GitHub recently released a really cool feature allowing integration between its CI/CD system and AWS without sharing static credentials. I originally found out about it via Aidan Steele's excellent blog post detailing it with setup instructions in CloudFormation.
I've used this new functionality to create an example of deploying to AWS using Terraform, which I particularly like because it allows every component to be represented in code (e.g. no manual configuration of GitHub Actions Secrets). It's available here.