Skip to content

feat: module for IAM role to trigger deployments from GitHub actions #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: module for IAM role to trigger deployments from GitHub actions #172

wants to merge 1 commit into from

Conversation

FrontierPsychiatrist
Copy link

@FrontierPsychiatrist FrontierPsychiatrist commented Sep 24, 2025
edited
Loading

Adds a module that creates an AWS IAM role that can be used from GitHub actions with configure-aws-credentials to trigger deployments using the deployment module (by putting objects into S3 or pushing an ECR image).

Should I add an example or maybe even extend an existing example? E.g., in examples/deployment/complete the idea would be to have this:

module "github_role" {
  source = "../../../modules/github-actions-role"

  github_repository = "moritzzimmer/terraform-aws-lambda"
  s3_prefixes       = ["${aws_s3_bucket.source.bucket}/${local.function_name}"]
}

and in examples/deployment/container-image:

module "github_role" {
  source = "../../../modules/github-actions-role"

  github_repository = "moritzzimmer/terraform-aws-lambda"
  ecr_repositories  = [aws_ecr_repository.this.name]
}

@FrontierPsychiatrist FrontierPsychiatrist changed the title feat: Module for IAM role to trigger deployments from GitHub actions feat: module for IAM role to trigger deployments from GitHub actions Sep 24, 2025
feat: module for IAM role to trigger deployments from GitHub actions
5c589f4 
Adds a module that creates an AWS IAM role that can be used from
GitHub actions with [configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials)
to trigger deployments using the deployment module (by putting objects
into S3 or pushing an ECR image).
FrontierPsychiatrist
FrontierPsychiatrist commented Sep 26, 2025
View reviewed changes
modules/github-actions-role/main.tf
statement {
sid = "BucketLevelAccess"
effect = "Allow"
resources = [for prefix in var.s3_prefixes : "arn:aws:s3:::${split("/", prefix)[0]}"]
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This actually doesn't work as wanted when there's multiple / in the path...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah wait, no, this explicitly only wants the bucket part without any paths, so it's correct

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moritzzimmer moritzzimmer Awaiting requested review from moritzzimmer moritzzimmer is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@FrontierPsychiatrist