Skip to content

Adding AWS OIDC module#48

Merged
TylerMizuyabu merged 5 commits into
mainfrom
aws-oidc
Jun 17, 2024
Merged

Adding AWS OIDC module#48
TylerMizuyabu merged 5 commits into
mainfrom
aws-oidc

Conversation

@TylerMizuyabu

@TylerMizuyabu TylerMizuyabu commented Jun 17, 2024

Copy link
Copy Markdown
Contributor

Adds a module to setup oidc with AWS. The module creates the following resources:

  • A s3 bucket with encryption, and bucket versioning for the terraform state
  • A KMS key to use for s3 encryption
  • A dynamodb table to enable state locking on the aws terraform backend
  • An openid connect provider for github actions.
  • A role for the github actions to assume with web identity
  • A role policy allowing the role the necessary permissions to run terraform plans and applies
  • A resource group to help manage gh foundation resources.

bzarboni1
bzarboni1 approved these changes Jun 17, 2024
View reviewed changes
Comment thread modules/github-aws-oidc/variables.tf

variable "github_thumbprints" {
type = list(string)
description = "A list of top intermediate certifact authority thumbprints to use for setting up an openid connect provider with github. Info on how to obtain thumbprints here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html"

@bzarboni1 bzarboni1 Jun 17, 2024

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
description = "A list of top intermediate certifact authority thumbprints to use for setting up an openid connect provider with github. Info on how to obtain thumbprints here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html"
description = "A list of top intermediate certificate authority thumbprints to use for setting up an OpenID Connect provider with github. Info on how to obtain thumbprints here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html"

Comment thread modules/github-aws-oidc/variables.tf

variable "github_repo_owner" {
type = string
description = "The owner of the github foundations organizations repository. This value should be whatever github account you plan to make the repository under."

@bzarboni1 bzarboni1 Jun 17, 2024

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
description = "The owner of the github foundations organizations repository. This value should be whatever github account you plan to make the repository under."
description = "The owner of the github foundations organizations repository. This value should be the github account to make the repository under."

@TylerMizuyabu TylerMizuyabu merged commit 1153a25 into main Jun 17, 2024
@TylerMizuyabu TylerMizuyabu deleted the aws-oidc branch June 17, 2024 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bzarboni1 bzarboni1 bzarboni1 approved these changes

@blastdan blastdan Awaiting requested review from blastdan

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TylerMizuyabu @bzarboni1