diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml
index f61c913..f1c9466 100644
--- a/.github/workflows/actions.yml
+++ b/.github/workflows/actions.yml
@@ -1,24 +1,33 @@
 on:
+  workflow_dispatch:
   push:
     branches:
       - main
+    paths-ignore:
+      - ".github/workflows/*"
+      - "**.md"
+
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     environment: production
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
       - name: Setup AWS SAM CLI
         uses: aws-actions/setup-sam@v2
-      - name: Setup AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1-node16
+      - name: Setup AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4.0.1
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
           aws-region: ${{ secrets.AWS_REGION }}
+          mask-aws-account-id: true
       - name: Prepare SAM parameters
         env:
           SCHEDULE_EXPRESSION: ${{ vars.SCHEDULE_EXPRESSION }}