fix: add entire ARN role instead of account and role name

Author: Alexander Melnyk

.github/workflows/publish_layer.yml

@@ -66,7 +66,7 @@ jobs:
       stage: "BETA"
       artefact-name: "cdk-layer-artefact"
     secrets:
-      target-account: ${{ secrets.LAYERS_BETA_ACCOUNT }}
+      target-account-role: arn:aws:iam::${{ secrets.LAYERS_BETA_ACCOUNT }}:role/${{ secrets.AWS_GITHUB_OIDC_ROLE }}
 
   deploy-prod:
     needs:
@@ -76,4 +76,4 @@ jobs:
       stage: "PROD"
       artefact-name: "cdk-layer-artefact"
     secrets:
-      target-account: ${{ secrets.LAYERS_PROD_ACCOUNT }}
+      target-account-role: arn:aws:iam::${{ secrets.LAYERS_PROD_ACCOUNT }}:role/${{ secrets.AWS_GITHUB_OIDC_ROLE }}

.github/workflows/reusable_deploy_layer_stack.yml

@@ -14,7 +14,7 @@ on:
         required: true
         type: string
     secrets:
-      target-account:
+      target-account-role:
         required: true
 
 jobs:
@@ -57,7 +57,7 @@ jobs:
         uses: aws-actions/configure-aws-credentials@v1
         with:
           aws-region: ${{ matrix.region }}
-          role-to-assume: arn:aws:iam::${{ secrets.target-account }}:role/${{ secrets.AWS_GITHUB_OIDC_ROLE }}
+          role-to-assume: ${{ secrets.target-account-role }}
       - name: Setup Node.js
         uses: actions/setup-node@v2
         with: