include a role condition test for AUD in sample CFN template

Author: russau

README.md

@@ -149,6 +149,10 @@ Parameters:
     Description: Arn for the GitHub OIDC Provider.
     Default: ""
     Type: String
+  OIDCAudience:
+    Description: Audience supplied to configure-aws-credentials.
+    Default: "sts.amazonaws.com"
+    Type: String
 
 Conditions:
   CreateOIDCProvider: !Equals 
@@ -169,6 +173,8 @@ Resources:
                 - !Ref GithubOidc
                 - !Ref OIDCProviderArn
             Condition:
+              StringEquals:
+                token.actions.githubusercontent.com:aud: !Ref OIDCAudience
               StringLike:
                 token.actions.githubusercontent.com:sub: !Sub repo:${GitHubOrg}/${RepositoryName}:*