appvia · gambol99 · Nov 14, 2025 · Nov 14, 2025
diff --git a/examples/repositories/README.md b/examples/repositories/README.md
diff --git a/examples/repositories/main.tf b/examples/repositories/main.tf
diff --git a/examples/repositories/outputs.tf b/examples/repositories/outputs.tf
diff --git a/examples/repositories/terraform.tf b/examples/repositories/terraform.tf
diff --git a/examples/repositories/variables.tf b/examples/repositories/variables.tf
diff --git a/modules/role/README.md b/modules/role/README.md
@@ -598,7 +598,6 @@ No modules.
 | <a name="input_read_write_max_session_duration"></a> [read\_write\_max\_session\_duration](#input\_read\_write\_max\_session\_duration) | The maximum session duration (in seconds) that you want to set for the specified role | `number` | `null` | no |
 | <a name="input_read_write_policy_arns"></a> [read\_write\_policy\_arns](#input\_read\_write\_policy\_arns) | List of IAM policy ARNs to attach to the read-write role | `list(string)` | `[]` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region in which the role will be used (defaulting to the provider region) | `string` | `null` | no |
-| <a name="input_repositories"></a> [repositories](#input\_repositories) | A collection of repositories to to bind the permissions | `list(string)` | `[]` | no |
 | <a name="input_repository"></a> [repository](#input\_repository) | Repository to be allowed in the OIDC federation mapping | `string` | `null` | no |
 | <a name="input_role_path"></a> [role\_path](#input\_role\_path) | Path under which to create IAM role. | `string` | `null` | no |
 | <a name="input_shared_repositories"></a> [shared\_repositories](#input\_shared\_repositories) | List of repositories to provide read access to the remote state | `list(string)` | `[]` | no |

diff --git a/modules/role/locals.tf b/modules/role/locals.tf
@@ -39,13 +39,13 @@ locals {
   # The region where the iam role will be used 
   region = var.region != null ? var.region : data.aws_region.current.region
   ## The list of repositories to create roles for
-  repositories = compact(concat([var.repository], var.repositories))
+  repositories = compact(concat([var.repository], []))
   # Find the source control provider from supplied list
   common_provider = lookup(local.common_providers, var.common_provider, null)
   # The selected provider from the supplied list
   selected_provider = var.custom_provider != null ? var.custom_provider : local.common_provider
   # Extract just the repository name part of the full path
-  #repo_name = element(split("/", var.repository), length(split("/", var.repository)) - 1)
+  repository_name = element(split("/", var.repository), length(split("/", var.repository)) - 1)
   # Keys to search for in the subject mapping template
   template_keys_regex = "{(repo|type|ref|env)}"
   # The prefix for the terraform state key in the S3 bucket

diff --git a/modules/role/policies.tf b/modules/role/policies.tf
@@ -1,13 +1,13 @@
 locals {
   # The default state key is PREFIX + REPOSITORY_NAME + .tfstate
-  default_state_key = format("arn:aws:s3:::%s-tfstate/%s%s.tfstate", local.tf_state_bucket, var.name, local.tf_state_suffix)
+  default_state_key = format("arn:aws:s3:::%s-tfstate/%s%s.tfstate", local.tf_state_bucket, local.repository_name, local.tf_state_suffix)
   # Is the default state lock file key
-  default_state_lock_file_key = format("arn:aws:s3:::%s-tfstate/%s%s.tfstate.tflock", local.tf_state_bucket, var.name, local.tf_state_suffix)
+  default_state_lock_file_key = format("arn:aws:s3:::%s-tfstate/%s%s.tfstate.tflock", local.tf_state_bucket, local.repository_name, local.tf_state_suffix)
 
   # The default state prefix when using the entire namespace is PREFIX + REPOSITORY_NAME + /*
-  default_state_namespace_key = format("arn:aws:s3:::%s-tfstate/%s%s/*", local.tf_state_bucket, var.name, local.tf_state_suffix)
+  default_state_namespace_key = format("arn:aws:s3:::%s-tfstate/%s%s/*", local.tf_state_bucket, local.repository_name, local.tf_state_suffix)
   # The prefix for the lock file
-  default_state_namespace_lock_file_key = format("arn:aws:s3:::%s-tfstate/%s%s/*.tfstate.tflock", local.tf_state_bucket, var.name, local.tf_state_suffix)
+  default_state_namespace_lock_file_key = format("arn:aws:s3:::%s-tfstate/%s%s/*.tfstate.tflock", local.tf_state_bucket, local.repository_name, local.tf_state_suffix)
 
   # Is the prefix for the terraform state key, by default this is PREFIX + REPOSITORY_NAME + .tfstate.
   # However, when the entire namespace is enabled, this is PREFIX + REPOSITORY_NAME + /*

diff --git a/modules/role/variables.tf b/modules/role/variables.tf
@@ -82,12 +82,6 @@ variable "repository" {
   default     = null
 }
 
-variable "repositories" {
-  description = "A collection of repositories to to bind the permissions"
-  type        = list(string)
-  default     = []
-}
-
 variable "shared_repositories" {
   description = "List of repositories to provide read access to the remote state"
   type        = list(string)