SoliDeoGloria.tech

Technology for the Glory of God

0001

Authenticating Terraform with a GitHub App

In my current role, I configured Terraform to manage our GitHub organisation. As with all providers, we need need to provide credentials for authentication. I didn’t want to use an access token, as they are tied to an individual user and will cause breakage should the user depart the organisation. Thankfully, GitHub supports using an application for authentication.

Create the GitHub Application

The first step in the process is to create a new GitHub application. While this can be done either in a personal account or within an organisation, I recommend doing this within the organisation. That way, if someone leaves the organisation the application doesn’t go with.

Read more…

Deploying Terraform via a DevOps Pipeline

Not everyone is privileged to be able to use Terraform Cloud for deploying their Terraform infrastructure. This means that teams need to use their existing DevOps tooling to deploy their infrastructure via Terraform.

While I’ve seen many examples of pipelines for deploying Terraform code with various services, it felt like something was missing. Most example pipelines were designed to just run once a code review had occurred, and often would automatically deploy the changed code without any intervention. This wasn’t going to fly for us in a recent project. We needed a more robust plan for deployment, one that would cater for not only deployment of the infrastructure, but an opportunity to wait for approval of a specific plan, plus checks to make sure that the newly-committed code was up to standard.

Read more…