Hardcode region

Author: dylanratcliffe

.terraform.lock.hcl

@@ -150,8 +150,8 @@ module "cloudfront" {
     response_code      = 404
     response_page_path = "/errors/404.html"
     }, {
-    error_code         = 404
-    response_code      = 404
+    error_code         = 403
+    response_code      = 403
     response_page_path = "/errors/403.html"
   }]
 

modules/scenarios/loom.tf

@@ -1,7 +1,9 @@
 # This file contains resources that allow terraform running on GitHub Actions
 # see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services for details
 
-provider "aws" {}
+provider "aws" {
+  region = "eu-west-2"
+}
 
 # Disable this temporarily during bootstrapping and use `terraform init
 # -migrate-state` to migrate the local state into S3 after all resources have
@@ -127,6 +129,19 @@ resource "aws_iam_role" "deploy_role" {
             "login.app.env0.com/:sub" = "auth0|691b8530eba074a8989d8726"
           }
         }
+      },
+      {
+        Sid    = "AllowSpacelift",
+        Effect = "Allow",
+        Principal = {
+          AWS = "324880187172"
+        },
+        Action = ["sts:AssumeRole"],
+        Condition = {
+          StringLike = {
+            "sts:ExternalId" = "overmind-demo@*"
+          }
+        }
       }
       ]) : tolist([
       {