GP is saying that GHA would need zero information about AWS if CodeBuild used a Github token and listened for GHA runs.