What is OIDC
OpenID Connect (OIDC) allows your GitHub Actions workflows to access resources in AWS, without having to store any credentials as long-lived GitHub secrets.
To use Terrateam with AWS, authentication and authorization need to be configured against your AWS account. Setup only takes a minute.
What is OIDC
OpenID Connect (OIDC) allows your GitHub Actions workflows to access resources in AWS, without having to store any credentials as long-lived GitHub secrets.
A Terraform module and a CloudFormation template are available to easily create all of the AWS resources that Terrateam requires. Choose the setup method you’re most comfortable with.
main.tf
terrateam-setup
Stackterrateam-setup
StackNavigate to CloudFormation
in the AWS Console to create the stack.
Create the .terrateam/config.yml
configuration file at the root of your Terraform repository.
Follow the instructions below to manually configure AWS for Terrateam authentication and authorization.
Create the OIDC provider in AWS
Create a local file on your workstation named trustpolicy.json
This file will define the policy to be used to allow AWS to trust GitHub’s OIDC as a federated identity. You must update the example file below with your own values. Replace AWS_ACCOUNT_ID
and GITHUB_ORG
.
Create a terrateam
IAM role using the newly created trustpolicy.json
Attach the PowerUserAccess
IAM policy or another policy of your choosing
Create a terrateam
IAM user
Attach the PowerUserAccess
IAM policy
Create an access key for the terrateam
user
Export your Terraform organization/repo
combination as an environment variable.
Create the AWS Access Key ID GitHub Secret
Create the AWS Secret Access Key GitHub Secret
You are now able to use Terrateam for plan and apply operations against AWS resources.