From 4b64910e06af813af86206989d355ae014b5d2d0 Mon Sep 17 00:00:00 2001
From: Ben Eggers <ben@beneggers.com>
Date: Sun, 3 Mar 2024 20:59:21 -0800
Subject: [PATCH] actually let Actions invalidate

---
 terraform/cloudfront.tf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf
index a2f454a..470ab35 100644
--- a/terraform/cloudfront.tf
+++ b/terraform/cloudfront.tf
@@ -59,6 +59,13 @@ data "aws_iam_policy_document" "invalidate_cloudfront_cache" {
       "cloudfront:CreateInvalidation",
     ]
     effect = "Allow"
+    condition {
+      test     = "ArnLike"
+      variable = "aws:SourceArn"
+      values = [
+        aws_iam_role.github_actions.arn
+      ]
+    }
     resources = [
       aws_cloudfront_distribution.main.arn
     ]