From 2f4a563f9ee78c51d1238eadc260c4023f6b8b71 Mon Sep 17 00:00:00 2001
From: Evert Daniel Romero Garrido <evert.romero@computocontable.com>
Date: Thu, 16 Apr 2026 21:54:55 +0000
Subject: [PATCH] fix(terraform): corregir OIDC audience para Bitbucket Cloud

Bitbucket Cloud genera tokens JWT con audience fijo:
ari:cloud:bitbucket::workspace/465016f8-d6fb-4ecb-ba6f-2248e938942b

El archivo oidc-bitbucket.tf solo aceptaba sts.amazonaws.com,
lo que causaba InvalidIdentityToken en cada terraform apply.
Ahora el OIDC provider y el rol IAM aceptan ambos audiences
mediante ForAnyValue:StringEquals.
---
 terraform/oidc-bitbucket.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/oidc-bitbucket.tf b/terraform/oidc-bitbucket.tf
index 3fd335a..66bc4da 100644
--- a/terraform/oidc-bitbucket.tf
+++ b/terraform/oidc-bitbucket.tf
@@ -121,4 +121,4 @@ resource "aws_iam_role_policy_attachment" "bitbucket_ci_cd_admin" {
 #   role = aws_iam_role.bitbucket_ci_cd.id
 #
 #   policy = file("${path.module}/../docs/iam-policy-ci-cd-proyectosacc.json")
-# }
+# }
\ No newline at end of file