- had duplicate role - change policy name to match approle - updated ttl as packer builds can take some time
- limit access to workstation and gitea runners
