Lambda serverless app meant to accelerate teams onboarding to the BC Gov SEA AWS space. This repository use Github OpenID Connect to authenticate directly to AWS assuming an IAM role.
- Fork this repo
- Enable github actions
you'll need to add two github secrets:
LICENCEPLATE
is the 6 character licensecho "x"e plate associated with your project set e.g.abc123
S3_BACKEND_NAME
is the name of the S3 Bucket name used to store the Terraform state.TERRAFORM_DEPLOY_ROLE_ARN
This is the ARN of IAM Role used to deploy resources through the Github action authenticate with the GitHub OpenID Connect. You also need to link that role to the correct IAM Policy.-
- To access the
TERRAFORM_DEPLOY_ROLE_ARN
you need to create it beforehand manually. To create it you need can use this example of thrust relationship :
- To access the
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::<accound_id>:oidc-provider/token.actions.githubusercontent.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringLike": {
"token.actions.githubusercontent.com:sub": "repo:<Github_organization>/<repo_name>:ref:refs/heads/<Your_branch>"
},
"ForAllValues:StringEquals": {
"token.actions.githubusercontent.com:iss": "https://token.actions.githubusercontent.com",
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
}
}
}
]
}
- Once the app has been built, you should be able to log into AWS with your IDIR account (2FA). Once in AWS search for Cloudfront and then click on Distributions (If you can not see it click the hamburger on the top left corner). The Distributions dashboard shows the Domain name, you can use that domain name to interact with you app.
The github actions will trigger on a pull request creation and merge.
- Creating a pull request will run a
terraform plan
and outline everything that will be deployed into your AWS accounts, but will not create anything. - Merging into
main
will run aterraform apply
and your AWS assets will be deployed into yourdev
andsandbox
accounts.
NOTE: make sure you are creating pull requests/ merging within your fork
For how to use the test associated to this project, please check the README file under functional-tests
Thanks to BrowserStack for Testing Tool support via OpenSource Licensing