From 2805c99a418b042719257b44c72a854d3c123c67 Mon Sep 17 00:00:00 2001
From: LavMatt <matthew.laverty@justice.gov.uk>
Date: Fri, 31 Jan 2025 14:04:45 +0000
Subject: [PATCH] fix: change order of policy conditions to pass check

---
 .../tooling-iam/datahub-iam.tf                         | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/terraform/aws/analytical-platform-data-production/tooling-iam/datahub-iam.tf b/terraform/aws/analytical-platform-data-production/tooling-iam/datahub-iam.tf
index ddaa4c0459..9e0d54c648 100644
--- a/terraform/aws/analytical-platform-data-production/tooling-iam/datahub-iam.tf
+++ b/terraform/aws/analytical-platform-data-production/tooling-iam/datahub-iam.tf
@@ -99,16 +99,16 @@ data "aws_iam_policy_document" "datahub_ingestion_github_actions" {
       type        = "Federated"
       identifiers = ["arn:aws:iam::${var.account_ids["analytical-platform-data-production"]}:oidc-provider/token.actions.githubusercontent.com"]
     }
-    condition {
-      test     = "StringEquals"
-      values   = ["sts.amazonaws.com"]
-      variable = "token.actions.githubusercontent.com:aud"
-    }
     condition {
       test     = "StringLike"
       values   = ["repo:ministryofjustice/data-catalogue:*"]
       variable = "token.actions.githubusercontent.com:sub"
     }
+    condition {
+      test     = "StringEquals"
+      values   = ["sts.amazonaws.com"]
+      variable = "token.actions.githubusercontent.com:aud"
+    }
   }
 }