Skip to content

update: deployment_role_arn from secret to var #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
sandrahoang686 wants to merge 1 commit into
base: dev
Choose a base branch
from
Draft

update: deployment_role_arn from secret to var #186

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-auth-deployment"
aws-region: "us-west-2"

Expand Down Expand Up @@ -140,7 +140,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-backend-deployment"
aws-region: "us-west-2"

Expand Down Expand Up @@ -205,7 +205,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-airflow-sm2a-deployment"
aws-region: "${{ env.AWS_REGION }}"

Expand Down Expand Up @@ -254,7 +254,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-features-deployment"
aws-region: "us-west-2"

Expand Down Expand Up @@ -308,7 +308,7 @@ jobs:
if: ${{ env.GH_PAT_CHECK != '' }}
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-monitoring-deployment"
aws-region: "${{ env.AWS_REGION }}"

Expand Down Expand Up @@ -346,7 +346,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-titiler-multidim-deployment"
aws-region: "us-west-2"

Expand Down Expand Up @@ -384,7 +384,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-s3-disaster-recovery-deployment"
aws-region: "us-west-2"

Expand Down Expand Up @@ -428,7 +428,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-titiler-cmr-deployment"
aws-region: "us-west-2"

Expand Down Expand Up @@ -469,7 +469,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-routes-deployment"
aws-region: "${{ env.AWS_REGION }}"

Expand Down Expand Up @@ -532,7 +532,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-integration-test"
aws-region: "${{ env.AWS_DEFAULT_REGION }}"

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/diff.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
role-to-assume: ${{ vars.DEPLOYMENT_ROLE_ARN }}
role-session-name: "gh-${{ env.ENVIRONMENT }}-airflow-sm2a-deployment"
aws-region: "${{ env.AWS_REGION }}"

Expand Down
7 changes: 3 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,14 @@ Adding new deployment environments requires admin permissions for this veda-depl
## GitHub Environment
Each veda-deploy Github Environment needs Environment Secrets and Variables configured in the GitHub UI Settings for this veda-deploy project as well as detailed key-value AWS Secrets Manager secret(s) with configuration for the deployment of all components.

### GitHub Environment Secrets
GitHub Environment secret(s) configured in the GitHub UI settings for this veda-deploy repo:
`DEPLOYMENT_ROLE_ARN` - oidc role with permissions to deploy

### GitHub Environment Variables
GitHub Environment variables need to be set in the GitHub UI project settings. There should be one variable for each AWS Secrets Manager secret name. There should be one variable for each component indicating which GitHub reference to use to deploy that component via checking out that Github reference in the git submodule.

More instructions on these Github environment variables is provided below.

#### Roles with Permissions
`DEPLOYMENT_ROLE_ARN` - oidc role with permissions to deploy

#### AWS Secrets Manager Secret Name(s)

`DEPLOYMENT_ENV_SECRET_NAME` - the AWS secrets manager secret name with the required component env vars. See [AWS Secrets Requirements](#aws-secrets-requirements) for what env vars are needed. Note that the individual submodule GitHub repositories should be consulted for the most up to date environment variable names and explanations.
Expand Down