This directory contains a Terraform module responsible for setting up the necessary infrastructure to allow GitHub Actions to release CloudFormation templates to an S3 bucket using OIDC for authentication. This ensures a seamless integration between the CI/CD pipeline and AWS services.
Changes to this module are not automatically applied. After merging changes, you should manually apply them.
-
AWS Credentials: Ensure that you have AWS credentials set up with permissions to create IAM roles, OIDC providers, and manage the specified S3 bucket.
-
GitHub Access Token: Set the
GITHUB_TOKENenvironment variable to a GitHub access token with at least thereposcope. This token should also have permission to set repository secrets.
-
Initialize the Terraform directory:
terraform init
-
Verify your AWS identity to ensure you're acting as the expected user or role:
aws sts get-caller-identity
Check the output to ensure your ARN and account match your expectations.
-
Plan your Terraform changes:
terraform plan -out=tfplan
Review the plan to see what changes will be made. Make sure everything aligns with your intentions.
-
Apply the Terraform changes:
terraform apply tfplan
If everything looks correct, approve the changes to apply them.
To tear down the resources created by this module (use with caution):
terraform destroy-
Sets up an OIDC provider in AWS to allow GitHub Actions to authenticate.
-
Creates an IAM role with permissions that allow GitHub Actions to release CloudFormation templates to the specified S3 bucket.
-
Configures GitHub Actions variables in the repository with the ARN of the IAM role so that it can be used.
- Grants necessary permissions to the IAM role to read from and write to the specified S3 bucket.