Playground for testing repo, GitHub actions and AWS CI/CD features.
- Run
cdk bootstrap aws://123456789012/eu-west-2- NOTE: Only required if the AWS environment is not already bootstrapped.
- NOTE: Replaced AWS Account ID as appropriate.
- NOTE: This can be done via AWS CloudShell.
- Run the
setup.templateCloudFormation template via CloudFormation- NOTE: OIDC Provider ARN is optional. If not provided it will generate one. (Useful if one has already been created)
- Run this for every environment that will be created in the appropriate AWS account ("Development", "Integration", "Production")
- Set the GitHub secret values 'DEV_DEPLOY_ROLE', 'INT_DEPLOY_ROLE' and 'PROD_DEPLOY_ROLE' to be the associated arns created previously at the environment level (not repo level) in GitHub.
CloudFormation Quick Links:
- Provider (for shared AWS accounts that may host multiple environments or repos)
- Development
- Integration
- Production
NOTE: Repository should require approval to run actions for non-codeowners.
Further docs: https://www.eliasbrange.dev/posts/secure-aws-deploys-from-github-actions-with-oidc/