sts_domain -> audience

Author: unfunco

data.tf

@@ -33,9 +33,9 @@ data "aws_iam_policy_document" "assume_role" {
     condition {
       test = "StringEquals"
       values = var.additional_audiences != null ? concat(
-        [format("sts.%v", local.dns_suffix)],
+        [local.audience],
         var.additional_audiences,
-      ) : [format("sts.%v", local.dns_suffix)]
+      ) : [local.audience]
       variable = "token.actions.githubusercontent.com:aud"
     }
 

main.tf

@@ -13,13 +13,13 @@
 // limitations under the License.
 
 locals {
+  audience = format("sts.%v", local.dns_suffix)
   github_organizations = toset([
     for repo in var.github_repositories : split("/", repo)[0]
   ])
   dns_suffix        = data.aws_partition.current.dns_suffix
   oidc_provider_arn = var.enabled ? (var.create_oidc_provider ? aws_iam_openid_connect_provider.github[0].arn : data.aws_iam_openid_connect_provider.github[0].arn) : ""
   partition         = data.aws_partition.current.partition
-  sts_domain        = format("sts.%v", local.dns_suffix)
 }
 
 resource "aws_iam_role" "github" {
@@ -69,7 +69,7 @@ resource "aws_iam_openid_connect_provider" "github" {
 
   client_id_list = concat(
     [for org in local.github_organizations : "https://github.com/${org}"],
-    [local.sts_domain],
+    [local.audience],
   )
 
   tags = var.tags