[GH-ISSUE #293] Improve the terraform workflow #173

New issue

Closed

opened 2026-02-27 19:17:08 +03:00 by kerem · 1 comment

kerem commented

2026-02-27 19:17:08 +03:00

Owner

Originally created by @ekosfin on GitHub (Apr 16, 2024).
Original GitHub issue: https://github.com/EddieTheCubeHead/Stagnum/issues/293

The following improvements should be made to the workflow for deploying terraform:

The workflow should not autoformat and commit the changes, but rather in the pull request send a comment saying that the formatting failed
The workflow should comment to the pull request the current terraform plan for easier pull request review
Currently the workflow is using AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID If these keys leak they can be used from anywhere. I would recommend creating a workflow IAM role in AWS that can be assumed with OICD to ensure that only github runners are able to limit access to the AWS account.

Originally created by @ekosfin on GitHub (Apr 16, 2024). Original GitHub issue: https://github.com/EddieTheCubeHead/Stagnum/issues/293 The following improvements should be made to the workflow for deploying terraform: - The workflow should not autoformat and commit the changes, but rather in the pull request send a comment saying that the formatting failed - The workflow should comment to the pull request the current terraform plan for easier pull request review - Currently the workflow is using AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID If these keys leak they can be used from anywhere. I would recommend creating a workflow IAM role in AWS that can be assumed with OICD to ensure that only github runners are able to limit access to the AWS account.