Assuming you want to deploy infrastructure (configured with Terraform) to AWS, we can automate this with GitHub Actions. Instead of configuring IAM access keys, a more secure method would be to rely on a OIDC IAM role set up for your GitHub repository. However, the IAM role doesn’t exist before your Terraform configuration is applied (unless you want to manually create this IAM role, which is not recommended).
To solve this chicken and egg problem, manually run terraform plan and terraform apply locally to bootstrap the GitHub OIDC role.
Make sure the set up your workflow to work with OIDC. Add this snippet to allow job to use the created OIDC token:
permissions:
id-token: writeFor future deployments, the workflow can simply run terraform [plan|apply] with the OIDC role.