Add an option to customise client_id_list input variable to define audiences for OIDC provider

[lisfo4ka]

Is your request related to a new offering from AWS?

No

Is your request related to a problem? Please describe.

We've met an issue to define client_id_list in the aws_iam_openid_connect_provider with our custom values since there is a hardcode in a module that set the audience of the OIDC Provider to the Global region endpoint only.
This issue completely blocks us from enabling IRSA usage for our customer.

resource "aws_iam_openid_connect_provider" "oidc_provider" {
...
  client_id_list  = [local.sts_principal]
...
} 

locals {
...
  sts_principal = "sts.${data.aws_partition.current.dns_suffix}"
...
}

Describe the solution you'd like.

I propose to add an option to extend the client_id_list default value with a custom list of client ids.
client_id_list = distinct(compact(concat([local.sts_principal], var.client_id_list)))

Describe alternatives you've considered.

As an alternative solution, the client_id_list can be fully redefined with the input variable.
client_id_list = var.client_id_list

Additional context

More details on OIDC Provider configuration:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html

[antonbabenko]

Duplicate of #1451, will be fixed by #1145 pretty soon (today).

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.