diff --git a/.forgejo/workflows/main.yaml b/.forgejo/workflows/main.yaml
deleted file mode 100644
index 2e4bd1f..0000000
--- a/.forgejo/workflows/main.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-name: 'main'
-
-on:
-  push:
-  workflow_dispatch:
-
-jobs:
-  test:
-    runs-on: 'self-hosted'
-    steps:
-      - uses: 'actions/checkout@v4'
-      - uses: "https://git.adyxax.org/adyxax/action-tofu-aws-test@1.0.0"
-        with:
-          aws-access-key-id: "${{ vars.AWS_ACCESS_KEY_ID }}"
-          aws-access-key-secret: "${{ secrets.AWS_ACCESS_KEY_SECRET }}"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f1b43c3..d511684 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,14 +2,8 @@
 
 All notable changes to this project will be documented in this file.
 
-## 1.1.0 - 2025-04-12
-
-### Added
-
-- Added default value `[]` to input variable `assume_role_account_names`.
-
 ## 1.0.0 - 2025-04-11
 
 ### Added
 
-- Initial import.
+- initial import
diff --git a/infrastructure/tofu/.gitignore b/infrastructure/tofu/.gitignore
deleted file mode 100644
index a8c8222..0000000
--- a/infrastructure/tofu/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-!.terraform.lock.hcl
diff --git a/infrastructure/tofu/.terraform.lock.hcl b/infrastructure/tofu/.terraform.lock.hcl
deleted file mode 100644
index 9ee3c83..0000000
--- a/infrastructure/tofu/.terraform.lock.hcl
+++ /dev/null
@@ -1,21 +0,0 @@
-# This file is maintained automatically by "tofu init".
-# Manual edits may be lost in future updates.
-
-provider "registry.opentofu.org/hashicorp/aws" {
-  version     = "5.91.0"
-  constraints = "5.91.0"
-  hashes = [
-    "h1:g+uDHz6bZ36QaxoKWmJEYGh7OP5RAE5MPbxLohzcU18=",
-    "h1:qw1Sp5py+7rRwzHgHNJvgYTeTkBnPHY7WercO1BsOh0=",
-    "zh:057e6cb85e3efe2c30ef5ca47cc47abc8217e2e0dddce2e92a8d2d6f18b6cee6",
-    "zh:0f15d3f599e07307ac9771c602dcaaf0c46dd259649da985cb3cb80a7a647cea",
-    "zh:187086070cc878ab0a27163939516983e3efae65ebff78dc3466619cdf978dee",
-    "zh:67a58fc85c630bcc6c772f573813caabe6c9af291c71c7207590fc4792e4d94e",
-    "zh:68abb9382928ce29c0f3dd9a75b41ad2a453f3a46330f484d1ea858589146c1b",
-    "zh:772134ba713e879e5b70d614d08a6650f156e7a3fa724d538bfa85632b1ed639",
-    "zh:bf67439e47cf6720dcec7a1e2988d6c10c56d7eea69bb1ecff1b22d6bb63a36d",
-    "zh:bfd0b91dc4ae338eb79ec41bede5eed7a0740380bffbdfbda362f7ed08e0e2ad",
-    "zh:ca3c3313cd4971850da45ce4337b027a804389db740c310ba637bc0a86775eef",
-    "zh:d75a8ec54a4783c25cb806b887f0d3c67cded08db8c496fd9cf831791e4c8482",
-  ]
-}
diff --git a/infrastructure/tofu/main.tf b/infrastructure/tofu/main.tf
deleted file mode 100644
index ced2b09..0000000
--- a/infrastructure/tofu/main.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-locals {
-  name = "tofu-module-aws-iam-user"
-}
-
-module "aws_iam_ci_user" {
-  providers = {
-    aws.core  = aws.all["core"]
-    aws.root  = aws.all["root"]
-    aws.tests = aws.all["tests"]
-  }
-  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.1"
-
-  name = local.name
-  tests_policy_statements = jsonencode([
-    {
-      Action = "iam:*"
-      Effect = "Allow"
-      Resource = [
-        "arn:aws:iam::*:user/tftest-user",
-        "arn:aws:iam::*:policy/${local.name}-tftest",
-      ]
-    },
-    {
-      # Necessary for removing an IAM user
-      Action   = "iam:ListVirtualMFADevices",
-      Effect   = "Allow"
-      Resource = "*"
-    }
-  ])
-}
diff --git a/infrastructure/tofu/providers.tf b/infrastructure/tofu/providers.tf
deleted file mode 100644
index 8b42979..0000000
--- a/infrastructure/tofu/providers.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-terraform {
-  backend "s3" {
-    bucket         = "adyxax-tofu-states"
-    dynamodb_table = "tofu-states"
-    key            = "repositories/${local.name}"
-    profile        = "core"
-    region         = "eu-west-3"
-  }
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "5.91.0"
-    }
-  }
-}
-
-provider "aws" {
-  for_each = toset(["core", "root", "tests"])
-
-  alias = "all"
-  default_tags { tags = { "managed-by" = "tofu" } }
-  profile = each.key
-  region  = "eu-west-3"
-}
diff --git a/main.tf b/main.tf
index 0c0989a..f46bfb4 100644
--- a/main.tf
+++ b/main.tf
@@ -1,10 +1,9 @@
 data "aws_organizations_organization" "main" {}
 
 locals {
-  aws_account_ids = length(var.assume_role_account_names) > 0 ? {
-    for info in data.aws_organizations_organization.main.accounts :
+  aws_account_ids = { for info in data.aws_organizations_organization.main.accounts :
     info.name => info.id
-  } : {}
+  }
 }
 
 resource "aws_iam_user" "main" {
@@ -15,47 +14,43 @@ resource "aws_iam_user" "main" {
 resource "aws_iam_user_policy" "main" {
   name = var.name
   policy = jsonencode({
-    Statement = concat(
-      length(var.assume_role_account_names) > 0 ? [
-        { # Assume roles in AWS sub-accounts
-          Action = "sts:AssumeRole"
-          Effect = "Allow"
-          Resource = [for name in var.assume_role_account_names :
-            format(
-              "arn:aws:iam::%s:role/%s",
-              local.aws_account_ids[name],
-              var.name,
-            )
-          ]
-        }
-      ] : [],
-      [
-        {
-          Action = [
-            # Manage the user's own IAM access key
-            "iam:CreateAccessKey",
-            "iam:DeleteAccessKey",
-            "iam:UpdateAccessKey",
-            # Read only access to the user's IAM object
-            "iam:Get*",
-            "iam:List*",
-          ]
-          Effect   = "Allow"
-          Resource = aws_iam_user.main.arn
-        },
-        {
-          Action = [
-            # Necessary for removing an IAM user
-            "iam:ListVirtualMFADevices",
-            # Describe and list the organization accounts
-            "organizations:DescribeOrganization",
-            "organizations:List*",
-          ]
-          Effect   = "Allow"
-          Resource = "*"
-        },
-      ]
-    )
+    Statement = concat([
+      { # Assume roles in AWS sub-accounts
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Resource = [for name in var.assume_role_account_names :
+          format(
+            "arn:aws:iam::%s:role/%s",
+            local.aws_account_ids[name],
+            var.name,
+          )
+        ]
+      },
+      {
+        Action = [
+          # Manage the user's own IAM access key
+          "iam:CreateAccessKey",
+          "iam:DeleteAccessKey",
+          "iam:UpdateAccessKey",
+          # Read only access to the user's IAM object
+          "iam:Get*",
+          "iam:List*",
+        ]
+        Effect   = "Allow"
+        Resource = aws_iam_user.main.arn
+      },
+      {
+        Action = [
+          # Necessary for removing an IAM user
+          "iam:ListVirtualMFADevices",
+          # Describe and list the organization accounts
+          "organizations:DescribeOrganization",
+          "organizations:List*",
+        ]
+        Effect   = "Allow"
+        Resource = "*"
+      },
+    ])
     Version = "2012-10-17"
   })
   user = aws_iam_user.main.name
diff --git a/main.tftest.hcl b/main.tftest.hcl
deleted file mode 100644
index 90ccb91..0000000
--- a/main.tftest.hcl
+++ /dev/null
@@ -1,14 +0,0 @@
-provider "aws" {
-  profile = "tests"
-  region  = "eu-west-3"
-}
-
-run "main" {
-  assert {
-    condition     = data.external.main.result.Arn == local.expected_arn
-    error_message = "user ARN mismatch"
-  }
-  module {
-    source = "./test"
-  }
-}
diff --git a/test/aws_config.tftpl b/test/aws_config.tftpl
deleted file mode 100644
index a5470b2..0000000
--- a/test/aws_config.tftpl
+++ /dev/null
@@ -1,4 +0,0 @@
-[default]
-aws_access_key_id = ${aws_access_key_id}
-aws_secret_access_key = ${aws_access_key_secret}
-region = eu-west-3
diff --git a/test/main.tf b/test/main.tf
deleted file mode 100644
index 450636a..0000000
--- a/test/main.tf
+++ /dev/null
@@ -1,31 +0,0 @@
-module "main" {
-  source = "../"
-
-  name = "tftest-user"
-}
-
-data "aws_caller_identity" "current" {}
-
-# tflint-ignore: terraform_unused_declarations
-data "external" "main" {
-  program = ["${path.module}/test.sh"]
-
-  depends_on = [local_file.aws_config]
-}
-
-locals {
-  # tflint-ignore: terraform_unused_declarations
-  expected_arn = format(
-    "arn:aws:iam::%s:user/tftest-user",
-    data.aws_caller_identity.current.account_id,
-  )
-}
-
-resource "local_file" "aws_config" {
-  filename        = "${path.module}/aws_config"
-  file_permission = "0600"
-  content = templatefile("${path.module}/aws_config.tftpl", {
-    aws_access_key_id     = module.main.access_key_id
-    aws_access_key_secret = module.main.access_key_secret
-  })
-}
diff --git a/test/providers.tf b/test/providers.tf
deleted file mode 100644
index 7886647..0000000
--- a/test/providers.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-terraform {
-  required_providers {
-    aws = {
-      source = "hashicorp/aws"
-    }
-    external = {
-      source  = "hashicorp/external"
-      version = "2.3.4"
-    }
-    local = {
-      source  = "hashicorp/local"
-      version = "2.5.2"
-    }
-  }
-}
diff --git a/test/test.sh b/test/test.sh
deleted file mode 100755
index 325fcd2..0000000
--- a/test/test.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# Wait a bit for the ACCESS KEY to be usable on AWS
-sleep 10
-
-export AWS_CONFIG_FILE="${PWD}/test/aws_config"
-aws sts get-caller-identity
diff --git a/variables.tf b/variables.tf
index 3c00266..aed2f86 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,5 +1,4 @@
 variable "assume_role_account_names" {
-  default     = []
   description = "The names of the AWS sub-accounts this IAM user can assume roles in."
   nullable    = false
   type        = list(string)