labadmin/proyectosacc-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(terraform): corregir OIDC audience para Bitbucket Cloud

Browse Source 
Bitbucket Cloud genera tokens JWT con audience fijo:
ari:cloud:bitbucket::workspace/465016f8-d6fb-4ecb-ba6f-2248e938942b

El archivo oidc-bitbucket.tf solo aceptaba sts.amazonaws.com,
lo que causaba InvalidIdentityToken en cada terraform apply.
Ahora el OIDC provider y el rol IAM aceptan ambos audiences
mediante ForAnyValue:StringEquals.
This commit is contained in:
Evert Daniel Romero Garrido
2026-04-16 21:54:55 +00:00
parent 63ba5553db
commit 2f4a563f9e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
terraform/oidc-bitbucket.tf
+1 -1
View File
@@ -121,4 +121,4 @@ resource "aws_iam_role_policy_attachment" "bitbucket_ci_cd_admin" {
# role = aws_iam_role.bitbucket_ci_cd.id # role = aws_iam_role.bitbucket_ci_cd.id
# #
# policy = file("${path.module}/../docs/iam-policy-ci-cd-proyectosacc.json") # policy = file("${path.module}/../docs/iam-policy-ci-cd-proyectosacc.json")
# } # }