NOJIRA Update auto ops trust policy for automation test repo (#831)

dlzhry2nhs · web-flow · commit 60d729d65394 · 2025-09-18T12:32:01.000+01:00
diff --git a/infra/iam.tf b/infra/iam.tf
@@ -69,10 +69,13 @@ resource "aws_iam_role" "auto_ops" {
         Action = "sts:AssumeRoleWithWebIdentity",
         Condition = {
           StringEquals = {
-            "token.actions.githubusercontent.com:aud" : "sts.amazonaws.com"
+            "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
           },
           StringLike = {
-            "token.actions.githubusercontent.com:sub" : "repo:NHSDigital/immunisation-fhir-api:*"
+            "token.actions.githubusercontent.com:sub": var.environment != "prod" ? [
+              "repo:NHSDigital/immunisation-fhir-api:*",
+              "repo:NHSDigital/imms_fhir_api_automation:*"
+            ] : ["repo:NHSDigital/immunisation-fhir-api:*"]
           }
         }
       }

Original file line number	Diff line number	Diff line change
`@@ -69,10 +69,13 @@ resource "aws_iam_role" "auto_ops" {`
`69`	`69`	`Action = "sts:AssumeRoleWithWebIdentity",`
`70`	`70`	`Condition = {`
`71`	`71`	`StringEquals = {`
`72`		`- "token.actions.githubusercontent.com:aud" : "sts.amazonaws.com"`
	`72`	`+ "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"`
`73`	`73`	`},`
`74`	`74`	`StringLike = {`
`75`		`- "token.actions.githubusercontent.com:sub" : "repo:NHSDigital/immunisation-fhir-api:*"`
	`75`	`+ "token.actions.githubusercontent.com:sub": var.environment != "prod" ? [`
	`76`	`+ "repo:NHSDigital/immunisation-fhir-api:*",`
	`77`	`+ "repo:NHSDigital/imms_fhir_api_automation:*"`
	`78`	`+ ] : ["repo:NHSDigital/immunisation-fhir-api:*"]`
`76`	`79`	`}`
`77`	`80`	`}`
`78`	`81`	`}`