From beffb77d37f04957727261cc92dd11fb7db865b8 Mon Sep 17 00:00:00 2001
From: ThibaultLengagne <thibaultl@padok.fr>
Date: Thu, 18 Apr 2024 18:09:19 +0200
Subject: [PATCH] fix: typo in GA file

Signed-off-by: ThibaultLengagne <thibaultl@padok.fr>
---
 .github/workflows/demo.yml   | 2 +-
 terraform/layers/main/iam.tf | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml
index 9edb697..c904518 100644
--- a/.github/workflows/demo.yml
+++ b/.github/workflows/demo.yml
@@ -7,7 +7,7 @@ on:
 
 permissions:
   id-token: write
-  content: read
+  contents: read
 
 env:
   AWS_REGION : "eu-west-3"
diff --git a/terraform/layers/main/iam.tf b/terraform/layers/main/iam.tf
index 02ceaee..19928c7 100644
--- a/terraform/layers/main/iam.tf
+++ b/terraform/layers/main/iam.tf
@@ -39,10 +39,8 @@ resource "aws_iam_role" "github" {
                 },
                 "Action": "sts:AssumeRoleWithWebIdentity",
                 "Condition": {
-                    "StringLike": {
-                        "token.actions.githubusercontent.com:sub": "repo:padok-team/demo-github-actions-oidc:*"
-                    },
                     "StringEquals": {
+                        "token.actions.githubusercontent.com:sub": "repo:padok-team/demo-github-actions-oidc:ref:refs/heads/main",
                         "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
                     }
                 }