This repository contains a project template for a CI/CD pipeline using Okta Terraform, AWS, and GitHub Actions. Please read How to Create a Secure CI/CD Pipeline Using Okta Terraform for a detailed guide through.
The architecture for this project looks like
And workflow for this project looks like
- IDE with a Terraform plugin, such as Visual Studio Code or IntelliJ IDEA
- Git
- Terminal window
- Okta Workforce Identity Cloud Developer Edition account
- GitHub account and a GitHub organization account (You can create a free GitHub organization if you don't have access to one)
- A free AWS account
Okta has Authentication and User Management APIs that reduce development time with instant-on, scalable user infrastructure. Okta's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Create a free Okta Developer Edition account. In the Okta Admin Console, create an API Services application using a public/private key pair generated by Okta. Enable okta.groups.manage scope and add Organization Administrator as an admin role.
In the AWS account, set up an S3 bucket and a DynamoDB Table for the Terraform backend, and use Secrets Manager for the API Services application private key. Setup the OIDC Identity Provider for GitHub, and the Role and Policy within AWS IAM to allow authentication and authorization to the configured AWS Resources.
In the GitHub account, create or use an existing GitHub Organization, and create a new repository using this project as the template. Set the AWS_ROLE_ARN and AWS_REGION repository variables with the respective values from AWS.
Create and checkout the develop branch.
git checkout main
git pull origin main
git checkout -b develop
Update the backend-*.conf and tfvars files and replace variables with values from your Okta account, AWS account, and GitHub.
Uncomment the pre-defined resources and variables within the terraform/modules/directory/variables.tf, terraform/modules/directory/okta_groups.tf, terraform/variables.tf, terraform/main.tf, and tfvars files to prepare for creating a group within the Okta environments.
Stage and push the changes to the develop branch to trigger the GitHub Actions workflow Dev Build, which uses Terraform to build against the Okta development environment.
git add .
git commit -m "Initial commit"
git push origin develop
Observe the workflow within GitHub Actions.
Create a pull request from develop to main within the repository to trigger the GitHub Actions workflow Prod Plan, which uses Terraform to show the potential changes without applying them against the Okta production environment. Observe the workflow within GitHub Actions.
Merge the pull request to main within the repository to trigger the GitHub Actions workflow Prod Build, which uses Terraform to build against the Okta production environment. Observe the workflow within GitHub Actions.
This example uses the following open source libraries from Okta:
Please post any questions as comments on the blog post, or visit our Okta Developer Forums.
Apache 2.0, see LICENSE.