added prod condition & github actions roles updated

Karthikeyannhs · Karthikeyannhs · commit b74cf5fd7239 · 2025-08-20T17:37:23.000+01:00
diff --git a/infrastructure/modules/lambda/lambda.tf b/infrastructure/modules/lambda/lambda.tf
@@ -47,6 +47,7 @@ resource "aws_lambda_function" "eligibility_signposting_lambda" {
 
 # lambda alias required for provisioning concurrency
 resource "aws_lambda_alias" "campaign_alias" {
+  count            = var.environment == "prod" ? 1 : 0
   name             = "live"
   function_name    = coalesce(
     aws_lambda_function.eligibility_signposting_lambda.function_name,
@@ -62,6 +63,6 @@ resource "aws_lambda_alias" "campaign_alias" {
 resource "aws_lambda_provisioned_concurrency_config" "campaign_pc" {
   count                             = var.environment == "prod" ? 1 : 0
   function_name                     = aws_lambda_function.eligibility_signposting_lambda.function_name
-  qualifier                         = aws_lambda_alias.campaign_alias.name
+  qualifier                         = aws_lambda_alias.campaign_alias[0].name
   provisioned_concurrent_executions = var.provisioned_concurrency_count
 }
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -443,8 +443,8 @@ resource "aws_iam_policy" "iam_management" {
 # Assume role policy document for GitHub Actions
 data "aws_iam_policy_document" "github_actions_assume_role" {
   statement {
-    sid    = "OidcAssumeRoleWithWebIdentity"
-    effect = "Allow"
+    sid     = "OidcAssumeRoleWithWebIdentity"
+    effect  = "Allow"
     actions = ["sts:AssumeRoleWithWebIdentity"]
 
     principals {
@@ -457,13 +457,13 @@ data "aws_iam_policy_document" "github_actions_assume_role" {
     condition {
       test     = "StringLike"
       variable = "token.actions.githubusercontent.com:sub"
-      values = ["repo:${var.github_org}/${var.github_repo}:*"]
+      values   = ["repo:${var.github_org}/${var.github_repo}:*"]
     }
 
     condition {
       test     = "StringEquals"
       variable = "token.actions.githubusercontent.com:aud"
-      values = ["sts.amazonaws.com"]
+      values   = ["sts.amazonaws.com"]
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -443,8 +443,8 @@ resource "aws_iam_policy" "iam_management" {`
`443`	`443`	`# Assume role policy document for GitHub Actions`
`444`	`444`	`data "aws_iam_policy_document" "github_actions_assume_role" {`
`445`	`445`	`statement {`
`446`		`- sid = "OidcAssumeRoleWithWebIdentity"`
`447`		`- effect = "Allow"`
	`446`	`+ sid = "OidcAssumeRoleWithWebIdentity"`
	`447`	`+ effect = "Allow"`
`448`	`448`	`actions = ["sts:AssumeRoleWithWebIdentity"]`
`449`	`449`
`450`	`450`	`principals {`
`@@ -457,13 +457,13 @@ data "aws_iam_policy_document" "github_actions_assume_role" {`
`457`	`457`	`condition {`
`458`	`458`	`test = "StringLike"`
`459`	`459`	`variable = "token.actions.githubusercontent.com:sub"`
`460`		`- values = ["repo:${var.github_org}/${var.github_repo}:*"]`
	`460`	`+ values = ["repo:${var.github_org}/${var.github_repo}:*"]`
`461`	`461`	`}`
`462`	`462`
`463`	`463`	`condition {`
`464`	`464`	`test = "StringEquals"`
`465`	`465`	`variable = "token.actions.githubusercontent.com:aud"`
`466`		`- values = ["sts.amazonaws.com"]`
	`466`	`+ values = ["sts.amazonaws.com"]`
`467`	`467`	`}`
`468`	`468`	`}`
`469`	`469`	`}`