Great video; everything was well explained. Loved the demo :) I have a question about using the repository secrets vs variables. Wondering if when working a group of people, using variables instead of secrets for the non sensitive data would be more convenient so peers can know what value is being used (for example, what S3 bucket is used to host the terraform state).
What a massive joy it was to go through the video and grasp the topics at hand, and great plus for showing us so many good practices which often are missed such as the use of GH-secrets.
hey thanks for the video and it helped me a lot , a quick question I've a scenario where I want to get the secrets from the parameter store and use that value in a config file eg: rds - endpoint and secrets i need to get the value to a config file how can I achieve that , if anyone could help me achieve this . and a suggestion can you do some zero to hero sessions on cloud and devops tools it would helpful a beginner like me
Thanks Amal for your suggestions :) Look in google for : Data Source: aws_ssm_parameter, you will find the webpage from Terraform. From the data you will do in your code, you can then interpolate the value of the data inside your rds block.
@@cloudscalr hey , in the open id connection part you have mentioned a username and repo name for setting an IAM policy, so what if it 's in an organization level repo the user name will be the organization name right ?? or do i need to give my id in the organization
Hello everyone, I have this issue with my Tf-GithubActions-Aws infrastructure, maybe someone could help me to solve it Error loading state: failed to lock s3 state: 2 errors occurred: * operation error DynamoDB: PutItem, https response error I use credentials from tf output, also I did not find any issues on iam.tf files so what is it could be ?
Great work Guilhem you made it so simple and make it very easy to understand the concept AWS , Terraform & GitHub Action hope you will make more videos on AWS/DevOps regards Sanjay from India
Hello, What could be the reasons i am getting this error? Error: Not authorized to perform sts:AssumeRoleWithWebIdentity. I did noticed on my aws account, there was no option to get thumbprint
What if the plan is successful, but the apply command fails because of some misconfiguration? what is the next step with the current way of working. Opening again a PR?
@@MaskedProgrammerfrom my experience.. it’s not often but terraform plan can work, but the apply can fail. For example making a new security group rule in aws in the plan could work fine, but the apply could lead to an error because the sgr definitions exist already. Interacting with the provider api during apply could result in an error on apply step.
Thanks so much for this! I'm currently trying to nail down this exact skill set on the big three platforms (AWS, GCP, and Azure) so that I can bake those pipelines into multi-platform deployments.
Thanks so much for the idea. I use Terraform Cloud and IAM Identity Center with AWS Organizations instead, so I got stuck after the OIDC config. I'd have to tweak a lot of things
Thanks for sharing this video. I am working with eks and really junior :) how can I create github action for my need? Which aim permission should I give?
Great content on terraform with GitHub action. Can you please make a video on how to pass environment specific values with terraform.tfvars file to the CI/CD pipeline
Not gonna lie I was following along fine until "Create AWS Policy". What exactly did you make here, and why? And what do you mean for us to do the same for our specific use-case? I'm kinda confused.
For the first one, you need to create a policy to allow the IAM Role assumes for Github permissions to access the AWS S3 bucket to read and overwrite the tfsate. The second one, is because dependes of the infrastructure and aws resources you want to deploy. For most cases, maybe, just with a PowerAccess o AdministratorAccess allow enough permissions to deploy all need resources.
Hey Nice Work, I am struggling with creating flow diagram for my Devops related projects, I have tried AWS cloudformation, but can you suggest some alternate options for the same. Thanks
can you please make a playlist on devops and aws...we want to learn from u
Great video; everything was well explained. Loved the demo :)
I have a question about using the repository secrets vs variables. Wondering if when working a group of people, using variables instead of secrets for the non sensitive data would be more convenient so peers can know what value is being used (for example, what S3 bucket is used to host the terraform state).
What a massive joy it was to go through the video and grasp the topics at hand, and great plus for showing us so many good practices which often are missed such as the use of GH-secrets.
Great content. Thank you!
Where exactly actions gng to run the gi mean the Ubuntu its in git or in aws ?
merci Great work keep going😅 just one question how can i destroy the same infrastructure later
- remove everything in `main.tf` and save the file
- stage files, then commit, and lastly push to the origin
- merge the PR we created now
Can you use Terraform itself to do all the steps both for GitHub and AWS?
hey thanks for the video and it helped me a lot , a quick question I've a scenario where I want to get the secrets from the parameter store and use that value in a config file
eg: rds - endpoint and secrets i need to get the value to a config file
how can I achieve that , if anyone could help me achieve this .
and a suggestion can you do some zero to hero sessions on cloud and devops tools it would helpful a beginner like me
Thanks Amal for your suggestions :)
Look in google for : Data Source: aws_ssm_parameter, you will find the webpage from Terraform.
From the data you will do in your code, you can then interpolate the value of the data inside your rds block.
@@cloudscalr hey , in the open id connection part you have mentioned a username and repo name for setting an IAM policy, so what if it 's in an organization level repo the user name will be the organization name right ?? or do i need to give my id in the organization
JWT is JSON Web Token, not Java Web Token. No Java is involved in the process (usually)
You are right, that was a typo from my side. Thanks for pointing it.
Hello everyone, I have this issue with my Tf-GithubActions-Aws infrastructure, maybe someone could help me to solve it
Error loading state: failed to lock s3 state: 2 errors occurred:
* operation error DynamoDB: PutItem, https response error
I use credentials from tf output, also I did not find any issues on iam.tf files so what is it could be ?
Great work Guilhem you made it so simple and make it very easy to understand the concept AWS , Terraform & GitHub Action hope you will make more videos on AWS/DevOps
regards
Sanjay
from India
Thank you Sanjay,
It’s the best part of doing video: when you hear it’s useful to someone!
Cheers.
Hello, What could be the reasons i am getting this error? Error: Not authorized to perform sts:AssumeRoleWithWebIdentity. I did noticed on my aws account, there was no option to get thumbprint
What if the plan is successful, but the apply command fails because of some misconfiguration? what is the next step with the current way of working. Opening again a PR?
you have the terraform validate. So there shouldn't be an error on the apply. Please someone correct me if i'm wrong
@@MaskedProgrammerfrom my experience.. it’s not often but terraform plan can work, but the apply can fail. For example making a new security group rule in aws in the plan could work fine, but the apply could lead to an error because the sgr definitions exist already. Interacting with the provider api during apply could result in an error on apply step.
can we add more repos under the same custom trust policy and also the repos are from different orgs.
0:46 The correct abbreviation of JWT is JSON Web Token not Java Web Token lol
Thanks for this informative video . How to destroy the stack ,can you pls elaborate ??
You need to do more videos
Thanks for the great video. Will you be able to add/explain how can we add a destroy job that can be triggered once tested?
at 8:10, I cannot access the policies in the roles tab??
Thanks so much for this! I'm currently trying to nail down this exact skill set on the big three platforms (AWS, GCP, and Azure) so that I can bake those pipelines into multi-platform deployments.
Wish you good luck mate!
great work, thanks for the efforts. where is the provider aws block ?
if i want to delete the infra using tf ?
41s - JWT = JSON Web Token
Great explanation!
You are right, that was a typo from my side. Thanks for pointing it.
Awesome! thanks for nice explanation.
10:20 I’m wondering about the aws provider block. Why didn’t you include it? Maybe the Terrafom action uses doesn’t require it?
Really worth
Thanks so much for the idea. I use Terraform Cloud and IAM Identity Center with AWS Organizations instead, so I got stuck after the OIDC config. I'd have to tweak a lot of things
Nice one ! Thanks for the explanation
Thanks for sharing this video. I am working with eks and really junior :) how can I create github action for my need? Which aim permission should I give?
Bro.... thanks alot
Great content on terraform with GitHub action. Can you please make a video on how to pass environment specific values with terraform.tfvars file to the CI/CD pipeline
Excelent !
Thank you for this tutorial. Its worked quite nice!!
Not gonna lie I was following along fine until "Create AWS Policy". What exactly did you make here, and why? And what do you mean for us to do the same for our specific use-case? I'm kinda confused.
For the first one, you need to create a policy to allow the IAM Role assumes for Github permissions to access the AWS S3 bucket to read and overwrite the tfsate. The second one, is because dependes of the infrastructure and aws resources you want to deploy. For most cases, maybe, just with a PowerAccess o AdministratorAccess allow enough permissions to deploy all need resources.
Do you have any recommendation for other github actions for TF?
Could you do the teardown pipeline video also?
Thanks
Thank you so much , it was crystal clear
Hey Nice Work, I am struggling with creating flow diagram for my Devops related projects, I have tried AWS cloudformation, but can you suggest some alternate options for the same. Thanks
Hi, Take a look at draw.io !
thanks Guilhem. great vid
Congratulations again for the useful content!
Thanks!
Great Job! You KISS ;)
Excelente tutorial
Killer🔪work 🙏
Thanks!
Great video! clear and informative.
Solid tutorial. Thank you.
Goodone. nice content
amazing sir
clean
Very clear !