Skip to content

Add role ARN as a secret

This section shows you how to set up the IAM role ARN as a secret in the GitHub environment you created earlier.

Step 1: Add the secret

Run these commands and paste the the value of iam_assumable_role_github_oidc_cicd_arn from the setup of IAM roles when asked to paste your secret.

export IAC_REPO="oslokommune/pirates-iac"
export IAC_REPO_ENV="pirates-dev-app-too-tikki-cicd"
gh secret set --repo "$IAC_REPO" --env "$IAC_REPO_ENV" AWS_ROLE_ARN
Example output
? Paste your secret ***
✓ Set Actions secret AWS_ROLE_ARN for oslokommune/pirates-iac

Go to your infrastructure repository and navigate to Settings > Environments. Choose the environment you created earlier and click on Add secret.

Name

AWS_ROLE_ARN

Value

The value of iam_assumable_role_github_oidc_cicd_arn from the setup of IAM roles.

Step 2: Verify that the workflow can run Terraform

Make a change to the Terraform code for your application in the infrastructure repository, and push it to the main branch. The workflow should now run and apply the changes to your infrastructure.

For example, change a override by editing the file app-too-tikki/config_override.tf.