Terraform Cloud <-> Github <-> AWS automation demo
This is a demo repository to demonstrate GitOps automation using Terraform Cloud and Terraform for provisioning AWS resources.
- Terraform Cloud account: https://app.terraform.io
- AWS Account: https://aws.amazon.com/free
- Github account: https://github.com/
Setup OIDC between Terraform Cloud and Github using Github and Terraform Cloud apps (Official documentation)
Setup authentication between Terraform Cloud and AWS (Official documentation):
- Create an Identity Provider (OIDC)
- Create and assign IAM role to Identity Provider ( OIDC)
- Configure Terraform Cloud environment variables to assume newly created role:
- TFC_AWS_RUN_ROLE_ARN: arn:aws:iam::$accountid:role/$rolename
- TFC_AWS_PROVIDER_AUTH: true
- Configure Terraform Cloud workspace:
- Execution mode: Remote
- Automatic speculative plans: yes
- VCS branch: main
- Configure Github repository:
- Branch protection rule:
- main branch - require a pull request before merging
- Branch protection rule:
- New pull requests will trigger a Terraform plan against the Github PR branch.
- Merging a branch to main will trigger a Terraform plan (against the main branch) and prompt a user to approve the Terraform apply in Terraform Cloud.
No requirements.
| Name | Version |
|---|---|
| aws | n/a |
No modules.
| Name | Type |
|---|---|
| aws_s3_bucket.this | resource |
| aws_s3_bucket_acl.this | resource |
| aws_s3_bucket_ownership_controls.this | resource |
| aws_s3_bucket_versioning.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket_config | Bucket configuration | map(string) |
n/a | yes |
| demo-bucket-name | Bucket name | string |
n/a | yes |
| environment | Environment name | string |
n/a | yes |
No outputs.