From a902df102cf14ef3f56e9745c2da68b07012e08d Mon Sep 17 00:00:00 2001
From: David Elliott <david.elliott@digital.justice.gov.uk>
Date: Thu, 12 Oct 2023 09:21:42 +0100
Subject: [PATCH] Fix incorrect subject claim for OIDC

---
 organisation-security/terraform/iam.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/organisation-security/terraform/iam.tf b/organisation-security/terraform/iam.tf
index fb3d92b3..39b418dd 100644
--- a/organisation-security/terraform/iam.tf
+++ b/organisation-security/terraform/iam.tf
@@ -32,11 +32,11 @@ module "github_actions_apply_role" {
 
   source = "github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=9d9a2d23cf569348cbdb665c979fcbaed76bb2f4" # v3.1.0
 
-  github_repositories = ["ministryofjustice/aws-root-account:ref:refs/heads/main"]
+  github_repositories = ["ministryofjustice/aws-root-account"]
   role_name           = "github-actions-apply"
   policy_arns         = ["arn:aws:iam::aws:policy/AdministratorAccess"]
   policy_jsons        = [data.aws_iam_policy_document.oidc_assume_role_apply.json]
-  subject_claim       = "pull_request"
+  subject_claim       = "ref:refs/heads/main"
   tags                = { "Name" = "GitHub Actions Apply" }
 
 }