What a massive joy it was to go through the video and grasp the topics at hand, and great plus for showing us so many good practices which often are missed such as the use of GH-secrets.
Thanks so much for this! I'm currently trying to nail down this exact skill set on the big three platforms (AWS, GCP, and Azure) so that I can bake those pipelines into multi-platform deployments.
Great work Guilhem you made it so simple and make it very easy to understand the concept AWS , Terraform & GitHub Action hope you will make more videos on AWS/DevOps regards Sanjay from India
What if the plan is successful, but the apply command fails because of some misconfiguration? what is the next step with the current way of working. Opening again a PR?
@@MaskedProgrammerfrom my experience.. it’s not often but terraform plan can work, but the apply can fail. For example making a new security group rule in aws in the plan could work fine, but the apply could lead to an error because the sgr definitions exist already. Interacting with the provider api during apply could result in an error on apply step.
Thanks so much for the idea. I use Terraform Cloud and IAM Identity Center with AWS Organizations instead, so I got stuck after the OIDC config. I'd have to tweak a lot of things
Great video; everything was well explained. Loved the demo :) I have a question about using the repository secrets vs variables. Wondering if when working a group of people, using variables instead of secrets for the non sensitive data would be more convenient so peers can know what value is being used (for example, what S3 bucket is used to host the terraform state).
Hello, What could be the reasons i am getting this error? Error: Not authorized to perform sts:AssumeRoleWithWebIdentity. I did noticed on my aws account, there was no option to get thumbprint
Thanks for sharing this video. I am working with eks and really junior :) how can I create github action for my need? Which aim permission should I give?
Hey Nice Work, I am struggling with creating flow diagram for my Devops related projects, I have tried AWS cloudformation, but can you suggest some alternate options for the same. Thanks
Hello everyone, I have this issue with my Tf-GithubActions-Aws infrastructure, maybe someone could help me to solve it Error loading state: failed to lock s3 state: 2 errors occurred: * operation error DynamoDB: PutItem, https response error I use credentials from tf output, also I did not find any issues on iam.tf files so what is it could be ?
hey thanks for the video and it helped me a lot , a quick question I've a scenario where I want to get the secrets from the parameter store and use that value in a config file eg: rds - endpoint and secrets i need to get the value to a config file how can I achieve that , if anyone could help me achieve this . and a suggestion can you do some zero to hero sessions on cloud and devops tools it would helpful a beginner like me
Thanks Amal for your suggestions :) Look in google for : Data Source: aws_ssm_parameter, you will find the webpage from Terraform. From the data you will do in your code, you can then interpolate the value of the data inside your rds block.
@@cloudscalr hey , in the open id connection part you have mentioned a username and repo name for setting an IAM policy, so what if it 's in an organization level repo the user name will be the organization name right ?? or do i need to give my id in the organization
Great content on terraform with GitHub action. Can you please make a video on how to pass environment specific values with terraform.tfvars file to the CI/CD pipeline
Not gonna lie I was following along fine until "Create AWS Policy". What exactly did you make here, and why? And what do you mean for us to do the same for our specific use-case? I'm kinda confused.
For the first one, you need to create a policy to allow the IAM Role assumes for Github permissions to access the AWS S3 bucket to read and overwrite the tfsate. The second one, is because dependes of the infrastructure and aws resources you want to deploy. For most cases, maybe, just with a PowerAccess o AdministratorAccess allow enough permissions to deploy all need resources.
![I.N "HALLUCINATION" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/n5B5q1Hwt_U/mqdefault.jpg)
What a massive joy it was to go through the video and grasp the topics at hand, and great plus for showing us so many good practices which often are missed such as the use of GH-secrets.
Thanks so much for this! I'm currently trying to nail down this exact skill set on the big three platforms (AWS, GCP, and Azure) so that I can bake those pipelines into multi-platform deployments.
Wish you good luck mate!
41s - JWT = JSON Web Token
Great explanation!
You are right, that was a typo from my side. Thanks for pointing it.
Thanks for this informative video . How to destroy the stack ,can you pls elaborate ??
Thanks for the great video. Will you be able to add/explain how can we add a destroy job that can be triggered once tested?
Great work Guilhem you made it so simple and make it very easy to understand the concept AWS , Terraform & GitHub Action hope you will make more videos on AWS/DevOps
regards
Sanjay
from India
Thank you Sanjay,
It’s the best part of doing video: when you hear it’s useful to someone!
Cheers.
can we add more repos under the same custom trust policy and also the repos are from different orgs.
This is very precise. Thank you for sharing this great video.
great work, thanks for the efforts. where is the provider aws block ?
What if the plan is successful, but the apply command fails because of some misconfiguration? what is the next step with the current way of working. Opening again a PR?
you have the terraform validate. So there shouldn't be an error on the apply. Please someone correct me if i'm wrong
@@MaskedProgrammerfrom my experience.. it’s not often but terraform plan can work, but the apply can fail. For example making a new security group rule in aws in the plan could work fine, but the apply could lead to an error because the sgr definitions exist already. Interacting with the provider api during apply could result in an error on apply step.
10:20 I’m wondering about the aws provider block. Why didn’t you include it? Maybe the Terrafom action uses doesn’t require it?
can you please make a playlist on devops and aws...we want to learn from u
at 8:10, I cannot access the policies in the roles tab??
Thanks so much for the idea. I use Terraform Cloud and IAM Identity Center with AWS Organizations instead, so I got stuck after the OIDC config. I'd have to tweak a lot of things
if i want to delete the infra using tf ?
You need to do more videos
Where exactly actions gng to run the gi mean the Ubuntu its in git or in aws ?
Could you do the teardown pipeline video also?
Thanks
Thank you for this tutorial. Its worked quite nice!!
Great video; everything was well explained. Loved the demo :)
I have a question about using the repository secrets vs variables. Wondering if when working a group of people, using variables instead of secrets for the non sensitive data would be more convenient so peers can know what value is being used (for example, what S3 bucket is used to host the terraform state).
Hello, What could be the reasons i am getting this error? Error: Not authorized to perform sts:AssumeRoleWithWebIdentity. I did noticed on my aws account, there was no option to get thumbprint
Congratulations again for the useful content!
Thanks!
Awesome! thanks for nice explanation.
Can you use Terraform itself to do all the steps both for GitHub and AWS?
Nice one ! Thanks for the explanation
Do you have any recommendation for other github actions for TF?
Thanks for sharing this video. I am working with eks and really junior :) how can I create github action for my need? Which aim permission should I give?
thanks Guilhem. great vid
Thank you so much , it was crystal clear
Hey Nice Work, I am struggling with creating flow diagram for my Devops related projects, I have tried AWS cloudformation, but can you suggest some alternate options for the same. Thanks
Hi, Take a look at draw.io !
Hello everyone, I have this issue with my Tf-GithubActions-Aws infrastructure, maybe someone could help me to solve it
Error loading state: failed to lock s3 state: 2 errors occurred:
* operation error DynamoDB: PutItem, https response error
I use credentials from tf output, also I did not find any issues on iam.tf files so what is it could be ?
Great video! clear and informative.
hey thanks for the video and it helped me a lot , a quick question I've a scenario where I want to get the secrets from the parameter store and use that value in a config file
eg: rds - endpoint and secrets i need to get the value to a config file
how can I achieve that , if anyone could help me achieve this .
and a suggestion can you do some zero to hero sessions on cloud and devops tools it would helpful a beginner like me
Thanks Amal for your suggestions :)
Look in google for : Data Source: aws_ssm_parameter, you will find the webpage from Terraform.
From the data you will do in your code, you can then interpolate the value of the data inside your rds block.
@@cloudscalr hey , in the open id connection part you have mentioned a username and repo name for setting an IAM policy, so what if it 's in an organization level repo the user name will be the organization name right ?? or do i need to give my id in the organization
Great content. Thank you!
Great content on terraform with GitHub action. Can you please make a video on how to pass environment specific values with terraform.tfvars file to the CI/CD pipeline
merci Great work keep going😅 just one question how can i destroy the same infrastructure later
- remove everything in `main.tf` and save the file
- stage files, then commit, and lastly push to the origin
- merge the PR we created now
Solid tutorial. Thank you.
Not gonna lie I was following along fine until "Create AWS Policy". What exactly did you make here, and why? And what do you mean for us to do the same for our specific use-case? I'm kinda confused.
For the first one, you need to create a policy to allow the IAM Role assumes for Github permissions to access the AWS S3 bucket to read and overwrite the tfsate. The second one, is because dependes of the infrastructure and aws resources you want to deploy. For most cases, maybe, just with a PowerAccess o AdministratorAccess allow enough permissions to deploy all need resources.
Excelente tutorial
JWT is JSON Web Token, not Java Web Token. No Java is involved in the process (usually)
You are right, that was a typo from my side. Thanks for pointing it.
Very clear !
Excelent !
Really worth
amazing sir
Goodone. nice content
Bro.... thanks alot
Killer🔪work 🙏
Thanks!
Great Job! You KISS ;)
clean
0:46 The correct abbreviation of JWT is JSON Web Token not Java Web Token lol