Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111

Update iam rules for github on infra account (#33812)

Browse source
This commit is contained in:
Robert Fairburn 2025-10-05 18:45:50 -05:00 committed by GitHub
parent 3009630141
commit c63f3ca183
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
infrastructure/infrastructure/terraform/github.tf
View file

@ -30,18 +30,17 @@ data "aws_iam_policy_document" "fleetdm_confidential_cloudflare_trust" {
identifiers = [aws_iam_openid_connect_provider.github.arn]
}
condition {
test = "StringEquals"
variable = "token.actions.githubusercontent.com:aud"
values = ["sts.amazonaws.com"]
}
condition {
test = "StringLike"
variable = "token.actions.githubusercontent.com:sub"
values = ["repo:fleetdm/confidential:*"]
}
# Require that the workflow file is check_cloudflare.yml
condition {
test = "StringEquals"
variable = "token.actions.githubusercontent.com:workflow"
values = ["check_cloudflare.yml"]
}
}
}