Github Actions & AWS

Create a role

├── oidc-github
│ ├── README.md
│ ├── config.tf
│ └── oidc.tf
# create a directory
mkdir oidc-github; cd oidc-github
#config.tfprovider "aws" {
region = "us-east-2"
}

terraform {
required_version = ">= 1.0"

backend "s3" {
bucket = "{MY BUCKET}"
key = "MY_KEY"
encrypt = true
region = "us-east-2"
}

required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}
#oidc.tfmodule "aws_oidc_github" {
source = "unfunco/oidc-github/aws"
version = "0.5.0"

github_organisation = "MYORG"
github_repositories = ["MYREPO"]
}
terraform init
terraform apply

Use role for Github Action

name: Pull Request Verification

on:
pull_request:

# permission can be added at job level or workflow level
permissions:
id-token: write
contents: read # This is required for actions/checkout@v2

jobs:
build-docker-image:
name: Configure AWS and List S3 buckets
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@master
with:
aws-region: us-east-2
role-to-assume: "ROLE_FROM_STEP_1"
- name: S3 list buckets
run: |
aws s3 ls

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store