Technically yes. It depends on whether you consider the account ID to be a secret or not (AWS say "sensitive but not secret" which doesn't help much). But also it can make sense to treat all environment variables as secrets by default just so you don't accidentally end up putting something somewhere that turns out to have been Wrong.
And even better can scope assuming an AWS IAM role to a specific branch name & workflow filename so only code/workflows that have been through review have access to CD secrets/prod infra.
IE no prod access by editing the workflow definition and pushing it to a branch.
regularfry|2 months ago
Kinrany|2 months ago
everfrustrated|2 months ago
IE no prod access by editing the workflow definition and pushing it to a branch.