From 90dbaac52c3ae78f978f170df57327de039dc338 Mon Sep 17 00:00:00 2001
From: DmitriyMusatkin <musatkd@amazon.com>
Date: Fri, 22 Nov 2024 15:01:05 -0800
Subject: [PATCH] permissions

---
 .github/actions/assume-aws-role/action.yml | 2 --
 .github/workflows/ci.yml                   | 3 +++
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/actions/assume-aws-role/action.yml b/.github/actions/assume-aws-role/action.yml
index 792639060..1adaf991d 100644
--- a/.github/actions/assume-aws-role/action.yml
+++ b/.github/actions/assume-aws-role/action.yml
@@ -8,8 +8,6 @@ name: 'Assume Role'
 description: 'Assume AWS Role to be used during workflows'
 runs:
   using: "composite"
-  permissions:
-    id-token: write # This is required for requesting the JWT
   steps:
     - name: configure AWS credentials (containers)
       uses: aws-actions/configure-aws-credentials@v4
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index afb19bd1b..defee757a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,6 +15,9 @@ env:
   CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }}
   AWS_DEFAULT_REGION: us-east-1
 
+permissions:
+  id-token: write # This is required for requesting the JWT
+
 jobs:
   linux-compat:
     runs-on: ubuntu-22.04 # latest