Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2022-04-05 16:00:00 +0000

bukephalos gravatar image

  1. Create an IAM role that has the necessary permissions to access the Terraform backend.

  2. Configure the OIDC provider in your AWS account and create an OIDC provider URL.

  3. In the IAM console, create a role that will be assumed by the Github-Actions workflow.

  4. Assign the necessary permissions to the role, such as access to the Terraform backend.

  5. Add the IAM role ARN and the OIDC provider URL to the Github-Actions secret values.

  6. In your Github-Actions workflow script, use the AWS CLI to retrieve the OIDC token and assume the IAM role using the AWS Security Token Service (STS) API.

  7. After the IAM role has been assumed, execute your Terraform commands in the Github-Actions workflow as usual.

  8. When the workflow is complete, revoke the OIDC token and terminate the assumed IAM role in order to maintain security.


Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact