From a244a9e676615316c8e5b22bcb4b3fc1008c1102 Mon Sep 17 00:00:00 2001
From: martijnvdp <m.vanderploeg@nl.ccv.eu>
Date: Tue, 7 Feb 2023 14:06:12 +0100
Subject: [PATCH] add token.actions.githubusercontent.com:aud condition

---
 data.tf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data.tf b/data.tf
index 00e0aec..72860fb 100644
--- a/data.tf
+++ b/data.tf
@@ -30,6 +30,12 @@ data "aws_iam_policy_document" "assume_role" {
       variable = "token.actions.githubusercontent.com:sub"
     }
 
+    condition {
+      test     = "StringLike"
+      values   = ["sts.amazonaws.com"]
+      variable = "token.actions.githubusercontent.com:aud"
+    }
+
     principals {
       identifiers = [local.oidc_provider_arn]
       type        = "Federated"