diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 0be4df559..ea89fc876 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,6 +4,10 @@ concurrency:
   group: test-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  id-token: write
+  contents: write
+
 on:
   push:
     branches:
@@ -56,6 +60,9 @@ jobs:
     name: E2E Tests
     runs-on: ubuntu-latest
     needs: build
+    secrets:
+      CI_AWS_ACCESS_KEY_ID: { required: true }
+      CI_AWS_SECRET_ACCESS_KEY: { required: true }
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -70,7 +77,8 @@ jobs:
         with:
           aws-access-key-id: ${{ secrets.CI_AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.CI_AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-west-2 
+          aws-region: us-west-2
+          audience: sts.amazonaws.com
       - name: Run E2E tests
         run: |
           make test-e2e