You may also setup federated (trusted) relationships. For example, a GitHub Workflow can be trusted to assume an IAM role. In that scenario, there's no long lived secret in scope.
The oidc subject includes the GitHub org, repo, branch, and environment for the IAM assume role policy to match or filter.
The oidc subject includes the GitHub org, repo, branch, and environment for the IAM assume role policy to match or filter.