chore: use permissive settings initially when no environments exist

sixfeetup · Oct 1, 2024 · e445246 · e445246
1 parent c1a1caa
commit e445246
Showing 1 changed file with 5 additions and 9 deletions.
diff --git a/{{cookiecutter.project_slug}}/terraform/github/oidc.tf b/{{cookiecutter.project_slug}}/terraform/github/oidc.tf
@@ -48,16 +48,12 @@ resource "aws_iam_role" "github_oidc_role" {
       },
       "Action": "sts:AssumeRoleWithWebIdentity",
       "Condition": {
+        "StringLike": {
+          "token.actions.githubusercontent.com:sub": "repo:{{ cookiecutter.source_control_organization_slug }}/{{ cookiecutter.repo_name }}:*"
+        },
         "StringEquals": {
-          "token.actions.githubusercontent.com:aud": "sts.amazonaws.com",
-          "token.actions.githubusercontent.com:sub": [
-            "repo:{{ cookiecutter.source_control_organization_slug }}/{{
-  cookiecutter.repo_name }}:environment:sandbox",
-            "repo:{{ cookiecutter.source_control_organization_slug }}/{{
-  cookiecutter.repo_name }}:environment:staging",
-            "repo:{{ cookiecutter.source_control_organization_slug }}/{{
-  cookiecutter.repo_name }}:environment:prod"
-        ]
+          "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
+        }
         }
       }
     }