Skip to content

sinofseven/template-aws-github-actions-terraform-prepare

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
README_ja.md
README_ja.md
 
 
template.yml
template.yml
 
 

Repository files navigation

日本語READMEはこちら → README_ja.md

AWS GitHub Actions Terraform Prepare Template

This CloudFormation template establishes the essential AWS infrastructure needed for secure continuous deployment from GitHub Actions to your AWS account.

Built for reusability, you can easily deploy it across multiple projects using GitHub's template repository feature.

To get started, configure the CloudFormation stack name and GitHub organization name in the Makefile.

Deployment

Resource Creation

Prerequisites

  • AWS CLI installed
  • SAM CLI installed
  • AWS access with appropriate permissions (IAM User or IAM Role)

Steps

  1. Configure the Makefile

    Edit the Makefile and update the following variables:

    stack_name:="<Stack Name>"
github_organization_name:="<Github Organization Name>"

  2. Deploy the stack

    Run the deployment command:

    make deploy

Retrieve Resource Information

When you need to check the deployed values for GitHub Actions configuration, use the following command:

make describe

Example output:

[
    {
        "OutputKey": "BucketNameTerraformStates",
        "OutputValue": "your-stack-name-bucketterraformstates-xxxxxxxxx"
    },
    {
        "OutputKey": "RoleArnGithubActionsAdministrator",
        "OutputValue": "arn:aws:iam::123456789012:role/your-stack-name-RoleGithubActionsAdministrator-xxxxxxxxx"
    }
]
  • BucketNameTerraformStates: S3 bucket name for storing Terraform state files
  • RoleArnGithubActionsAdministrator: ARN of the IAM role for GitHub Actions

Configure these values as environment variables or secrets in your GitHub Actions workflows.

CloudFormation Template Details

Parameters

This template uses the following parameter:

  • PrefixGitHubRepository (String)
    • Prefix for GitHub repositories that are allowed to access AWS through GitHub Actions
    • Typically specified in the format organization-name/* or user-name/*
    • This parameter is automatically passed from the Makefile's github_organization_name variable with /* appended

Resources

This template creates the following AWS resources:

  • OidcProviderGitHub (AWS::IAM::OIDCProvider)

    • Resource for enabling OIDC-based Assume Role in GitHub Actions

  • RoleGithubActionsAdministrator (AWS::IAM::Role)

    • IAM Role that serves as the target for OIDC-based Assume Role within GitHub Actions

  • BucketTerraformStates (AWS::S3::Bucket)

    • S3 Bucket used for Terraform S3 Backend

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages