diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 656089a8..1f35dca7 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -1,27 +1,21 @@
+---
 name: Build and Commit Documentation
-
 on:
   pull_request:
-    types: [ labeled ]
-
+    types: [labeled]
 jobs:
   build_and_commit:
     if: contains(github.event.pull_request.labels.*.name, 'docs')
     runs-on: ubuntu-latest
-
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.head_ref }}
-
-      - name: Run make command
-        run: make doc
-
+      - run: make doc
       - name: Commit changes
         run: |
           git config --local user.email "action@github.com"
           git config --local user.name "GitHub Action"
           git add .
           git commit -m "Update documentation" || echo "No changes to commit"
-          git push origin HEAD:${{ github.head_ref }}
\ No newline at end of file
+          git push origin HEAD:${{ github.head_ref }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 262f891d..e2385354 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,25 +1,20 @@
-# Terraform Provider release workflow.
+---
 name: Release
 on:
   push:
-    tags:
-      - 'v*'
-
+    tags: ['v*']
 permissions:
   contents: write
-
+  id-token: write
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      - name: configure aws credentials
-        uses: aws-actions/configure-aws-credentials@v4
+      - uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
-          aws-region: us-west-2
-      - name: get secrets from aws sm
-        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+          aws-region: ${{ vars.RP_AWS_CRED_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.RP_AWS_CRED_ACCOUNT_ID }}:role/${{ vars.RP_AWS_CRED_BASE_ROLE_NAME }}${{ github.event.repository.name }}
+      - uses: aws-actions/aws-secretsmanager-get-secrets@v2
         with:
           secret-ids: |
             ,sdlc/prod/github/tf_provider_rp
@@ -32,14 +27,12 @@ jobs:
         with:
           go-version-file: 'go.mod'
           cache: true
-      - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v6
+      - uses: crazy-max/ghaction-import-gpg@v6
         id: import_gpg
         with:
           gpg_private_key: ${{ env.TF_PROVIDER_RP_GPG_PRIVATE_KEY }}
           passphrase: ${{ env.TF_PROVIDER_RP_PASSPHRASE }}
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6
+      - uses: goreleaser/goreleaser-action@v6
         with:
           args: release --clean
         env: