Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IAMロールでTerraformのCI/CDを構築してみた

YouYou
October 14, 2021

 IAMロールでTerraformのCI/CDを構築してみた

YouYou

October 14, 2021
Tweet

More Decks by YouYou

Other Decks in Programming

Transcript

  1. 従来のCI/CDの課題点 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id:

    ${{ secrets.AWS_ACCESS_KEY_ID }} #アクセスキー aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} #シークレットキー
  2. ワークフロー作成 - name: Setup Terraform uses: aws-actions/configure-aws-credentials@master with: role-to-assume: "${{

    env.AWS_ROLE_ARN }}" web-identity-token-file: "curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sigstore" | jq -r '.value'" aws-region: "${{ env.AWS_DEFAULT_REGION }}" role-duration-seconds: 900 role-session-name: GitHubActionsTerraformCICD