Add role ARN as a secret

This section shows you how to set up the IAM role ARN as a secret in the GitHub environment you created earlier.

Step 1: Add the secret

CLIGUI

Run these commands and paste the role ARN from the previous section when prompted.

export IAC_REPO="oslokommune/pirates-apps"
export IAC_ENV="pirates-dev-ecr"
gh secret set --repo "$IAC_REPO" --env "$IAC_ENV" AWS_ROLE_ARN

Example output

? Paste your secret ***
✓ Set Actions secret AWS_ROLE_ARN for oslokommune/pirates-apps

Go to your application repository and navigate to Settings > Environments. Choose the environment you created earlier and click on Add secret.

Name: AWS_ROLE_ARN
Value: The role ARN from the previous part of the guide.

Step 2: Verify that the workflow can push to ECR

Try to run the workflow. It should now succeed.

Nice job!

🎉