Skip to content

Commit

Permalink
Merge pull request #70 from hackforla/iam/oidc-add-gha-thumbprint
Browse files Browse the repository at this point in the history 
use dynamic data pull for GHA cert thumbprint
  • Loading branch information
@tylerthome
tylerthome authored Sep 5, 2024
2 parents ace1d83 + 226e47f commit 58ba8b1
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion terraform/modules/aws-gha-oidc-providers/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,18 @@ locals {

data "aws_caller_identity" "current" {}

data "tls_certificate" "github_actions" {
url = "https://${local.oidc_github_idp}"
}

resource "aws_iam_openid_connect_provider" "github_actions" {
url = "https://${local.oidc_github_idp}"

client_id_list = [
local.oidc_aws_audience
]

thumbprint_list = ["1b511abead59c6ce207077c0bf0e0043b1382612"]
thumbprint_list = [data.tls_certificate.github_actions.certificates[0].sha1_fingerprint]
}

resource "aws_iam_role" "github_actions_oidc" {
Expand Down

0 comments on commit 58ba8b1

Please sign in to comment.