TERRAFORM AUTOMATION with GitHub and GCP Workload Identity Federation
ฝัง
- เผยแพร่เมื่อ 14 ต.ค. 2024
- In this tutorial, we will demonstrate how to automate infrastructure changes using GitHub Actions and Terraform. Based on the comprehensive HashiCorp tutorial, our video features additional steps, including utilising Workload Identity Federation in Google Cloud Platform (GCP) for authentication without service account keys.
Explore how to create an efficient GitHub Actions workflow file that allows planning without apply permissions for pull requests, while applying changes upon merging requests using Terraform. Learn how to set up two distinct service accounts, one for planning and the other for applying, to effectively manage permissions and resources.
Discover the intricacies of configuring a GCP Workload Identity Pool and provider, as well as setting up IAM policy bindings for your service accounts. Experience a hands-on demo showcasing the complete process of executing plans and applying changes in a GCP environment.
If you missed the previous videos about Workload Identity Federation Click here: • Multiple GCP Service A...
Links:
bit.ly/tf-gh-a...
developer.hash...
WHO AM I:
Hey friends, welcome to my TH-cam channel @outofdevops . If you're new my name is Anto, here I talk about software engineering and software engineers. Don't forget to comment like and subscribe 👍🏻.
TH-cam GEAR:
🎥 My TH-cam Camera Gear - kit.co/outofde...
MY SOCIAL LINKs:
🐦 Twitter - / outofdevops
📘 Facebook - / outofdevops
📰 My blog - amasucci.com
📸 Instagram - / outofdevops
GET IN TOUCH:
If you’d like to talk, I’d love to hear from you. Tweeting @OutOfDevOps directly will be the quickest way to get a response, but if your question is very long, feel free to email me at hi@OutOfDevOps.com.
PS: Some of the links in this description are affiliate links that I get a kickback from 😜
Good stuff!
Thanks
Can you create a video for self hosted runner on google cloud? Great stuff. really helpful.
Hey thanks, have you checked this one already: Autoscaling GitHub Runners: How to Create Elastic Runners in GCP
th-cam.com/video/AQPqm_bjlgg/w-d-xo.html
@@OutOfDevOps Yeah I found it :) But I think you have deleted the cloud-automation repository?
@@OutOfDevOps Would you be able to share the script folder from that repository?
you are running this from within google cloud ? as from outside the cloud you need to provide the credentails
Hi, nope... you don't need to run from within GCP if you configure Workload Identity Federation (WLIF). With WLIF you can exchange GitHub OIDC token for service account tokens. In this way you don't need any service account key, and you can also use multiple identities (service accounts) with the same runner.