Source: thetestlabs.io
AWS federation with GitHub ActionsCategory: Terraform, github
A new feature from GitHub now allows Federation with AWS accounts using Open ID Connect, which allows you to assume an IAM role within your account to deploy services into AWS. This is a pretty big deal, since if you’re currently using GitHub Actions you’re probably storing credentials using GitHub secrets, which is great but can tend to lead to either long-lived credentials, or having to rotate keys on a regular basis depending on your security policies.
If you are planning on running it yourself, you’ll need to change the following values: 1234567890: This should be your AWS account number github_account: Your GitHub account (user name) github_repo: The name of your GitHub repository
So now that we have all of that defined in Terraform, and presuming that we’ve run terraform apply to deploy them, we can create a GitHub Action to deploy a service into our AWS account.
And there we have it - deploying to AWS using GitHub Actions without the need for storing any credentials anywhere!
If you are planning on running it yourself, you’ll need to change the following values: 1234567890: This should be your AWS account number github_account: Your GitHub account (user name) github_repo: The name of your GitHub repository
So now that we have all of that defined in Terraform, and presuming that we’ve run terraform apply to deploy them, we can create a GitHub Action to deploy a service into our AWS account.
And there we have it - deploying to AWS using GitHub Actions without the need for storing any credentials anywhere!
Related Articles
Community Partners
DevOps Careers