AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約

What is the best IAM setup for github ( github actions ) for CI/CD?

0

How would I set up github actions (CI/CD) to access AWS ? (best or recommended secure approach) ?

Technical areas of expertise

  • IAM
  • CI/CD with github actions (access an AWS account

I would like to know if there is any documentation that I can access on how to properly set up, or the recommended way to setup Github actions so that it can access my AWS account.

Should I set up a user with a generated keypair (.pem or ssh key pair)

or should I set up a role and apply a policy to a role and some how have github actions assume that role?


What is the best recommended approach for a system like github (github CI/CD actions), accessing AWS resources like pushing a Docker image to AWS ECR?

For my CI/CD, the only thing I need to do is to push a Docker container to AWS ECR and then test via Python HTTP GET / POST some API endpoints to make sure deployment of the container was successfully started

4回答
0

The following blog is in Japanese but is set up by creating an IAM role.
https://dev.classmethod.jp/articles/github-actions-aws-sts-credentials-iamrole/
Basically, if you need access to AWS resources, it is better to use temporary credentials (e.g., IAM roles).

profile picture
エキスパート
回答済み 2年前
  • Thank you very much. I cannot read Japanese, but will see if Google translate can translate the page. It refers to OIDC which I have seen before but know little about. I will search on that as well.

0

Hi DevLocalCA,

I would look into this guide: https://aws.amazon.com/blogs/containers/create-a-ci-cd-pipeline-for-amazon-ecs-with-github-actions-and-aws-codebuild-tests/.

It uses GitHub as a source code repository can use GitHub Actions to build a complete CI/CD pipeline for applications deployed on Amazon ECS, leveraging github actions such as github.com/aws-actions/configure-aws-credentials and github.com/aws-actions/amazon-ecr-login.

Hope it helps you ;)

profile picture
エキスパート
回答済み 2年前
0

I've created two GH repos to support this and a related blog post linked in the second repo.

The first repo has the CloudFormation to deploy an OIDC IAM Role and IDP Pair to support authentication. https://github.com/rwickit/aws-github-cicd

The second has the blog and Action examples to support deployment of AWS resources using Actions in both CloudFormation and Terraform. https://github.com/rosswickman/aws-automation-workflows

profile picture
回答済み 2年前
0

I recently created a youtube video (on channel: learn4tarakki), talking about best practice of setting up github actions to access AWS. We setup github actions with github OIDC Provider and added Github Indentity Provider in AWS and created assume role in AWS with trust and permission policy.

Key take aways and Queries, it answers: ☛ What is github actions and how to create from scratch. ☛ How to write github actions workflow to deploy react app on AWS. ☛ What is recommended way by which github actions should access AWS. ☛ How to avoid storing long lived AWS credentials in github secrets. ☛ Why we need github OIDC Provider (#oidc). ☛ How to add new Identity Provider in AWS. ☛ What is AWS assume role, trust and permission policy and how to create one in simple steps. ☛ Also, include latest update by github on June 2023 for configuring thumbprints for Identity Provider in AWS.

https://www.youtube.com/watch?v=3Czf9vzZ0jI

回答済み 1年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ