diff --git a/modules/openid_connect_provider/iam.tf b/modules/openid_connect_provider/iam.tf
index 793b36c..437a01d 100644
--- a/modules/openid_connect_provider/iam.tf
+++ b/modules/openid_connect_provider/iam.tf
@@ -261,14 +261,14 @@ data "aws_iam_policy_document" "aws_sa_assume_role_policy" {
     actions = ["sts:AssumeRoleWithWebIdentity"]
     effect  = "Allow"
     condition {
-      test     = "StringEquals"
+      test     = "StringLike"
       variable = "${replace(aws_iam_openid_connect_provider.this.url, "https://", "")}:sub"
       values = [
         format("system:serviceaccount:%s:%s", local.service_accounts[count.index].namespace, local.service_accounts[count.index].name)
       ]
     }
     condition {
-      test     = "StringEquals"
+      test     = "StringLike"
       variable = "${replace(aws_iam_openid_connect_provider.this.url, "https://", "")}:aud"
       values = [
         "sts.amazonaws.com"