Thanks for this article. So is it truly just the ARN of the Role and the repo name(s) on that Role in AWS that control the security/access b/w the Git Repo and Git Actions ability to generate operations in AWS as that role? I feel like I'm missing some other key or secret. The thumbprint seems like it has to be that specific value due to the 2022 certificate chain issue so thats not unique or a secret. Thanks!