Improve description of GitHub OIDC claims variable

br3ndonland · br3ndonland · commit bb0d0baf0269 · 2025-11-02T18:27:40.000-05:00
diff --git a/variables.tf b/variables.tf
@@ -30,7 +30,13 @@ variable "aws_iam_role_separator" {
 }
 
 variable "github_custom_claim" {
-  description = "Custom OIDC claim for more specific access scope within a repository"
+  description = <<-DESCRIPTION
+    Custom OIDC claim for more specific access scope within the repository.
+    The claim will be appended to the repo name, like "repo:repo-owner/repo-name:$${var.github_custom_claim}".
+    For more details on what can be specified in this claim, see the
+    [OIDC reference docs](https://docs.github.com/en/actions/reference/security/oidc) and
+    [OIDC how-to for AWS](https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-aws).
+  DESCRIPTION
   type        = string
   default     = "*"
 }

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,13 @@ variable "aws_iam_role_separator" {`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`variable "github_custom_claim" {`
`33`		`- description = "Custom OIDC claim for more specific access scope within a repository"`
	`33`	`+ description = <<-DESCRIPTION`
	`34`	`+ Custom OIDC claim for more specific access scope within the repository.`
	`35`	`+ The claim will be appended to the repo name, like "repo:repo-owner/repo-name:$${var.github_custom_claim}".`
	`36`	`+ For more details on what can be specified in this claim, see the`
	`37`	`+ [OIDC reference docs](https://docs.github.com/en/actions/reference/security/oidc) and`
	`38`	`+ [OIDC how-to for AWS](https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-aws).`
	`39`	`+ DESCRIPTION`
`34`	`40`	`type = string`
`35`	`41`	`default = "*"`
`36`	`42`	`}`