Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo

What is the best IAM setup for github ( github actions ) for CI/CD?

0

How would I set up github actions (CI/CD) to access AWS ? (best or recommended secure approach) ?

Technical areas of expertise

  • IAM
  • CI/CD with github actions (access an AWS account

I would like to know if there is any documentation that I can access on how to properly set up, or the recommended way to setup Github actions so that it can access my AWS account.

Should I set up a user with a generated keypair (.pem or ssh key pair)

or should I set up a role and apply a policy to a role and some how have github actions assume that role?


What is the best recommended approach for a system like github (github CI/CD actions), accessing AWS resources like pushing a Docker image to AWS ECR?

For my CI/CD, the only thing I need to do is to push a Docker container to AWS ECR and then test via Python HTTP GET / POST some API endpoints to make sure deployment of the container was successfully started

4 Risposte
0

The following blog is in Japanese but is set up by creating an IAM role.
https://dev.classmethod.jp/articles/github-actions-aws-sts-credentials-iamrole/
Basically, if you need access to AWS resources, it is better to use temporary credentials (e.g., IAM roles).

profile picture
ESPERTO
con risposta 2 anni fa
  • Thank you very much. I cannot read Japanese, but will see if Google translate can translate the page. It refers to OIDC which I have seen before but know little about. I will search on that as well.

0

Hi DevLocalCA,

I would look into this guide: https://aws.amazon.com/blogs/containers/create-a-ci-cd-pipeline-for-amazon-ecs-with-github-actions-and-aws-codebuild-tests/.

It uses GitHub as a source code repository can use GitHub Actions to build a complete CI/CD pipeline for applications deployed on Amazon ECS, leveraging github actions such as github.com/aws-actions/configure-aws-credentials and github.com/aws-actions/amazon-ecr-login.

Hope it helps you ;)

profile picture
ESPERTO
con risposta 2 anni fa
0

I've created two GH repos to support this and a related blog post linked in the second repo.

The first repo has the CloudFormation to deploy an OIDC IAM Role and IDP Pair to support authentication. https://github.com/rwickit/aws-github-cicd

The second has the blog and Action examples to support deployment of AWS resources using Actions in both CloudFormation and Terraform. https://github.com/rosswickman/aws-automation-workflows

profile picture
con risposta 2 anni fa
0

I recently created a youtube video (on channel: learn4tarakki), talking about best practice of setting up github actions to access AWS. We setup github actions with github OIDC Provider and added Github Indentity Provider in AWS and created assume role in AWS with trust and permission policy.

Key take aways and Queries, it answers: ☛ What is github actions and how to create from scratch. ☛ How to write github actions workflow to deploy react app on AWS. ☛ What is recommended way by which github actions should access AWS. ☛ How to avoid storing long lived AWS credentials in github secrets. ☛ Why we need github OIDC Provider (#oidc). ☛ How to add new Identity Provider in AWS. ☛ What is AWS assume role, trust and permission policy and how to create one in simple steps. ☛ Also, include latest update by github on June 2023 for configuring thumbprints for Identity Provider in AWS.

https://www.youtube.com/watch?v=3Czf9vzZ0jI

con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande