Update s3_upload.yml (#18962)

assume deployment role instead of aws creds

.github/workflows/s3_upload.yml

@@ -1,26 +1,36 @@
 name: Upload S3
 on:
   push:
-    branches: [ master ]
+    branches:
+      - master
 
   workflow_dispatch:
 
+permissions:
+  id-token: write
+
+env:
+  AWS_REGION: us-east-1
+
 jobs:
   upload-s3:
     runs-on: ubuntu-latest
+
     steps:
       - uses: actions/checkout@v2
 
-    - name: Upload (from main repo only)
+      - name: Confiugre AWS credentials
-      if: github.repository_owner == 'trustwallet'
+        uses: aws-actions/configure-aws-credentials@v1
-      uses: jakejarvis/s3-sync-action@master
         with:
-        args: --follow-symlinks --delete --exclude '*' --include 'dapps/*' --include 'blockchains/*' --include 'history/*' --size-only
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Deploy to S3
+        if: github.repository_owner == 'trustwallet'
+        shell: bash
+        run: aws s3 sync . s3://$AWS_S3_BUCKET  --follow-symlinks --delete --exclude '*' --include 'dapps/*' --include 'blockchains/*' --size-only
         env:
           AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_REGION: 'us-east-1'
 
       - name: Get changed files
         uses: jitterbit/get-changed-files@v1
@@ -39,6 +49,4 @@ jobs:
         env:
           PATHS: ${{ steps.filter.outputs.paths }}
           DISTRIBUTION: ${{ secrets.AWS_DISTRIBUTION }}
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_REGION: "us-east-1"