From eb54320d07721e441455c07a17ecc56578c487fa Mon Sep 17 00:00:00 2001
From: Julien Dessaux <julien.dessaux@adyxax.org>
Date: Sat, 12 Apr 2025 08:18:05 +0200
Subject: [PATCH 1/3] chore(infrastructure): upgrade
 tofu-module-aws-iam-ci-user to 1.0.1

---
 infrastructure/tofu/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/tofu/main.tf b/infrastructure/tofu/main.tf
index 37037f8..8b5d943 100644
--- a/infrastructure/tofu/main.tf
+++ b/infrastructure/tofu/main.tf
@@ -8,7 +8,7 @@ module "aws_iam_ci_user" {
     aws.root  = aws.all["root"]
     aws.tests = aws.all["tests"]
   }
-  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.0"
+  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.1"
 
   name = local.name
   tests_policy_statements = jsonencode([{

From 3be1738e040a1b3b472f62985c37e2125de037a9 Mon Sep 17 00:00:00 2001
From: Julien Dessaux <julien.dessaux@adyxax.org>
Date: Sat, 12 Apr 2025 08:29:44 +0200
Subject: [PATCH 2/3] chore(infrastructure): rename test role to avoid
 collision with tofu-module-aws-iam-ci-user

---
 infrastructure/tofu/main.tf | 2 +-
 main.tftest.hcl             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/tofu/main.tf b/infrastructure/tofu/main.tf
index 8b5d943..0d11105 100644
--- a/infrastructure/tofu/main.tf
+++ b/infrastructure/tofu/main.tf
@@ -14,6 +14,6 @@ module "aws_iam_ci_user" {
   tests_policy_statements = jsonencode([{
     Action   = "iam:*"
     Effect   = "Allow"
-    Resource = "arn:aws:iam::*:role/tftest",
+    Resource = "arn:aws:iam::*:role/tftest-role",
   }])
 }
diff --git a/main.tftest.hcl b/main.tftest.hcl
index c21db0b..68f4c3b 100644
--- a/main.tftest.hcl
+++ b/main.tftest.hcl
@@ -11,5 +11,5 @@ run "main" {
 }
 
 variables {
-  name = "tftest"
+  name = "tftest-role"
 }

From d9848c574efcd291ac840d372748a520e8fb6027 Mon Sep 17 00:00:00 2001
From: Julien Dessaux <julien.dessaux@adyxax.org>
Date: Fri, 25 Apr 2025 14:05:30 +0200
Subject: [PATCH 3/3] doc(module): document assume role policy behavior

---
 README.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e7ca711..bfc8605 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ continuous integration tasks on AWS.
 module "aws_iam_role" {
   source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.1.0"
 
-  name            = local.name
+  name              = local.name
   policy_statements = jsonencode([
     {
       Action   = "acm:*"
@@ -24,6 +24,11 @@ module "aws_iam_role" {
 }
 ```
 
+## Assume role policy
+
+This role is designed to be used with AWS Identity Center and provisions a trust
+relationship to the root organization account.
+
 ## Policies
 
 The IAM role is granted the following permissions on the AWS account: