chore: fix docs and remove repo_owners (#18)

Script47 · web-flow · commit f05a84bec1f6 · 2026-01-09T08:45:09.000Z
diff --git a/github-oidc-iam-role/README.md b/github-oidc-iam-role/README.md
@@ -14,7 +14,7 @@ See `variables.tf` for the full argument reference.
 
 ```hcl
 module "oidc_github_iam_role" {
-  source      = "github.com/script47/aws-tf-modules/oidc-github-iam-role"
+  source      = "github.com/script47/aws-tf-modules/github-oidc-iam-role"
 
   role_name   = "my-role"
 
@@ -44,12 +44,8 @@ module "oidc_github_iam_role" {
     "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess"
   ]
 
-  repo_owners = [
-    "my-owner"
-  ]
-
   sub = [
-    "repo:my-owner/my-repo:ref:refs/heads/*"
+    "repo:my-owner/my-repo:ref:*"
   ]
 
   tags = {
diff --git a/github-oidc-iam-role/data.tf b/github-oidc-iam-role/data.tf
@@ -1,11 +1,10 @@
 data "aws_iam_openid_connect_provider" "github" {
-  url      = "https://token.actions.githubusercontent.com"
+  url = "https://token.actions.githubusercontent.com"
 }
 
 data "aws_iam_policy_document" "assume_role_policy" {
   statement {
-    effect = "Allow"
-
+    effect  = "Allow"
     actions = ["sts:AssumeRoleWithWebIdentity"]
 
     principals {
@@ -19,24 +18,10 @@ data "aws_iam_policy_document" "assume_role_policy" {
       values   = ["sts.amazonaws.com"]
     }
 
-    dynamic "condition" {
-      for_each = length(var.repo_owners) > 0 ? [1] : [] 
-
-      content {
-        test     = "StringEquals"
-        variable = "token.actions.githubusercontent.com:repository_owner"
-        values   = var.repo_owners
-      }
-    }
-
-    dynamic "condition" {
-      for_each = length(var.sub) > 0 ? [1] : [] 
-
-      content {
+    condition {
         test     = "StringLike"
         variable = "token.actions.githubusercontent.com:sub"
-        values   = var.sub
-      }
+        values   = var.sub      
     }
   }
 }
diff --git a/github-oidc-iam-role/variables.tf b/github-oidc-iam-role/variables.tf
@@ -22,15 +22,9 @@ variable "policy_arns" {
   default     = [] 
 }
 
-variable "repo_owners" {
-  type        = set(string)
-  description = "Set of repo owners for the assume role policy"
-  default     = []
-}
-
 variable "sub" {
   type        = set(string)
-  description = "The sub pattern for the assume role policy (e.g. org/repo:ref:refs/heads/master)"
+  description = "The sub pattern for the assume role policy"
   default     = []
 }
 
diff --git a/github-oidc-provider/README.md b/github-oidc-provider/README.md
@@ -10,7 +10,7 @@ See `variables.tf` for the full argument reference.
 
 ```hcl
 module "oidc_github_provider" {
-  source      = "github.com/script47/aws-tf-modules/oidc-github-provider"
+  source      = "github.com/script47/aws-tf-modules/github-oidc-provider"
 
   thumbprints = []
 
