If Github action workflow had an entry like aws_session_token it would meet my expectations of how to set up a Github action to deploy to our production environment. I like to open a window, using STS, to allow deployment to prod. I want it to be short term so I like to enter temporary credentials in Github settings to open a window for deployment. Using an assumed role is secure but it is an open window which does not suit our current situation.