OIDC w/ AWS example doesn't appear to be valid JSON

[Hollywood]

Code of Conduct

• I have read and agree to the GitHub Docs project's Code of Conduct

What article on docs.github.com is affected?

Configuring OpenID Connect in Amazon Web Services

What part(s) of the article would you like to see updated?

The last line in the code block on lines 44 - 47 does not look like valid json:

"Condition": {
  "StringEquals": {
    "token.actions.githubusercontent.com:aud": "https://github.com/octo-org",
    "token.actions.githubusercontent.com:sub": "token.actions.githubusercontent.com:sub": "repo:octo-org/octo-repo:ref:refs/heads/octo-branch"

Was it meant to be?

"Condition": {
  "StringEquals": {
    "token.actions.githubusercontent.com:aud": "https://github.com/octo-org",
    "token.actions.githubusercontent.com:sub": "repo:octo-org/octo-repo:ref:refs/heads/octo-branch"

Additional information

No response

[welcome]

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[anchorchau]

As far as I tested, the above condition for aud will cause failure if we are using official AWS action aws-actions/configure-aws-credentials as documented. My suggested changes as below:

"Condition": {
  "StringEquals": {
    "token.actions.githubusercontent.com:sub": "repo:octo-org/octo-repo:ref:refs/heads/octo-branch"
  }
}

OR

"Condition": {
  "StringLike": {
    "token.actions.githubusercontent.com:sub": "repo:octo-org/octo-repo:*"
  }
}