Skip to content

add policy

add policy #7

Workflow file for this run

name: 'Terraform'
env:
AWS_REGION: 'us-west-2'
AWS_ACCOUNT_ID: '533266956918'
on:
push:
branches: [ "main" ]
pull_request:
permissions:
contents: read
id-token: write
jobs:
caller-identity:
name: Check caller identity
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github
- run: aws sts get-caller-identity
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
environment: production
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
audience: sts.amazonaws.com
aws-region: us-west-2
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
run: terraform -chdir=tf init
# Checks that all Terraform configuration files adhere to a canonical format
- name: Terraform Format
run: terraform -chdir=tf fmt -check
# Generates an execution plan for Terraform
- name: Terraform Plan
run: terraform -chdir=tf plan -input=false
# On push to "main", build or change infrastructure according to Terraform configuration files
- name: Terraform Apply
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: terraform -chdir=tf apply -auto-approve -input=false