Overview

Hey geeks, in this blog we will be deploying an S3 bucket on AWS using a very special tool Terrateam that attaches with your GitHub action and you can streamline your Terraform plan and Terraform apply commands with just a few simple comments on your pull request

What is Terrateam?

Terrateam is Terraform automation for GitHub. Collaborate, plan, and apply alongside the rest of your code. Being 100% self-funded allows them to have laser-focused on making a rock-solid platform that their users can build on. Founded by hands-on software engineers who understand the importance of easy and repeatable workflow.

For whom this guide is for

• Our main audience for this current blog is Developers who work on DevOps and Infrastructure management using Terraform and GitHub on an almost daily basis and find a tool that automates their burden and can give comprehensive information for each PR(Pull Requests) requested on the GitHub repo. You can build multiple infrastructures with Terrateam such as Lambda, and EC2, just as we are doing to make the S3 bucket in this blog.

Let’s get started…

But before that, we need a few prerequisites for this tutorial to be enabled for flawless workflow.

Pre-Requisites

• AWS account: A freemium account is sufficient for this blog.

• GitHub account: Create or use a GitHub account for the blog.

• Terrateam is installed on your GitHub account, click here to install it.

Let’s get our hands on the tutorial

Let’s move forward step by step:

1. We will install Terrateam

• Install Terrateam on your GitHub account first.

• Go here and click Install.

• Select your account and click on it.

• You can choose as you want to customize Terrateam to install on only a single Repository rather than on the whole Account.

• But in our case, we were using default settings, then click install.

• Setup done!!

1. Next, create a new GitHub repo and clone it to your local system, that can be later used for all Terraform configuration files and directory storage.

(In your case, there might be some existing repo with all Terraform configuration files, you can use that as well.)

• We are making an AWS S3 using Terraform configuration:

For complete code visit here.

• Create a folder named S3, create a file named main.tf and put the above code in the main.tf file.

1. Next is to create a workflow for GitHub actions

• Create a directory named .github/workflows and create a file named terrateam.yml.

• Or just use the following commands in your terminal:

    mkdir -p .github/workflows
  

  the above command will create the required folders.

curl -L -o .github/workflows/terrateam.yml \

> https://terrateam.io/.github/workflows/terrateam.yml”

This command will add the required YAML to the terrateam.yml file inside the .github/workflows folder.

1. Next is setting up with AWS to Terrateam authentication.

• For this step, you need to have AWS CLI installed in your terminal, or you can use AWS CLI from the AWS console, but we prefer to install AWS CLI.

• Next, configure your AWS CLI with the AWS account you are using with the following commands:

  • aws configure

  • Add your AWS Account secret key, access key, and region.

• Create a file for the role named trustpolicy.json in your root of the project and paste the below configuration(JSON) into it

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Principal": {

        "Federated": "arn:aws:iam::AWS_ACCOUNT_ID:oidc-provider/token.actions.githubusercontent.com"

      },

      "Action": "sts:AssumeRoleWithWebIdentity",

      "Condition": {

        "StringLike": {

          "token.actions.githubusercontent.com:sub":

            "repo:GITHUB_ORG/*"

        },

        "StringEquals": {

          "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"

        }

      }

    }

  ]

}

• Remember to replace AWS_ACCOUNT_ID and GITHUB_ORG with all the respective values.

  • For AWS_ACCOUNT_ID run the following command in your terminal: aws sts get-caller-identity

  • This command will give you an ID that you can use to replace with AWS_ACCOUNT_ID or you can see your AWS_ACCOUNT_ID from the AWS console as well.

• For GITHUB_ORG go to this particular URL and you will find an ID: https://api.github.com/users/<your_github_username>

1. Next, you need to provide some access to Terrateam so that Terrateam can communicate with AWS to create infrastructure, for more details about this access follow this link.

• Paste these commands into your terminal

• This will create an IAM for Terrateam

aws iam create-open-id-connect-provider \

--url https://token.actions.githubusercontent.com \

--client-id-list sts.amazonaws.com --thumbprint-list \

6938fd4d98bab03faadb97b34396831e3780aea1 \

1c58a3a8518e8759bf075b76b750d4f2df264fcd

• Next, attach the trustpolicy to this IAM

aws iam create-role \

--role-name terrateam \

--assume-role-policy-document file://trustpolicy.json

1. Next is to make a config.yml file that runs the Terrateam on your GitHub.

• Create a directory named .terrateam and create a file in it named config.yml and add the following code:

hooks:

  all:

    pre:

      - type: oidc

        provider: aws

        role_arn: "arn:aws:iam::AWS_ACCOUNT_ID:role/terrateam"

• And remember to replace AWS_ACCOUNT_ID with your account ID.

1. All done, now just push all this configuration to your main or master branch of the repo.

Let’s see how Terrateam works on PR(Pull Requests) (All the workflows are controlled using Terrateam).

• For that you need to make a branch from this main branch and name it as you like, we are using terrateam-setup as a branch name.

• Use the following command to create a branch:

  • git checkout -b terrateam-setup

• Make small changes in your S3 configuration file.

• And push the branch into the repo.

• Now create a pull request either with the terminal using the following command: gh pr create --fill

• Or using GitHub UI.

• Go to Pull requests in your GitHub account

• You will find some checks are running on this branch, wait and you will see all checks are green for terrateam plan.

• You can see all the changes by clicking on “Details” of terrateam plan, in this case, it’s helping to create an S3 bucket.

• Once you are satisfied with the outputs each check is giving, you can now comment on your PR.

• Next is to comment terrateam apply the command to apply these changes in your AWS account and deploy your infrastructure.

Note: There’s one great thing in Terrateam bot if it accepts the command it will react with a rocket on your comment, otherwise it will show the error.

• Next is to wait for all terrateam apply checks to be green, once they are green all your infrastructure has been deployed to your AWS account.

Note: Checks are the process Terrateam does on your pull requests before executing plan and apply commands.

Note: Terrateam works on branches and after successful Terrateam Apply it merges all the changes into the main/master branch.

• Once all checks are done and Infra is applied Terrateam merges all the changes to the main/master branch of the repo.

All done!!

Let’s check our AWS console for the infrastructure:

• Go to the AWS console.

• And search for S3 in search options

• Click on Buckets and you will find an S3 Bucket is created here.

Key Points

1. We have gone through how to install Terrateam in your GitHub account.

2. Terraform configuration for S3 bucket to deploy.

3. We have made a workflow that will help us to run our pipelines for all plan and apply work.

4. Then we have given the authentication access to the Terrateam and attached some IAM policies to it as well.

5. Then, all configuration was pushed to the main or master branch of the repo.

6. Later we created a branch and made some changes in the Terraform configuration file and pushed it.

7. We have seen all the checks in our Pull Request that were automatically run and picked up by Terrateam(plan and apply).

8. Finally, our S3 bucket has been deployed to our AWS account.

For complete code visit here.

To learn more about Terrateam visit here.