Based on this blog post

In this scenario, continuous integration of an AWS environment is desired. Configuration is managed via HashiCorp Terraform. Continuous Integration is managed via GitHub Actions. By loading the necessary Terraform configuration files into this repository along with two GitHub Workflows, the Terraform files can be used to Plan and Apply into the target environment.

NOTE: GitHub Actions are disabled for this repository to prevent abuse. You can view previous runs here.

This repository contains two GitHub Workflow files:

• Terraform Plan - Triggered by any Pull Request.

• Terraform Apply - Triggered by a Push into the master branch.

• Checks the Terraform configuration for security vulnerabilities with tfsec.

• Constructs AWS credentials using a Secrets stored in this repository.

• Loads the Terraform CLI wrapper with Setup Terraform

• Terraform CLI performs an Init and Plan based on the pull request's configuration.

• GitHub Actions Bot adds a comment to the pull request with the results. Example: Pull Request 1

You can view pervious Terraform Plan workflows here.

• Constructs AWS credentials using a Secrets stored in this repository.

• Loads the Terraform CLI wrapper with Setup Terraform

• Terraform CLI performs an Init and Apply based on the new push configuration.

You can view pervious Terraform Apply workflows here.

Credentials should be stored in the user\.aws\credential file using Secrets stored in this repository.

Example:

mkdir -p ~/.aws
echo "[default]" > ~/.aws/credentials
echo "aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials
echo "aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials