Open in app

Sign in

Write

Sign in

Step-by-Step Guide on Setting Up CloudFormation IAM User for Github Actions

Tek Loon
Geek Culture
Published in
3 min readJun 27, 2021
Photo by Jakob Owens on Unsplash

Past few weeks, I have written several posts related to AWS CloudFormation. Since AWS CloudFormation is also known as Infrastructure as Code, I would love to learn how I can automate the deployment whenever I change the CloudFormation template.

So in this post, I will be sharing the step-by-step guide to create an IAM Role that will be used by Github Action later to deploy the CloudFormation stack.

Without further ado, let’s get started.

Step 1 — Go to IAM Dashboard and Add User

Firstly, let’s visit the AWS IAM Dashboard. Then, click on “Users” at the left side navigation and then click on “Add User” as shown in the screenshot below.

Step 2 — Setup User with Programmatic Access

In step 2, I will be entering the username for this user and set the Access type to Programmatic Access.

This user will be only using AWS API & SDK tools to build & deploy the cloud formation stack. Thus, we don’t need to grant access to the AWS Management Console for this user.

Step 3 — Attach CloudFormation Full Access Policy to the User

For now, I will be assigning AWSCloudFormationFullAccess policy to the IAM user as it requires permission in order to create/update the CloudFormation stack.

In addition, if you’re planning to create EC2 Instance via CloudFormation, you will need to assign the AWSEC2FullAccess policy to the IAM user as well.

This is because the CloudFormation permissions were only for the CloudFormation action, the underlying resources such as EC2 Instances would need EC2-related permissions.

Step 4 — Review User & Download .csv file for the Credential

In this step, we will review the user creation and download .csv file which contains the created user credentials.

The csv file contains the Access Key ID and Access Key Secret which we will use in the Github Action which helps us automate the CloudFormation deployment. Refer to the screenshot below for more details.

The most crucial part is to download the csv file. Because if you do not download it at the last step and you forget the secret key. There is no way you could get back the Access Key Secret. You would need to recreate a new set of Access Key ID and Access Key Secret.

Conclusion

In this post, I shared on How to Create an IAM role for CloudFormation Deployment using AWS IAM Dashboard.

In the next post, I will be sharing on How to Use the IAM Role we created in this post in Github Action. The link is provided below.

How I Deploy AWS CloudFormation Stack using Github Action

CloudFormation Stack Deployment is easy and fun when do it with Github Action

aws.plainenglish.io

Thank you for reading.

AWS
Continuous Delivery
Programming
Software Engineering
Cloud Computing

--

--

Tek Loon
Geek Culture

Written by Tek Loon

272 Followers
Writer for

Coder and Writer. If you enjoy my stories— support me by https://www.buymeacoffee.com/tekloon so I can keep writing articles for the community.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams