fix: change order of policy conditions to pass check

ministryofjustice · Jan 31, 2025 · 2805c99 · 2805c99
1 parent 36a010f
commit 2805c99
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/terraform/aws/analytical-platform-data-production/tooling-iam/datahub-iam.tf b/terraform/aws/analytical-platform-data-production/tooling-iam/datahub-iam.tf
@@ -99,16 +99,16 @@ data "aws_iam_policy_document" "datahub_ingestion_github_actions" {
       type        = "Federated"
       identifiers = ["arn:aws:iam::${var.account_ids["analytical-platform-data-production"]}:oidc-provider/token.actions.githubusercontent.com"]
     }
-    condition {
-      test     = "StringEquals"
-      values   = ["sts.amazonaws.com"]
-      variable = "token.actions.githubusercontent.com:aud"
-    }
     condition {
       test     = "StringLike"
       values   = ["repo:ministryofjustice/data-catalogue:*"]
       variable = "token.actions.githubusercontent.com:sub"
     }
+    condition {
+      test     = "StringEquals"
+      values   = ["sts.amazonaws.com"]
+      variable = "token.actions.githubusercontent.com:aud"
+    }
   }
 }