{"id":19371413,"url":"https://github.com/michael-ortiz/aws-github-actions-terraform-workflow","last_synced_at":"2026-06-02T16:03:49.278Z","repository":{"id":248047559,"uuid":"827608608","full_name":"michael-ortiz/aws-github-actions-terraform-workflow","owner":"michael-ortiz","description":"A reusable GitHub Actions Workflow to Plan, Apply or Destroy Terraform Infrastructure in AWS","archived":false,"fork":false,"pushed_at":"2024-07-12T13:13:42.000Z","size":24,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"v1","last_synced_at":"2026-05-16T15:13:51.218Z","etag":null,"topics":["actions","aws","aws-s3","cicd","github-actions","oidc","opentofu","terraform"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/michael-ortiz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-12T02:21:53.000Z","updated_at":"2024-07-12T13:13:45.000Z","dependencies_parsed_at":null,"dependency_job_id":"8c70c19f-b9e1-4ef3-8a48-b5e9794d4334","html_url":"https://github.com/michael-ortiz/aws-github-actions-terraform-workflow","commit_stats":null,"previous_names":["michael-ortiz/aws-github-actions-terraform-workflow","mortiz-77/aws-github-actions-terraform-workflow"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/michael-ortiz/aws-github-actions-terraform-workflow","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michael-ortiz%2Faws-github-actions-terraform-workflow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michael-ortiz%2Faws-github-actions-terraform-workflow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michael-ortiz%2Faws-github-actions-terraform-workflow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michael-ortiz%2Faws-github-actions-terraform-workflow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/michael-ortiz","download_url":"https://codeload.github.com/michael-ortiz/aws-github-actions-terraform-workflow/tar.gz/refs/heads/v1","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michael-ortiz%2Faws-github-actions-terraform-workflow/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33829349,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-02T02:00:07.132Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","aws","aws-s3","cicd","github-actions","oidc","opentofu","terraform"],"created_at":"2024-11-10T08:18:20.546Z","updated_at":"2026-06-02T16:03:49.274Z","avatar_url":"https://github.com/michael-ortiz.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"## Terraform AWS GitHub Actions Plan / Apply Reusable Worfkflow\n\nA simple reusable workflow that allows you to run Terraform Plan, Applies or Destroys using GitHub Actions.\n\nEnsure to configure your AWS Credentials.\n\nTo configure an OIDC IAM Role for your GitHub repository, use this module:\n\nhttps://github.com/michael-ortiz/terraform-aws-github-actions-oidc\n\nTo configure you S3 Terraform Backend in AWS, use this module:\n\nhttps://github.com/michael-ortiz/terraform-aws-s3-terraform-state\n\n## Usage\n\n```yaml\nname: Deploy IaC\n\njobs:\n  deploy:\n    name: Terraform Deploy\n    uses: michael-ortiz/aws-github-actions-terraform-workflow/.github/workflows/terraform-workflow.yaml@v1\n    with:\n      action: apply # Optional: plan, destroy, apply\n      tf-version: latest\n      aws-region: us-east-1\n      environment: production\n      terraform_vars: 'foo=bar,bar=foo'\n    secrets:\n      # Recommended\n      PLAN_IAM_ROLE_ARN: ${{ secrets.PLAN_IAM_ROLE_ARN }}\n      APPLY_IAM_ROLE_ARN: ${{ secrets.APPLY_IAM_ROLE_ARN }}\n      # Optional\n      # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}\n      # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n```\n\n## Manual Approval for Applies\n\nTo use manual approvals, you must pass an `environment` input to the workflow and in GitHub, and configure and `Environment` in your repository Settings. Ensure the name of the environment matches the name of the environment created on the settings page.\n\nMore information on how to set this up here:\n\nhttps://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment\n\n## Demo Usage\n\nIn order to deploy, you must comment out the `backend.tf` code, and deploy manually using CLI into your AWS Account.\n\nOnce a `terraform.tfstate` is generated, you must copy the `.tfstate` file into S3 bucket state destination that you configured in the S3 backend in `backend.tf` and `main.tf` or reference the plan output to get the S3 bucket and DynamoDB table name.\n\nOnce the file is copied, uncomment the commented code, remove the generated terraform files in your project:\n\n```\nrm rf .terraform*\n```\n\nNext, run `terraform init` and `terraform plan`. If your local AWS Credentials have access to read from S3, the plan should succeed and should be reading the state from S3. \n\nFinally, to implement this in your GitHub Repository Actions, copy the plan outputs of the `apply_role_arn` and `plan_role_arn` values, and pass them as secrets to the reusable workflow `terraform-workflow.yaml`. See example on `Usage` section on how to set this up. \n\nEnsure that the OIDC roles policies have read and write permissions to the S3 bucket accordingly. Otherwise you will recieve a S3 `403` error code.\n\nEnjoy!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmichael-ortiz%2Faws-github-actions-terraform-workflow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmichael-ortiz%2Faws-github-actions-terraform-workflow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmichael-ortiz%2Faws-github-actions-terraform-workflow/lists"}