Using GitHub Action + terraform + aws

Hi Guys,
I am new to using Github action.I would like to know if there is a way to use GitHub Action to deploy terraform code to AWS with approval that support 2 AWS account(Testing and Prod).

Thanks inadvance.

Deploying to AWS using GitHub Actions + Terraform is pretty straightforward. Hashicorp wrote an explanation on how to do it themselves: Automate Terraform with GitHub Actions. The terraform state can also be managed with remote state directly in AWS using S3

You need to create two separate repository environments in your repository and add the respective AWS access keys to them as environment secrets. You can then configure your GitHub Actions to deploy to one of the environments when you want it to (e.g. main branch change → deploy to prod, dev branch change → deploy to dev; maybe new repository release → deploy to prod)

Within an environment you are also able to enable required reviews, which will require active reviewer confirmation before GitHub actions is allowed to access the secrets → can’t deploy until approval is given. Here are the docs on that.

@timmeinerzhagen,
Thank you so much for your fantastic response.Another question i have is will I be using one S3 backend configuration for the AWS accounts or I would need to create backend configuration for each account?please how will I reference that in my Yaml file.Will the solution require setting up workspace?
Thanks in advance

Hashicorp recommends having a separate AWS account for configuration management, which isolates the actual infrastructure from the terraform state as described on the AWS backend page I included.

Working with workspaces seems like a good fit for that. If you would rather not have a separate account for config, you can also just have the config in their own account respectively. Workspaces are just an additional set of separate statefiles for multiple deployments after all.

Also if you only have a small team, the free tier of Terraform cloud is also an option. That can make management for that a lot easier - but it is limited to max 5 people if you do not want to pay.

@timmeinerzhagen
I would rather have separate accounts for the configurations.So like you said before that I should add each AWS access keys as an environment secrets.

Here is what am thinking of doing sir:

1.Create a file called BACKEND.TF

2.Create 2 files inside BACKEND.TF (backend.tf.dv and backend.tf.prod)

3.Using partial configuration then specify the different bucket names in each environments.

4…Reference the backend configuration in GITHUB YAML file like

args: -backend-config=backend.tf/backend.tf.dv
args: -backend-config=backend.tf/backend.tf.prod

Since a default workspace will be created by terraform during the workflow.

Do you think this will work?

Sure that should work fine with partial configuration

I am getting this error when i used partial configuration![20210810_135050|690x396]

this is how my repo looks like

I want to be able to use backend.Dev-Env.tf for my Dev-Env environment but from the error,terraform is also running init on backend.Pro-Env


.tf