The AWS account setup process will:
- Create the Terraform backend resources needed to store Terraform's infrastructure state files. The project uses an S3 backend.
- Create the OpenID connect provider in AWS to allow GitHub Actions to access AWS account resources.
- Create the IAM role and policy that GitHub Actions will use to manage infrastructure resources.
- You'll need to have set up infrastructure tools, like Terraform, AWS CLI, and AWS authentication.
- You'll also need to make sure the project is configured.
The account set up sets up whatever account you're authenticated into. To see which account that is, run
aws sts get-caller-identityTo see a more human readable account alias instead of the account, run
aws iam list-account-aliasesRun the following command, replacing <ACCOUNT_NAME> with a human readable name for the AWS account that you're authenticated into. The account name will be used to prefix the created tfbackend file so that it's easier to visually identify as opposed to identifying the file using the account id. For example, you have an account per environment, the account name can be the name of the environment (e.g. "prod" or "staging"). Or if you are setting up an account for all lower environments, account name can be "lowers". If your AWS account has an account alias, you can also use that.
make infra-set-up-account ACCOUNT_NAME=<ACCOUNT_NAME>This command will create the S3 tfstate bucket and the GitHub OIDC provider. It will also create a [account name].[account id].s3.tfbackend file in the infra/accounts directory.
This step requires GitHub CLI to be installed and configured to authenticate with your GitHub account. If you don't have it, you can install on Mac via brew install gh
make infra-check-github-actions-auth ACCOUNT_NAME=<ACCOUNT_NAME>If you make changes to the account terraform and want to apply those changes, run
make infra-update-current-accountTo undeploy and destroy infrastructure, see instructions on destroying infrastructure.