad I did that. I don’t understand why Amazon or GitHub did not do more to help people out of this security risk you can end by using the static AWS credentials. I think it will be nice to learn how to go away from using static AWS credentials and start using the OIDC Provider structure.

Why is it a risk to use static AWS credentials in my GitHub Action CI/CD Pipeline?

The risk of using static credentials is you probably never rotated the keys on your AWS Account and then update your GitHub secrets with the new credentials keys you are using inside your CI/CD pipeline because you don’t want to mess anything up or it too hard to set up an automation job to rotate the keys and update the secret on GitHub and again here you should think about when did you want to rotate it, every hour, every day or every month?