Full stack web project.
One time setup with just import-repo to import the repo into the Terraform state.
Apply GitHub settings and create the GitHub ci environment seeded with required variables and branch controls.
just setup-repo
just init dev
just init prodExample plan command:
just tg dev aws/jobs planWARNING
Terragrunt will create the S3 state bucket the first time this is done — this should only happen once:
Remote state S3 bucket your-state-bucket-name-tfstate does not exist or you don't have permissions to access it. Would you like Terragrunt to create it? (y/n) y
This project uses GitHub OIDC (OpenID Connect) for secure, keyless access to AWS.
The Terraform module chrispsheehan/github-oidc-role/aws is used to:
- Create an IAM role with the correct trust relationship
- Grant least-privilege access for GitHub Actions
- Bind to a GitHub repository and environment
This action sets up AWS OIDC and runs a just command with AWS credentials:
- uses: chrispsheehan/just-aws-oidc-action@0.1.1
with:
aws_oidc_role_arn: arn:aws:iam::123456789012:role/webstack-ci
just_command: seed devThis action:
- Authenticates via OIDC
- Installs Terraform and Terragrunt
- Runs a Terragrunt command with injected config
- uses: chrispsheehan/terragrunt-aws-oidc-action@0.3.0
with:
aws_oidc_role_arn: arn:aws:iam::123456789012:role/webstack-ci
tg_directory: infrastructure/dev
tg_action: apply
override_tg_vars: '{"env": "dev"}'brew install terragrunt
brew install terraform
brew install just
brew install awscli
brew install gh
brew install node
npm install -g prettierjust setup-repo– apply GitHub repo state as per Terraform codejust seed– locally populatefrontend/public/datawithdata.jsonfilesjust start– open hot-reloaded websitejust temp-init– allow current branch to deploy fromdevGitHub environment
