sync with account purge

Author: ale210

terraform/aws-users.tf

@@ -1,14 +1,3 @@
-// Create user and assign to group(s)
-module "iam_user_JimmyJuarez10" {
-  source = "./modules/aws-users"
-
-  user_name = "JimmyJuarez10"
-  user_tags = {
-    "Project" = "civic-tech-jobs"
-  }
-  user_groups = ["read-only-group"]
-}
-
 module "iam_user_tylerthome" {
   source = "./modules/aws-users"
 
@@ -20,82 +9,6 @@ module "iam_user_tylerthome" {
   user_groups = ["read-only-group"]
 }
 
-module "iam_user_brittanyms" {
-  source = "./modules/aws-users"
-
-  user_name = "brittanyms"
-  user_tags = {
-    "Project"      = "devops-security"
-    "Access Level" = "1"
-  }
-  user_groups = ["read-only-group"]
-}
-
-module "iam_user_freaky4wrld" {
-  source = "./modules/aws-users"
-
-  user_name = "freaky4wrld"
-  user_tags = {
-    "Project"      = "devops-security"
-    "Access Level" = "1"
-  }
-  user_groups = ["read-only-group"]
-}
-
-module "iam_user_shikha0428" {
-  source = "./modules/aws-users"
-
-  user_name = "shikha0428"
-  user_tags = {
-    "Project"      = "devops-security"
-    "Access Level" = "1"
-  }
-  user_groups = ["read-only-group"]
-}
-
-module "iam_user_shinjonathan" {
-  source = "./modules/aws-users"
-
-  user_name = "shinjonathan"
-  user_tags = {
-    "Project"      = "devops-security"
-    "Access Level" = "1"
-  }
-  user_groups = ["read-only-group"]
-}
-
-module "iam_user_samuelusc" {
-  source = "./modules/aws-users"
-
-  user_name = "samuelusc"
-  user_tags = {
-    "Project"      = "devops-security"
-    "Access Level" = "1"
-  }
-  user_groups = ["read-only-group"]
-}
-
-module "iam_user_abbyz123" {
-  source = "./modules/aws-users"
-
-  user_name = "abbyz123"
-  user_tags = {
-    "Project"      = "devops-security"
-    "Access Level" = "1"
-  }
-  user_groups = ["read-only-group"]
-}
-
-module "iam_user_awlFCCamp" {
-  source = "./modules/aws-users"
-
-  user_name = "awlFCCamp"
-  user_tags = {
-    "Project"      = "devops-security"
-    "Access Level" = "1"
-  }
-  user_groups = ["read-only-group"]
-}
 
 module "iam_user_testiamuser" {
   source = "./modules/aws-users"
@@ -119,27 +32,6 @@ module "iam_user_chelseyb" {
   user_groups = ["read-only-group", "iam-services-supervisor-group"]
 }
 
-module "iam_user_jbubar" {
-  source = "./modules/aws-users"
-
-  user_name = "jbubar"
-  user_tags = {
-    "Project"      = "vrms"
-    "Access Level" = "1"
-  }
-  user_groups = ["read-only-group"]
-}
-
-module "iam_user_spiteless" {
-  source = "./modules/aws-users"
-
-  user_name = "spiteless"
-  user_tags = {
-    "Project"      = "vrms"
-    "Access Level" = "1"
-  }
-  user_groups = ["read-only-group"]
-}
 
 module "iam_user_alexe" {
   source = "./modules/aws-users"
@@ -185,17 +77,6 @@ module "iam_user_drakeredwind01" {
   user_groups = ["read-only-group"]
 }
 
-module "iam_user_lsousadev" {
-  source = "./modules/aws-users"
-
-  user_name = "lsousadev"
-  user_tags = {
-    "Project"      = "devops-security"
-    "Access Level" = "1"
-  }
-  user_groups = ["read-only-group"]
-}
-
 module "iam_user_srinipandiyan" {
   source = "./modules/aws-users"
 

terraform/modules/aws-gha-oidc-providers/main.tf

@@ -61,18 +61,13 @@ resource "aws_iam_role" "github_actions_oidc" {
         "Federated" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_github_idp}"
       },
       "Action" : "sts:AssumeRoleWithWebIdentity",
-      "Condition" : var.use_wildcard ? {
+      "Condition" : {
         "StringLike" : {
-          "token.actions.githubusercontent.com:sub" : local.oidc_gha_sub
+          "token.actions.githubusercontent.com:sub" : [local.oidc_gha_sub, "repo:${var.github_repo}:pull_request"]
         },
         "StringEquals" : {
           "token.actions.githubusercontent.com:aud" : local.oidc_aws_audience,
         }
-        } : {
-        "StringEquals" : {
-          "token.actions.githubusercontent.com:aud" : local.oidc_aws_audience,
-          "token.actions.githubusercontent.com:sub" : local.oidc_gha_sub
-        }
       }
     }]
   })