diff --git a/.github/workflows/aws-preview.yml b/.github/workflows/aws-preview.yml
index aa415277..28cd4d17 100644
--- a/.github/workflows/aws-preview.yml
+++ b/.github/workflows/aws-preview.yml
@@ -14,6 +14,10 @@ env:
   ECR_REGISTRY: 654654285942.dkr.ecr.ap-northeast-1.amazonaws.com
   ECS_CLUSTER: xuexiao
 
+permissions:
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
+
 jobs:
   build_and_push:
     name: Build and Push Docker Image
@@ -25,10 +29,11 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: arn:aws:iam::654654285942:role/Github-OIDC
+          role-session-name: samplerolesession
+          audience: sts.amazonaws.com
           aws-region: ${{ env.AWS_REGION }}
 
       - name: Login to Amazon ECR