chore!: Change the attach_read_only_policy default (#71)

Author: unfunco

CHANGELOG.md

@@ -5,37 +5,33 @@ This project adheres to the [semantic versioning] specification.
 
 ## [1.8.1](https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.8.0...v1.8.1) (2024-12-29)
 
-
 ### Bug fixes
 
-* Allow wildcards in the repository variable ([#62](https://github.com/unfunco/terraform-aws-oidc-github/issues/62)) ([4c6db5b](https://github.com/unfunco/terraform-aws-oidc-github/commit/4c6db5bf685fca239fa0e5992b51892000883cfc))
-* Swap deprecated inline_policy block for aws_iam_role_policy ([#63](https://github.com/unfunco/terraform-aws-oidc-github/issues/63)) ([a7b30ee](https://github.com/unfunco/terraform-aws-oidc-github/commit/a7b30ee6c2285e958be48cd21f69d147361abfe0))
-
+- Allow wildcards in the repository variable ([#62](https://github.com/unfunco/terraform-aws-oidc-github/issues/62)) ([4c6db5b](https://github.com/unfunco/terraform-aws-oidc-github/commit/4c6db5bf685fca239fa0e5992b51892000883cfc))
+- Swap deprecated inline_policy block for aws_iam_role_policy ([#63](https://github.com/unfunco/terraform-aws-oidc-github/issues/63)) ([a7b30ee](https://github.com/unfunco/terraform-aws-oidc-github/commit/a7b30ee6c2285e958be48cd21f69d147361abfe0))
 
 ### Miscellaneous
 
-* Bump slackapi/slack-github-action from 1.26.0 to 1.27.0 ([#59](https://github.com/unfunco/terraform-aws-oidc-github/issues/59)) ([568aedf](https://github.com/unfunco/terraform-aws-oidc-github/commit/568aedfd3a7cc97dc05dc424802453fdba13571a))
-* Bump slackapi/slack-github-action from 1.27.0 to 2.0.0 ([#61](https://github.com/unfunco/terraform-aws-oidc-github/issues/61)) ([7451536](https://github.com/unfunco/terraform-aws-oidc-github/commit/7451536877cc1238477a98c00cd4970e62df7b72))
-* Update release-please-action organisation ([#55](https://github.com/unfunco/terraform-aws-oidc-github/issues/55)) ([6a67a48](https://github.com/unfunco/terraform-aws-oidc-github/commit/6a67a48bf466eb0a0820c90a4753aa205a6b0230))
+- Bump slackapi/slack-github-action from 1.26.0 to 1.27.0 ([#59](https://github.com/unfunco/terraform-aws-oidc-github/issues/59)) ([568aedf](https://github.com/unfunco/terraform-aws-oidc-github/commit/568aedfd3a7cc97dc05dc424802453fdba13571a))
+- Bump slackapi/slack-github-action from 1.27.0 to 2.0.0 ([#61](https://github.com/unfunco/terraform-aws-oidc-github/issues/61)) ([7451536](https://github.com/unfunco/terraform-aws-oidc-github/commit/7451536877cc1238477a98c00cd4970e62df7b72))
+- Update release-please-action organisation ([#55](https://github.com/unfunco/terraform-aws-oidc-github/issues/55)) ([6a67a48](https://github.com/unfunco/terraform-aws-oidc-github/commit/6a67a48bf466eb0a0820c90a4753aa205a6b0230))
 
 ## [1.8.0](https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.7.1...v1.8.0) (2024-04-22)
 
-
 ### New features
 
-* Begin automating the release process ([#42](https://github.com/unfunco/terraform-aws-oidc-github/issues/42)) ([c9493af](https://github.com/unfunco/terraform-aws-oidc-github/commit/c9493aff293beb6797da347ca282bd3f0d9913c3))
-
+- Begin automating the release process ([#42](https://github.com/unfunco/terraform-aws-oidc-github/issues/42)) ([c9493af](https://github.com/unfunco/terraform-aws-oidc-github/commit/c9493aff293beb6797da347ca282bd3f0d9913c3))
 
 ### Miscellaneous
 
-* Automatically upgrade workflow dependencies ([#48](https://github.com/unfunco/terraform-aws-oidc-github/issues/48)) ([be2be58](https://github.com/unfunco/terraform-aws-oidc-github/commit/be2be58ee1099200738ef947082607056a16ee73))
-* Bump aws-actions/configure-aws-credentials from 2 to 4 ([#50](https://github.com/unfunco/terraform-aws-oidc-github/issues/50)) ([0f5075d](https://github.com/unfunco/terraform-aws-oidc-github/commit/0f5075dd79665395e8cc0f82432c8f0e03f9d34d))
-* bump github/codeql-action from 2 to 3 ([#49](https://github.com/unfunco/terraform-aws-oidc-github/issues/49)) ([6cbdace](https://github.com/unfunco/terraform-aws-oidc-github/commit/6cbdaceb66b5ebc06ae3ba2660c58f78748f6301))
-* Bump slackapi/slack-github-action from 1.18.0 to 1.25.0 ([#51](https://github.com/unfunco/terraform-aws-oidc-github/issues/51)) ([5093c20](https://github.com/unfunco/terraform-aws-oidc-github/commit/5093c2023bf0b148f2c4b769b43f6f3dae3d55ff))
-* Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 ([#53](https://github.com/unfunco/terraform-aws-oidc-github/issues/53)) ([5962e07](https://github.com/unfunco/terraform-aws-oidc-github/commit/5962e07265407e8c70c95dd20a917ff1b12aa712))
-* Remove known thumbprints ([#52](https://github.com/unfunco/terraform-aws-oidc-github/issues/52)) ([c0b2178](https://github.com/unfunco/terraform-aws-oidc-github/commit/c0b2178bc74e49dcc9c2330651f0e866f25b762c))
-* Set the first automated release version ([#44](https://github.com/unfunco/terraform-aws-oidc-github/issues/44)) ([cc3ded5](https://github.com/unfunco/terraform-aws-oidc-github/commit/cc3ded5d0b5bb0cd615ac8202b3d99bbc50735d2))
-* Set the previous version in the manifest ([#46](https://github.com/unfunco/terraform-aws-oidc-github/issues/46)) ([cb4b7c9](https://github.com/unfunco/terraform-aws-oidc-github/commit/cb4b7c9ab3bd00ab35541e23417e145c62082802))
+- Automatically upgrade workflow dependencies ([#48](https://github.com/unfunco/terraform-aws-oidc-github/issues/48)) ([be2be58](https://github.com/unfunco/terraform-aws-oidc-github/commit/be2be58ee1099200738ef947082607056a16ee73))
+- Bump aws-actions/configure-aws-credentials from 2 to 4 ([#50](https://github.com/unfunco/terraform-aws-oidc-github/issues/50)) ([0f5075d](https://github.com/unfunco/terraform-aws-oidc-github/commit/0f5075dd79665395e8cc0f82432c8f0e03f9d34d))
+- bump github/codeql-action from 2 to 3 ([#49](https://github.com/unfunco/terraform-aws-oidc-github/issues/49)) ([6cbdace](https://github.com/unfunco/terraform-aws-oidc-github/commit/6cbdaceb66b5ebc06ae3ba2660c58f78748f6301))
+- Bump slackapi/slack-github-action from 1.18.0 to 1.25.0 ([#51](https://github.com/unfunco/terraform-aws-oidc-github/issues/51)) ([5093c20](https://github.com/unfunco/terraform-aws-oidc-github/commit/5093c2023bf0b148f2c4b769b43f6f3dae3d55ff))
+- Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 ([#53](https://github.com/unfunco/terraform-aws-oidc-github/issues/53)) ([5962e07](https://github.com/unfunco/terraform-aws-oidc-github/commit/5962e07265407e8c70c95dd20a917ff1b12aa712))
+- Remove known thumbprints ([#52](https://github.com/unfunco/terraform-aws-oidc-github/issues/52)) ([c0b2178](https://github.com/unfunco/terraform-aws-oidc-github/commit/c0b2178bc74e49dcc9c2330651f0e866f25b762c))
+- Set the first automated release version ([#44](https://github.com/unfunco/terraform-aws-oidc-github/issues/44)) ([cc3ded5](https://github.com/unfunco/terraform-aws-oidc-github/commit/cc3ded5d0b5bb0cd615ac8202b3d99bbc50735d2))
+- Set the previous version in the manifest ([#46](https://github.com/unfunco/terraform-aws-oidc-github/issues/46)) ([cb4b7c9](https://github.com/unfunco/terraform-aws-oidc-github/commit/cb4b7c9ab3bd00ab35541e23417e145c62082802))
 
 ## [1.7.1] – 2023-10-29
 

README.md

@@ -72,6 +72,7 @@ applied, the JWT will contain an updated `iss` claim.
 | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
 | [aws_iam_openid_connect_provider.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider)    | resource    |
 | [aws_iam_role.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role)                                          | resource    |
+| [aws_iam_role_policy.inline_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy)                   | resource    |
 | [aws_iam_role_policy_attachment.admin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment)       | resource    |
 | [aws_iam_role_policy_attachment.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment)      | resource    |
 | [aws_iam_role_policy_attachment.read_only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment)   | resource    |
@@ -87,7 +88,7 @@ applied, the JWT will contain an updated `iss` claim.
 | additional_audiences          | List of additional OIDC audiences allowed to assume the role.               | `list(string)` | `null`     |    no    |
 | additional_thumbprints        | List of additional thumbprints for the OIDC provider.                       | `list(string)` | `[]`       |    no    |
 | attach_admin_policy           | Flag to enable/disable the attachment of the AdministratorAccess policy.    | `bool`         | `false`    |    no    |
-| attach_read_only_policy       | Flag to enable/disable the attachment of the ReadOnly policy.               | `bool`         | `true`     |    no    |
+| attach_read_only_policy       | Flag to enable/disable the attachment of the ReadOnly policy.               | `bool`         | `false`    |    no    |
 | create_oidc_provider          | Flag to enable/disable the creation of the GitHub OIDC provider.            | `bool`         | `true`     |    no    |
 | enabled                       | Flag to enable/disable the creation of resources.                           | `bool`         | `true`     |    no    |
 | enterprise_slug               | Enterprise slug for GitHub Enterprise Cloud customers.                      | `string`       | `""`       |    no    |

variables.tf

@@ -36,7 +36,7 @@ variable "attach_admin_policy" {
 }
 
 variable "attach_read_only_policy" {
-  default     = true
+  default     = false
   description = "Flag to enable/disable the attachment of the ReadOnly policy."
   type        = bool
 }