From 85ec61b5fedc565f78c256ac2978454bc200b7a1 Mon Sep 17 00:00:00 2001
From: russ <sayersr@amazon.com>
Date: Thu, 3 Nov 2022 10:45:32 +1100
Subject: [PATCH] include a role condition test for AUD in sample CFN template

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 290f42442..32e032d25 100644
--- a/README.md
+++ b/README.md
@@ -149,6 +149,10 @@ Parameters:
     Description: Arn for the GitHub OIDC Provider.
     Default: ""
     Type: String
+  OIDCAudience:
+    Description: Audience supplied to configure-aws-credentials.
+    Default: "sts.amazonaws.com"
+    Type: String
 
 Conditions:
   CreateOIDCProvider: !Equals 
@@ -169,6 +173,8 @@ Resources:
                 - !Ref GithubOidc
                 - !Ref OIDCProviderArn
             Condition:
+              StringEquals:
+                token.actions.githubusercontent.com:aud: !Ref OIDCAudience
               StringLike:
                 token.actions.githubusercontent.com:sub: !Sub repo:${GitHubOrg}/${RepositoryName}:*