aws-actions/configure-aws-credentials needs id-token: write to mint the
OIDC JWT and assume AWS_ROLE_ARN. Without it the deploy-ec2 workflow
fails at the credentials step. Add the permission at workflow scope.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- deploy.sh: single script to switch between EC2 and EKS modes
- ec2: docker-compose with ECR images + nginx SSL reverse proxy
- eks: terraform apply + helm install (for demos/grading)
- eks-down: terraform destroy (stop costs)
- docker-compose.prod.yml: ECR image overrides + nginx service
- nginx/nginx.conf: reverse proxy with SSL, SSE streaming support
- deploy-ec2.yml: auto-deploy to EC2 after images are built
- Remove old single-server deploy.yml
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
