diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 410525d..4ad76f5 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -11,6 +11,9 @@ env:
   # VERSION: ${{ github.event.release.tag_name }}
   VERSION: 0.7.7
 
+permissions:
+  id-token: write
+
 jobs:
   publish:
     name: Publish a new version
@@ -58,11 +61,11 @@ jobs:
 
       # # TODO how does this work? Does the repo need to be registered to be
       # # able to assume that role or what?
-      # - name: Assume AWS role
-      #   uses: aws-actions/configure-aws-credentials@v1-node16
-      #   with:
-      #     role-to-assume: arn:aws:iam::068037490145:role/prestoplay-web-web-uploader
-      #     aws-region: us-east-1
+      - name: Assume AWS role
+        uses: aws-actions/configure-aws-credentials@v1-node16
+        with:
+          role-to-assume: arn:aws:iam::068037490145:role/prestoplay-web-web-uploader
+          aws-region: us-east-1
 
       # Is there a dry run? Let's perhaps try version 0.0.1
       # - name: Upload to S3