diff --git a/atlantis.yaml b/atlantis.yaml
index 1be88af..fd2a528 100644
--- a/atlantis.yaml
+++ b/atlantis.yaml
@@ -1,28 +1,28 @@
 version: 3
 automerge: true
 projects:
-  - dir: projects/gcp
-    workflow: default
-    autoplan:
-      when_modified: ["*.tf", "*.yaml", "*.json", "../../modules/**/*.tf", "../../modules/**/*.yaml", "../../modules/**/*.json"]
-      enabled: true
-  - dir: projects/core
-    workflow: default
-    autoplan:
-      when_modified: ["*.tf", "*.yaml", "*.json", "../../modules/**/*.tf", "../../modules/**/*.yaml", "../../modules/**/*.json"]
-      enabled: true
-  - dir: projects/core/config
-    workflow: default
-    autoplan:
-      when_modified: ["*.tf", "*.yaml", "*.json", "../../../modules/**/*.tf", "../../../modules/**/*.yaml", "../../../modules/**/*.json"]
-      enabled: true
-  - dir: projects/domain
-    workflow: default
-    autoplan:
-      when_modified: ["*.tf", "*.yaml", "*.json", "../../../modules/**/*.tf", "../../../modules/**/*.yaml", "../../../modules/**/*.json"]
-      enabled: true
-  - dir: projects/infra
-    workflow: default
-    autoplan:
-      when_modified: ["*.tf", "*.yaml", "*.json", "../../../modules/**/*.tf", "../../../modules/**/*.yaml", "../../../modules/**/*.json"]
-      enabled: true
+#  - dir: projects/gcp
+#    workflow: default
+#    autoplan:
+#      when_modified: ["*.tf", "*.yaml", "*.json", "../../modules/**/*.tf", "../../modules/**/*.yaml", "../../modules/**/*.json"]
+#      enabled: true
+#  - dir: projects/core
+#    workflow: default
+#    autoplan:
+#      when_modified: ["*.tf", "*.yaml", "*.json", "../../modules/**/*.tf", "../../modules/**/*.yaml", "../../modules/**/*.json"]
+#      enabled: true
+#  - dir: projects/core/config
+#    workflow: default
+#    autoplan:
+#      when_modified: ["*.tf", "*.yaml", "*.json", "../../../modules/**/*.tf", "../../../modules/**/*.yaml", "../../../modules/**/*.json"]
+#      enabled: true
+#  - dir: projects/domain
+#    workflow: default
+#    autoplan:
+#      when_modified: ["*.tf", "*.yaml", "*.json", "../../../modules/**/*.tf", "../../../modules/**/*.yaml", "../../../modules/**/*.json"]
+#      enabled: true
+#  - dir: projects/infra
+#    workflow: default
+#    autoplan:
+#      when_modified: ["*.tf", "*.yaml", "*.json", "../../../modules/**/*.tf", "../../../modules/**/*.yaml", "../../../modules/**/*.json"]
+#      enabled: true
diff --git a/modules/gcp/iam/main.tf b/modules/gcp/iam/main.tf
index daa6d5b..cd912a9 100644
--- a/modules/gcp/iam/main.tf
+++ b/modules/gcp/iam/main.tf
@@ -206,3 +206,46 @@ resource "google_service_account_iam_binding" "service_account_token_creator" {
     "user:goboolean.io@gmail.com"
   ]
 }
+
+
+resource "google_iam_workload_identity_pool" "github_pool" {
+  workload_identity_pool_id = "github-pool"
+  display_name              = "GitHub Actions Pool"
+  description               = "Pool for GitHub Actions workflows"
+  disabled                  = false
+}
+
+resource "google_iam_workload_identity_pool_provider" "github_provider" {
+  workload_identity_pool_id          = google_iam_workload_identity_pool.github_pool.workload_identity_pool_id
+  workload_identity_pool_provider_id = "github-pool-provider"
+  display_name                       = "GitHub Provider"
+  description                        = "OIDC provider for GitHub Actions"
+
+  oidc {
+    issuer_uri = "https://token.actions.githubusercontent.com"
+  }
+
+  attribute_mapping = {
+    "google.subject"             = "assertion.sub"
+    "attribute.repository"       = "assertion.repository"
+    "attribute.repository_owner" = "assertion.repository_owner"
+  }
+}
+
+resource "google_service_account" "github_sa" {
+  account_id   = "github-actions-sa"
+  display_name = "GitHub Actions Service Account"
+  description  = "Service account for GitHub Actions workflows" 
+}
+
+resource "google_project_iam_member" "sa_role" {
+  project = var.project_id
+  role    = "roles/storage.admin"
+  member  = "serviceAccount:${google_service_account.github_sa.email}"
+}
+
+resource "google_service_account_iam_member" "workload_identity_user" {
+  service_account_id = google_service_account.github_sa.name
+  role               = "roles/iam.workloadIdentityUser"
+  member             = "principal://iam.googleapis.com/${google_iam_workload_identity_pool.github_pool.name}/attribute.repository_owner/goboolean"
+}
diff --git a/modules/gcp/service/main.tf b/modules/gcp/service/main.tf
index 705c14d..d94966c 100644
--- a/modules/gcp/service/main.tf
+++ b/modules/gcp/service/main.tf
@@ -8,6 +8,8 @@ locals {
     "storage.googleapis.com",
     "secretmanager.googleapis.com",
     "cloudkms.googleapis.com",
+    "iamcredentials.googleapis.com",
+    "sts.googleapis.com"
   ])
 }