Merge pull request #563 from russau/docs/readme-role-update

Minor: include a role condition test for AUD in sample CFN template
aws-actions · Feb 22, 2023 · 567d414 · 567d414
2 parents 32eb1b4 + 85ec61b
commit 567d414
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -161,6 +161,10 @@ Parameters:
     Description: Arn for the GitHub OIDC Provider.
     Default: ""
     Type: String
+  OIDCAudience:
+    Description: Audience supplied to configure-aws-credentials.
+    Default: "sts.amazonaws.com"
+    Type: String
 
 Conditions:
   CreateOIDCProvider: !Equals 
@@ -181,6 +185,8 @@ Resources:
                 - !Ref GithubOidc
                 - !Ref OIDCProviderArn
             Condition:
+              StringEquals:
+                token.actions.githubusercontent.com:aud: !Ref OIDCAudience
               StringLike:
                 token.actions.githubusercontent.com:sub: !Sub repo:${GitHubOrg}/${RepositoryName}:*