AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

What is the best IAM setup for github ( github actions ) for CI/CD?

0

How would I set up github actions (CI/CD) to access AWS ? (best or recommended secure approach) ?

Technical areas of expertise

  • IAM
  • CI/CD with github actions (access an AWS account

I would like to know if there is any documentation that I can access on how to properly set up, or the recommended way to setup Github actions so that it can access my AWS account.

Should I set up a user with a generated keypair (.pem or ssh key pair)

or should I set up a role and apply a policy to a role and some how have github actions assume that role?


What is the best recommended approach for a system like github (github CI/CD actions), accessing AWS resources like pushing a Docker image to AWS ECR?

For my CI/CD, the only thing I need to do is to push a Docker container to AWS ECR and then test via Python HTTP GET / POST some API endpoints to make sure deployment of the container was successfully started

4개 답변
0

The following blog is in Japanese but is set up by creating an IAM role.
https://dev.classmethod.jp/articles/github-actions-aws-sts-credentials-iamrole/
Basically, if you need access to AWS resources, it is better to use temporary credentials (e.g., IAM roles).

profile picture
전문가
답변함 2년 전
  • Thank you very much. I cannot read Japanese, but will see if Google translate can translate the page. It refers to OIDC which I have seen before but know little about. I will search on that as well.

0

Hi DevLocalCA,

I would look into this guide: https://aws.amazon.com/blogs/containers/create-a-ci-cd-pipeline-for-amazon-ecs-with-github-actions-and-aws-codebuild-tests/.

It uses GitHub as a source code repository can use GitHub Actions to build a complete CI/CD pipeline for applications deployed on Amazon ECS, leveraging github actions such as github.com/aws-actions/configure-aws-credentials and github.com/aws-actions/amazon-ecr-login.

Hope it helps you ;)

profile picture
전문가
답변함 2년 전
0

I've created two GH repos to support this and a related blog post linked in the second repo.

The first repo has the CloudFormation to deploy an OIDC IAM Role and IDP Pair to support authentication. https://github.com/rwickit/aws-github-cicd

The second has the blog and Action examples to support deployment of AWS resources using Actions in both CloudFormation and Terraform. https://github.com/rosswickman/aws-automation-workflows

profile picture
답변함 2년 전
0

I recently created a youtube video (on channel: learn4tarakki), talking about best practice of setting up github actions to access AWS. We setup github actions with github OIDC Provider and added Github Indentity Provider in AWS and created assume role in AWS with trust and permission policy.

Key take aways and Queries, it answers: ☛ What is github actions and how to create from scratch. ☛ How to write github actions workflow to deploy react app on AWS. ☛ What is recommended way by which github actions should access AWS. ☛ How to avoid storing long lived AWS credentials in github secrets. ☛ Why we need github OIDC Provider (#oidc). ☛ How to add new Identity Provider in AWS. ☛ What is AWS assume role, trust and permission policy and how to create one in simple steps. ☛ Also, include latest update by github on June 2023 for configuring thumbprints for Identity Provider in AWS.

https://www.youtube.com/watch?v=3Czf9vzZ0jI

답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인