From 226e47f10e985ec49273c762bf26dc5cdf2f19f8 Mon Sep 17 00:00:00 2001
From: tylerthome <tyler.thome@outlook.com>
Date: Wed, 4 Sep 2024 18:04:50 -0700
Subject: [PATCH] use dynamic data pull for GHA cert thumbprint

---
 terraform/modules/aws-gha-oidc-providers/main.tf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/terraform/modules/aws-gha-oidc-providers/main.tf b/terraform/modules/aws-gha-oidc-providers/main.tf
index 5cf6d1f..da6b314 100644
--- a/terraform/modules/aws-gha-oidc-providers/main.tf
+++ b/terraform/modules/aws-gha-oidc-providers/main.tf
@@ -39,6 +39,10 @@ locals {
 
 data "aws_caller_identity" "current" {}
 
+data "tls_certificate" "github_actions" {
+  url = "https://${local.oidc_github_idp}"
+}
+
 resource "aws_iam_openid_connect_provider" "github_actions" {
   url = "https://${local.oidc_github_idp}"
 
@@ -46,7 +50,7 @@ resource "aws_iam_openid_connect_provider" "github_actions" {
     local.oidc_aws_audience
   ]
 
-  thumbprint_list = ["1b511abead59c6ce207077c0bf0e0043b1382612"]
+  thumbprint_list = [data.tls_certificate.github_actions.certificates[0].sha1_fingerprint]
 }
 
 resource "aws_iam_role" "github_actions_oidc" {