chore: change iam sa trust policy

oozou · Nov 25, 2023 · 50a3ecf · 50a3ecf
1 parent 4e42ed6
commit 50a3ecf
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/modules/openid_connect_provider/iam.tf b/modules/openid_connect_provider/iam.tf
@@ -261,14 +261,14 @@ data "aws_iam_policy_document" "aws_sa_assume_role_policy" {
     actions = ["sts:AssumeRoleWithWebIdentity"]
     effect  = "Allow"
     condition {
-      test     = "StringEquals"
+      test     = "StringLike"
       variable = "${replace(aws_iam_openid_connect_provider.this.url, "https://", "")}:sub"
       values = [
         format("system:serviceaccount:%s:%s", local.service_accounts[count.index].namespace, local.service_accounts[count.index].name)
       ]
     }
     condition {
-      test     = "StringEquals"
+      test     = "StringLike"
       variable = "${replace(aws_iam_openid_connect_provider.this.url, "https://", "")}:aud"
       values = [
         "sts.amazonaws.com"