In order to set up OIDC simply swap the AWS Keys with assume role ARN and you are good to go. Here is an example, don’t forget to replace the line starting in ** with your own ARN for the account.

name: Digger Workflow

on:
  workflow_dispatch:
    inputs:
      run_name:
        required: false
      spec:
        required: true

run-name: '${{inputs.run_name}}'

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: write      # required to merge PRs
      id-token: write      # required for workload-identity-federation
      pull-requests: write # required to post PR comments
      issues: read         # required to check if PR number is an issue or not
      statuses: write      # required to validate combined PR status

    steps:
      - name: digger run
        uses: diggerhq/digger@vLatest
        with:
          digger-spec: ${{ inputs.spec }}
          setup-aws: true
        **aws-role-to-assume: arn:aws:iam::{AccountID}:role/{RoleName}**
          aws-region: us-east-1
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Setting up separate mgmt accountSetting up GCP + GH Actions