diff --git a/infrastructure/infrastructure/terraform/github.tf b/infrastructure/infrastructure/terraform/github.tf
index c9d9ca4ef0..fd50d302cf 100644
--- a/infrastructure/infrastructure/terraform/github.tf
+++ b/infrastructure/infrastructure/terraform/github.tf
@@ -30,18 +30,17 @@ data "aws_iam_policy_document" "fleetdm_confidential_cloudflare_trust" {
       identifiers = [aws_iam_openid_connect_provider.github.arn]
     }
 
+    condition {
+      test     = "StringEquals"
+      variable = "token.actions.githubusercontent.com:aud"
+      values   = ["sts.amazonaws.com"]
+    }
+
     condition {
       test     = "StringLike"
       variable = "token.actions.githubusercontent.com:sub"
       values   = ["repo:fleetdm/confidential:*"]
     }
-
-    # Require that the workflow file is check_cloudflare.yml
-    condition {
-      test     = "StringEquals"
-      variable = "token.actions.githubusercontent.com:workflow"
-      values   = ["check_cloudflare.yml"]
-    }
   }
 }