unfunco
commented
11 months ago Hey @MichaelChovanakDatavant – thank you for this, I'm happy for this feature to go in but can we rename the variable to additional_audiences so that it's consistent with the additional_thumbprints variable name, and can we also always include sts.amazonaws.com as an audience instead of putting it in the variable default? We do the same thing with thumbprints, we allow additional ones to be added but we don't allow the defaults to be overridden.
MichaelChovanakDatavant
I recently fixed an authentication issue by adding
https://github.com/<organization>as an allowed audience in the github IAM trust relation, but I could not persist the change in terraform using this module.This change adds the ability to optionally specify
additional_audiences = ["<another_audience>", ...], which when omitted retains the default allowed audience of'sts.amazonaws.com'