Skip to content

Update TF plan/apply from PR 146 to use separate OIDC roles#142

Merged
ale210 merged 4 commits into
mainfrom
issue-146-update-workflow-roles
Jun 18, 2026
Merged

Update TF plan/apply from PR 146 to use separate OIDC roles#142
ale210 merged 4 commits into
mainfrom
issue-146-update-workflow-roles

Conversation

@Benettonkkb

@Benettonkkb Benettonkkb commented Feb 19, 2026

Copy link
Copy Markdown
Member

Part 2 of Pull request 147

What changes did you make?

  • Added incubator-tf-plan and incubator-tf-apply the role-to-assume in the ...plan.tf and apply.tf files

Why did you make the changes (we will use this info to test)?

@Benettonkkb Benettonkkb mentioned this pull request Feb 19, 2026
Open
ale210
ale210 previously approved these changes Feb 26, 2026
View reviewed changes

@ale210 ale210 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is approved but cannot be merged until the roles are created via devops-security PR 147

@github-actions

github-actions Bot commented Mar 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Terraform plan in terraform
With backend config files: terraform/prod.backend.tfvars

No changes. Your infrastructure matches the configuration. 
No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

✅ Plan applied in Terraform apply (OIDC) #58

@Benettonkkb Benettonkkb self-assigned this Apr 9, 2026
@ale210

ale210 commented Apr 23, 2026

Copy link
Copy Markdown
Member

This can be applied once the issue with reading secrets in devops-security is fixed - @Benettonkkb please complete hackforla/devops-security#154 when you can

Copilot AI review requested due to automatic review settings May 21, 2026 01:00
Copilot AI reviewed May 21, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates GitHub Actions Terraform workflows to assume separate AWS OIDC roles for plan vs apply, aligning CI permissions with least-privilege separation goals. The PR also modifies the shared CI/CD IAM policy used by project pipelines.

Changes:

  • Update Terraform plan workflow to assume incubator-tf-plan.
  • Update Terraform apply workflow to assume incubator-tf-apply.
  • Adjust terraform/cicd.tf IAM policy formatting and add Secrets Manager read access for home-unite-us-*.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
terraform/cicd.tf Reformat IAM policy statements and add Secrets Manager GetSecretValue permission for home-unite-us-*.
.github/workflows/terraform-plan.yaml Switch Terraform plan job to assume the incubator-tf-plan role.
.github/workflows/terraform-apply.yaml Switch Terraform apply job to assume the incubator-tf-apply role.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread terraform/cicd.tf Outdated
Comment thread terraform/cicd.tf Outdated
@Benettonkkb Benettonkkb force-pushed the issue-146-update-workflow-roles branch from 28f7d8c to 592ec23 Compare May 28, 2026 00:29
@Benettonkkb

Benettonkkb commented May 28, 2026

Copy link
Copy Markdown
Member Author

used git reset to get back to 592ec23 instead of git revert which was the confusion from the meeting.

@ale210 ale210 merged commit c210fe2 into main Jun 18, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ale210 ale210 ale210 approved these changes

Assignees

@Benettonkkb Benettonkkb

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Benettonkkb @ale210