Setting Up Github Actions for AWS Infra

Posted August 12, 2022 by Jacob Sauni ‐ 3 min read

When I wrote Setting up AWS resources to host Hugo blog, I thought of a few improvements I could make. Over the last couple nights, I had a play around with Terraform and Github Actions and managed to tick off 2 of the items.

Manage the domain via Terraform.

The hosted zone and hosted zone records were already existing. So it was just a matter of getting them into code. I mentioned this in the original blog post, but to get the resources into code I would leverage the terraform import command.

For import examples see the documentation for aws_route53_zone and aws_route53_record.

Essentailly I ran commands like below

terraform import aws_route53_zone.jsauni HOSTEDZONEID
terraform import aws_route53_record.jsauni_com ZONEIDENTIFIER_jsauni.com_A

Once the resources were imported, I hit a terraform plan to confirm my code was not making any unintended changes. I would also be able to see if my Terraform code was missing any resources settings, and then make appropriate changes to sync. There were a few changes that were detected but would have no impact, so proceded with a terraform apply. And that was the first item done.

Automate code deployment with Github Actions.

I had never used Github Actions before but it sounded like the trend. A bit of Googling and I found this Automate Terraform with Github Actions guide. The documentation was straight forward, but when I got all the things setup, I ran into the below error when my Terraform Init step was executing.

Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.

After a few hours, I couldn’t figure out why it wasn’t working. From what I could tell, the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables weren’t being set on the Github Action runners. Even though I had setup the Terraform API token as per the documentation. So I don’t know, but if you’ve run into this and you know how to fix it, get at me, keen to know what I did wrong.

I ended up adding the AWS Access and Secret key as Action secrets to my Github repository. Then within my Github Actions worklfow yaml file, I set environment variables for the keys for my job. Excerpt from the file looks something like this:

jobs:
  job-name:
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

From there the job steps proceeded without failure, now being able to authenticate against AWS successfully.

High level my workflow runs through the following steps:

  • Checkout code
  • Setup terraform
  • Check terraform format
  • Initialise terraform
  • Validate terraform (pull request)
  • Comment on pull request (pull request)
  • Apply terraform (push on main branch)

Some steps, as indicated, only run when it’s a pull request. Also likewise, the last step of applying the terraform only runs on a push to the main branch. I was pretty stoked once it was all up and running. My highlight was seeing the bot comment with different step status’ and also the terraform plan output.

Image

I’m pretty happy with where this repo is at now. I can’t really think of any next steps from here, especially since it’s just the cloud infrastructure for my blog, it’s fairly static.

In the mean time I’ll continue to play with Github Actions as well and see what other cool features it has.