diff --git a/.github/workflows/publish-stable-aws.yml b/.github/workflows/publish-stable-aws.yml
index 0e77015b6..652788b0a 100644
--- a/.github/workflows/publish-stable-aws.yml
+++ b/.github/workflows/publish-stable-aws.yml
@@ -7,6 +7,9 @@ on:
 jobs:
   aws-publish:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-node@v1
@@ -15,6 +18,12 @@ jobs:
           registry-url: https://registry.npmjs.org/
       - name: 'Install makensis (apt)'
         run: sudo apt update && sudo apt install -y nsis nsis-pluginapi
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{secrets.AWS_ROLE_NAME }}
+          role-session-name: github-actions-from-toolbelt
+          aws-region: us-east-1
       - name: Deploy on AWS
         run: |
           yarn install --ignore-scripts
@@ -22,8 +31,6 @@ jobs:
           yarn release:win
         env:
             IS_CI: "true"
-            AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
-            AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}}
   publish-success:
     runs-on: ubuntu-latest
     needs: [aws-publish]
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e2704d13a..6ac0b0faf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 
 - handle OPTIONS request for CORS
+- update `publish-stable-aws` pipeline
 
 ## [4.0.4] - 2023-11-03