- Fork this repo
- Enable github actions
This repository use Github OpenID Connect to authenticate directly to AWS assuming an IAM role.
The required environment variables are:
TERRAFORM_DEPLOY_ROLE_ARNThis is the ARN of IAM Role used to deploy resources through the Github action authenticate with the GitHub OpenID Connect. You also need to link that role to the correct IAM Policy.- To access the
TERRAFORM_DEPLOY_ROLE_ARNyou need to create it beforehand manually in each account. Then you have to add the right arn for each Github environment. To create it you need can use this example of thrust relationship :
- To access the
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::<accound_id>:oidc-provider/token.actions.githubusercontent.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringLike": {
"token.actions.githubusercontent.com:sub": "repo:<Github_organization>/<repo_name>:ref:refs/heads/<Your_branch>"
},
"ForAllValues:StringEquals": {
"token.actions.githubusercontent.com:iss": "https://token.actions.githubusercontent.com",
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
}
}
}
]
}The following variables they are global for every account so you can put them as Github repository variables_
LICENCEPLATEis the 6 character licence plate associated with your project set e.g.abc123S3_BACKEND_NAMEis the name of the S3 Bucket name used to store the Terraform state.
The deploy workflow is triggered by manual dispatch. It will deploy the selected branch to the selected environment.
NOTE: For this sample application we chose a manual deploy workflow to keep the cost down. In a real world scenario you may want to use an automated workflow.
The destroy workflow is triggered by manual dispatch. It will destroy the selected branch from the selected environment.
.github/workflows/pull_request.yml
The pull request workflow is triggered by pull request to any of the dev, test, or main branches. It will run a terraform plan and build the frontend.
