Currently, the CLI creates the GitHub CI JWT token using https://github.com/DefangLabs (etc.) but the default AWS action uses sts.amazonaws.com. The benefit of the latter is that we don't need to amend the audience in the OIDC provider in the AWS account when new repos (from other orgs) get deployed to that account.
Currently, the CLI creates the GitHub CI JWT token using
https://github.com/DefangLabs(etc.) but the default AWS action usessts.amazonaws.com. The benefit of the latter is that we don't need to amend the audience in the OIDC provider in the AWS account when new repos (from other orgs) get deployed to that account.