When I try to list the repos explicitly, the first one is able to assume the role but the subsequent ones can't.
Steps to Reproduce:
add a valid list of repositories to the module config
run a github action on the first repo (successfully)
run a github action on the second repo (unsuccessfully)
switch the list of repos to whitelist the whole github org
all repos can now assume the role with web identity
Expected Result:
Run aws-actions/configure-aws-credentials@v4
Assuming role with OIDC
Authenticated as assumedRoleId xxx:GitHubActions
Actual Result:
Run aws-actions/configure-aws-credentials@v4
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Assuming role with OIDC
Error: Could not assume role with OIDC: Not authorized to perform sts:AssumeRoleWithWebIdentity
Bug Report
When I try to list the repos explicitly, the first one is able to assume the role but the subsequent ones can't.
Steps to Reproduce:
Expected Result:
Actual Result:
Additional Context:
I suspect that the https://github.com/terraform-module/terraform-aws-github-oidc-provider/blob/master/main.tf#L45-L52 block effectively fails if the repo name is not on the top of the iam Trusted Entities list. I don't know if this ever worked or if it's a regression.