Replace 123456789012 with your actual AWS Account ID
Export your AWS account id as a shell variable for later use
export accountid=123456789012
Create S3 bucket to store the Terraform state. You can choose a different region
aws s3 mb s3://terraform-state1-${accountid} --region us-east-1Create AWS IAM user with username 'GithubActions' using a designated profile
aws iam create-user --user-name GithubActionsCreate AWS IAM group with the name 'DeployS3Site' using the same AWS profile
aws iam create-group --group-name DeployS3SiteCreate AWS IAM policy named 'DeployS3SitePolicy' using the policy located in 'file://misc/policy.json'. This policy should define permissions necessary for operations
aws iam create-policy --policy-name DeployS3SitePolicy --policy-document file://misc/policy.jsonAttach the policy created above to the group 'DeployS3Site'. The policy ARN is derived from your AWS account id and policy name
aws iam attach-group-policy --policy-arn arn:aws:iam::${accountid}:policy/DeployS3SitePolicy --group-name DeployS3SiteAdd the previously created user 'GithubActions' to the group 'DeployS3Site', giving the user all permissions defined in the attached policy
aws iam add-user-to-group --user-name GithubActions --group-name DeployS3SiteCreate AWS Access Key for the IAM user 'GithubActions' which can be used for authenticating via CLI, SDKs etc.
aws iam create-access-key --user-name GithubActions
Add the following secrets into your repository settings:
ACCOUNT_ID
AWS_ACCESS_KEY_ID
AWS_REGION
AWS_SECRET_ACCESS_KEY
DISTRIBUTION_ID - (you can find it in the AWS console)Add the following environment variables into your repository settings:
SITE_NAME - (forthope.me in my case)| Name | Version |
|---|---|
| terraform | >= 1.4.0 |
| aws | ~> 5.31.0 |
| Name | Version |
|---|---|
| aws | 5.31.0 |
| Name | Source | Version |
|---|---|---|
| s3_website | ../ | n/a |
| Name | Type |
|---|---|
| aws_acm_certificate.this | resource |
| aws_acm_certificate_validation.cert_validation | resource |
| aws_cloudfront_distribution.this | resource |
| aws_cloudfront_origin_access_control.this | resource |
| aws_route53_record.cert_validation | resource |
| aws_route53_record.website | resource |
| aws_route53_record.www | resource |
| aws_s3_bucket.website | resource |
| aws_s3_bucket_ownership_controls.s3_bucket_ownership | resource |
| aws_s3_bucket_policy.policy | resource |
| aws_s3_bucket_public_access_block.s3_access_block | resource |
| aws_s3_bucket_versioning.bucket_versioning | resource |
| aws_s3_bucket_website_configuration.hosting | resource |
| aws_s3_object.file | resource |
| aws_caller_identity.current | data source |
| aws_route53_zone.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_region | n/a | string |
"us-east-1" |
no |
| bucket_versioning | Versioning for S3 bucket | string |
"Disabled" |
no |
| domain_name | Name of the domain | string |
"example.com" |
yes |
| tags | n/a | map |
{ |
no |
| Name | Description |
|---|---|
| cloudfront_url | Cloudfront URL |
| website_url | Website URL (HTTPS) |