eli-445 adding bootstrap deploy to publish workflow

eddalmond1 · eddalmond1 · commit f2d42cad8088 · 2026-02-16T16:37:29.000Z
diff --git a/.github/workflows/cicd-2-publish.yaml b/.github/workflows/cicd-2-publish.yaml
@@ -87,7 +87,22 @@ jobs:
           name: lambda-${{ needs.metadata.outputs.version }}
           path: dist/lambda.zip
 
-      - name: "Configure AWS Credentials"
+      - name: "Configure AWS Credentials (IAM Bootstrap Role)"
+        uses: aws-actions/configure-aws-credentials@v6
+        with:
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-iam-bootstrap-role
+          aws-region: eu-west-2
+
+      - name: "Deploy IAM roles (iams-developer-roles stack)"
+        env:
+          ENVIRONMENT: dev
+        working-directory: ./infrastructure
+        run: |
+          make terraform-init env=$ENVIRONMENT stack=iams-developer-roles
+          terraform -chdir=./stacks/iams-developer-roles plan -var="environment=$ENVIRONMENT" -out=tfplan
+          terraform -chdir=./stacks/iams-developer-roles apply -auto-approve tfplan
+
+      - name: "Configure AWS Credentials (Main Deployment Role)"
         uses: aws-actions/configure-aws-credentials@v6
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role
