Skip to content

Commit

Permalink
fix grammar
Browse files Browse the repository at this point in the history
  • Loading branch information
@poxrud
poxrud authored Jan 10, 2024
1 parent d1f4391 commit 0d7c244
Showing 1 changed file with 7 additions and 9 deletions.
16 changes: 7 additions & 9 deletions _posts/2023-08-23-github-actions-with-aws.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ comments: true
description: A CloudFormation tutorial for using GitHub Actions with AWS S3. Can be used for deploying static websites.
---

_GitHub Actions_ allows the user to create _workflows_ that can automate tasks that can be triggered on certain actions, such as pull requests to specific branches. Typically a workflow will run tests on a PR before presenting it for merge approval. Another use case, and one that will be discussed here, is using a GitHub Actions workflow to build the static assets for a React project and _synching_ the resulting _build artifacts_ to an S3 bucket.
_GitHub Actions_ allows the user to create _workflows_ that can automate tasks that can be triggered on certain actions, such as pull requests to specific branches. Typically a workflow will run tests on a PR before presenting it for merge approval. Another use case, and one that will be discussed here, is using a GitHub Actions workflow to build the static assets for a React project and _syncing_ the resulting _build artifacts_ to an S3 bucket.

For the purpose of this tutorial we will make the following assumptions:

Expand All @@ -23,16 +23,14 @@ GitHub Actions needs permissions to run _aws cli_ commands. Previously this was

Instead, it is best practice to create IAM Roles for specific applications/services, and then let these applications/services _assume_ the Roles when required.

GitHub and AWS can authenticate with each other through the use of _OIDC Authentication_ protocol. To achieve this, we will use AWS to create an `IODCProvider`, whois job will be to authenticate with GitHub Actions and provide it with an IAM Role. GitHub Actions will then _Assume_ this when making aws cli calls on our behalf.
GitHub and AWS can authenticate with each other through the use of _OIDC Authentication_ protocol. To achieve this, we will use AWS to create an `IODCProvider`, whose job will be to authenticate with GitHub Actions and provide it with an IAM Role. GitHub Actions will then _Assume_ this Role when making aws cli calls on our behalf.

To clarify, we will need to create 2 resources on AWS's side:

- IODCProvider
- authenticate with GitHub and provide it with a Role
- IAM Role
- we need to create a role that will give GitHub the permissions for our AWS resources Specifically access to our S3 bucket.
- IODCProvider: to authenticate with GitHub and provide it with a Role
- IAM Role: a role that will give GitHub the permissions for our AWS resources. In this case, access to our S3 bucket.

IAM Roles have two parts: Permissions and Trust Policies. The permission policy assigns to the role permissions for AWS resources, while the Trust Policy simply indicated who can use (assume) this role.
IAM Roles have two parts: **Permissions** and **Trust Policies**. The permission policy assigns to the role permissions for AWS resources, while the Trust Policy simply indicated who can use (assume) this role.

The OIDCProvider, the GitHub access Role and its Trust and Permission policies can all be created using the CloudFormation template below:

Expand Down Expand Up @@ -89,7 +87,7 @@ Resources:
- !Ref GitHubActionsRole
```
This CF template will create a OIDCProvider, a GitHubActionsRole with the required s3 sync permissions, and a trust policy to only allow GitHub to assume this role.
This CF template will create an OIDCProvider, a GitHubActionsRole with the required s3 sync permissions, and a trust policy to only allow GitHub to assume this role.
Please note that the condition:
Expand All @@ -103,7 +101,7 @@ is required to make sure that only pushes to our repo and the **prod** branch ge

## Creating a GitHub Actions Workflow

Once we can establish authenticated GitHub => AWS connections we are ready to write our GitHub Actions Workflow.
Once we can establish authenticated GitHub => AWS connections, we are ready to write our GitHub Actions Workflow.

Workflows are made by creating a `.github/workflow` directory and placing in it workflow yaml files. It is possible to have many simultaneous workflows running in parallel.

Expand Down

0 comments on commit 0d7c244

Please sign in to comment.