Automation for Terraform Deployment Using GitHub Actions and Terraform Cloud
In this tutorial, I will demonstrate using GitHub Actions and Terraform Cloud to deploy Terraform to AWS.
To follow this tutorial, you need to have the following prerequisites:
- An AWS account,
- An IAM user on your AWS account with AdministratorAccess and obtain an access key and secret key,
- Terraform installed on your local machine,
- GitHub account and a repository for this project,
- A Terraform cloud account setup with your organization name. Check the link below to setup Terraform Cloud.
https://developer.hashicorp.com/terraform/tutorials/cloud-get-started
What you will be doing:
Create a directory on your local computer where your terraform file will be saved
Write a terraform script or code to be pushed to your GitHub repository
Save your AWS Access Key ID and Secret Access Key in Terraform Cloud variables
Save your Terraform API Token in your GitHub repository
Write a GitHub Actions code telling GitHub what task to perform
Create a directory on your local computer where your terraform file will be saved
On your PC or local computer, create a directory (folder) where your Terraform file will be saved. Name this directory and right-click to open it using whatever IDE you have installed on your PC, preferably “Visual Studio Code”.
Write a terraform script or code to be pushed to your GitHub repository
After opening your said directory, create a “main.tf” file inside the directory and write your Terraform script or code to be deployed.
# Define the AWS provider
provider "aws" {
region = "us-west-1" # Change this to your desired AWS region
}# Create a VPC
resource "aws_vpc" "ij_vpc" {
cidr_block = "172.16.0.0/16"
}#Create a Subnet
resource "aws_subnet" "example_subnet" {
vpc_id = aws_vpc.ij_vpc.id
cidr_block = "172.16.0.0/18"
}
# Create a security group
resource "aws_security_group" "example_sg" {
name = "example-sg"
description = "Example security group" ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
} egress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
} vpc_id = aws_vpc.ij_vpc.id
}# Create an EC2 instance
resource "aws_instance" "ayo_instance" {
ami = "ami-0f8e81a3da6e2510a" # Amazon Linux 2 AMI in us-west-1
instance_type = "t2.micro"
subnet_id = aws_subnet.example_subnet.id # You'll need to define a subnet
key_name = "ayoterraformkey" # Change this to your key pair name tags = {
Name = "ExampleInstance"
} // vpc_security_group_id = aws_security_group.example_sg.id
}
Modify the code to meet your own requirements and save the code.
Now open your terminal to be able to push your code to your already-created GitHub repository (remote repository). Follow the below commands to push your code to GitHub.
git initAfter initializing your local repository,
git add .to add all the files in your directory to the list of files to be pushed to git.
git commit -m "COMMIT MESSAGE"After adding files, you commit your changes. Next, you connect your local repository to your remote repository.
git remote add origin <git@github.com:Aiyegbus/demo-repo.git>Modify the above command to connect to your remote repository.
git branch -M main
git push -u origin mainThen push your code to GitHub.
Save your AWS Access Key ID and Secret Access Key in Terraform Cloud variables
In your Terraform Cloud, create a new workspace and select API-driven workflow. Name your workspace and select “Create Workspace”. Next, navigate to variables and select “add variables”. Select environment variables and enter AWS Access Key ID as “Key” and the value of your AWS Access Key ID as "value." Also, check the sensitive box and add variable. Do the same for the AWS Secret Access Key and save it.
Save your Terraform API Token in your GitHub repository
In your GitHub repository, navigate to Settings — Secrets and Variables — Actions. Select “New Repository Secret” to add your Terraform API Token.
Write a GitHub Actions code telling GitHub what task to perform
After saving your AWS Access key and Secret Key, navigate to Actions — “Set up a workflow yourself”. Name the file with the “.yml” extension and enter the GitHub action to be performed.
name: "Terraform Apply"
on:
push:
branches:
- main
env:
TF_CLOUD_ORGANIZATION: "Ayodev"
TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}"
TF_WORKSPACE: "test-CI-auto-tf-deploy-2"
CONFIG_DIRECTORY: "./"
jobs:
terraform:
if: github.repository != 'hashicorp-education/learn-terraform-github-actions'
name: "Terraform Apply"
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Upload Configuration
uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.4
id: apply-upload
with:
workspace: ${{ env.TF_WORKSPACE }}
directory: ${{ env.CONFIG_DIRECTORY }}
- name: Create Apply Run
uses: hashicorp/tfc-workflows-github/actions/create-run@v1.0.4
id: apply-run
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
- name: Apply
uses: hashicorp/tfc-workflows-github/actions/apply-run@v1.0.4
if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable
id: apply
with:
run: ${{ steps.apply-run.outputs.run_id }}
comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"Commit and save your code. The code should start running and deploy Terraform to AWS.
Note: You can edit the configuration files to meet your own requirements.