feat: Allow adding iss for the oidc assumable role

terraform-aws-modules · Dec 18, 2024 · fc65def · fc65def
1 parent e20e0b9
commit fc65def
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/modules/iam-assumable-role-with-oidc/main.tf b/modules/iam-assumable-role-with-oidc/main.tf
@@ -71,6 +71,12 @@ data "aws_iam_policy_document" "assume_role_with_oidc" {
         }
       }
 
+      condition {
+        test     = "ForAllValues:StringEquals"
+        variable = "${statement.value}:iss"
+        values   = ["https://${statement.value}"]
+      }
+
       dynamic "condition" {
         for_each = length(var.oidc_fully_qualified_audiences) > 0 ? local.urls : []