Overview
Hey geeks, in this blog we will be deploying an S3 bucket on AWS using a very special tool Terrateam that attaches with your GitHub action and you can streamline your Terraform plan and Terraform apply commands with just a few simple comments on your pull request
What is Terrateam?
Terrateam is Terraform automation for GitHub. Collaborate, plan
, and apply
alongside the rest of your code. Being 100% self-funded allows them to have laser-focused on making a rock-solid platform that their users can build on. Founded by hands-on software engineers who understand the importance of easy and repeatable workflow.
For whom this guide is for
- Our main audience for this current blog is Developers who work on DevOps and Infrastructure management using Terraform and GitHub on an almost daily basis and find a tool that automates their burden and can give comprehensive information for each PR(Pull Requests) requested on the GitHub repo. You can build multiple infrastructures with Terrateam such as
Lambda
, andEC2
, just as we are doing to make theS3 bucket
in this blog.
Let’s get started…
But before that, we need a few prerequisites for this tutorial to be enabled for flawless workflow.
Pre-Requisites
AWS account: A freemium account is sufficient for this blog.
GitHub account: Create or use a GitHub account for the blog.
Terrateam is installed on your GitHub account, click here to install it.
Let’s get our hands on the tutorial
Let’s move forward step by step:
- We will install Terrateam
Install Terrateam on your GitHub account first.
Go here and click Install.
Select your account and click on it.
You can choose as you want to customize Terrateam to install on only a single Repository rather than on the whole Account.
But in our case, we were using default settings, then click install.
- Setup done!!
- Next, create a new GitHub repo and clone it to your local system, that can be later used for all Terraform configuration files and directory storage.
(In your case, there might be some existing repo with all Terraform configuration files, you can use that as well.)
- We are making an AWS
S3
using Terraform configuration:
For complete code visit here.
- Create a folder named S3, create a file named
main.tf
and put the above code in themain.tf
file.
- Next is to create a workflow for GitHub actions
Create a directory named
.github/workflows
and create a file namedterrateam.yml
.Or just use the following commands in your terminal:
mkdir -p .github/workflows
the above command will create the required folders.
curl -L -o .github/workflows/terrateam.yml \
> https://terrateam.io/.github/workflows/terrateam.yml”
This command will add the required YAML to the terrateam.yml
file inside the .github/workflows
folder.
- Next is setting up with AWS to Terrateam authentication.
For this step, you need to have AWS CLI installed in your terminal, or you can use AWS CLI from the AWS console, but we prefer to install AWS CLI.
Next, configure your AWS CLI with the AWS account you are using with the following commands:
aws configure
Add your AWS Account secret key, access key, and region.
Create a file for the role named
trustpolicy.json
in your root of the project and paste the below configuration(JSON) into it
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::AWS_ACCOUNT_ID:oidc-provider/token.actions.githubusercontent.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringLike": {
"token.actions.githubusercontent.com:sub":
"repo:GITHUB_ORG/*"
},
"StringEquals": {
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
}
}
}
]
}
Remember to replace
AWS_ACCOUNT_ID
andGITHUB_ORG
with all the respective values.For
AWS_ACCOUNT_ID
run the following command in your terminal:aws sts get-caller-identity
This command will give you an ID that you can use to replace with
AWS_ACCOUNT_ID
or you can see yourAWS_ACCOUNT_ID
from the AWS console as well.
- For
GITHUB_ORG
go to this particular URL and you will find an ID: https://api.github.com/users/<your_github_username>
- Next, you need to provide some access to
Terrateam
so thatTerrateam
can communicate withAWS
to create infrastructure, for more details about this access follow this link.
Paste these commands into your terminal
This will create an IAM for
Terrateam
aws iam create-open-id-connect-provider \
--url https://token.actions.githubusercontent.com \
--client-id-list sts.amazonaws.com --thumbprint-list \
6938fd4d98bab03faadb97b34396831e3780aea1 \
1c58a3a8518e8759bf075b76b750d4f2df264fcd
- Next, attach the
trustpolicy
to this IAM
aws iam create-role \
--role-name terrateam \
--assume-role-policy-document file://trustpolicy.json
- Next is to make a
config.yml
file that runs the Terrateam on your GitHub.
- Create a directory named
.terrateam
and create a file in it namedconfig.yml
and add the following code:
hooks:
all:
pre:
- type: oidc
provider: aws
role_arn: "arn:aws:iam::AWS_ACCOUNT_ID:role/terrateam"
- And remember to replace
AWS_ACCOUNT_ID
with your account ID.
- All done, now just push all this configuration to your
main
ormaster
branch of the repo.
Let’s see how Terrateam works on PR(Pull Requests) (All the workflows are controlled using Terrateam).
For that you need to make a branch from this main branch and name it as you like, we are using
terrateam-setup
as a branch name.Use the following command to create a branch:
git checkout -b terrateam-setup
Make small changes in your
S3
configuration file.And push the branch into the repo.
Now create a pull request either with the terminal using the following command:
gh pr create --fill
Or using GitHub UI.
Go to Pull requests in your GitHub account
You will find some checks are running on this branch, wait and you will see all checks are green for
terrateam plan
.You can see all the changes by clicking on “Details” of
terrateam plan
, in this case, it’s helping to create anS3
bucket.
Once you are satisfied with the outputs each check is giving, you can now comment on your PR.
Next is to comment
terrateam apply
the command to apply these changes in your AWS account and deploy your infrastructure.
Note: There’s one great thing in Terrateam bot if it accepts the command it will react with a rocket on your comment, otherwise it will show the error.
- Next is to wait for all
terrateam apply
checks to be green, once they are green all your infrastructure has been deployed to your AWS account.
Note: Checks are the process Terrateam
does on your pull requests before executing plan
and apply
commands.
Note: Terrateam works on branches and after successful Terrateam Apply
it merges all the changes into the main/master
branch.
- Once all checks are done and Infra is applied Terrateam merges all the changes to the main/master branch of the repo.
All done!!
Let’s check our AWS console for the infrastructure:
Go to the AWS console.
And search for
S3
in search options
- Click on Buckets and you will find an
S3
Bucket is created here.
Key Points
We have gone through how to install Terrateam in your GitHub account.
Terraform configuration for S3 bucket to deploy.
We have made a workflow that will help us to run our pipelines for all plan and apply work.
Then we have given the authentication access to the Terrateam and attached some IAM policies to it as well.
Then, all configuration was pushed to the main or master branch of the repo.
Later we created a branch and made some changes in the Terraform configuration file and pushed it.
We have seen all the checks in our Pull Request that were automatically run and picked up by Terrateam(plan and apply).
Finally, our S3 bucket has been deployed to our AWS account.
For complete code visit here.
To learn more about Terrateam visit here.