Deploying Terraform infrastructure can be streamlined with GitHub Actions, saving you time and reducing manual errors. Below, I propose a basic workflow that you can customize to fit your specific needs. This workflow assumes you already have a Terraform project set up and want to automate its deployment to your AWS account.
Create a new file in your repository at .github/workflows/deploy.yml and paste this YAML workflow.
name: Terraform Deploy
on:
push:
branches: [ main ]
env:
AWS_REGION: us-east-1
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Set up Terraform
uses: hashicorp/setup-terraform@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::<ACCOUNT_ID>:role/GithubActionsRole
aws-region: ${{ env.AWS_REGION }}
- name: Terraform Init
run: terraform init
- name: Terraform Plan
run: terraform plan
- name: Terraform Apply
run: terraform apply -auto-approve
<ACCOUNT_ID> have to be replaced by your AWS account ID.This workflow uses OpenID Connect (OIDC) to securely authenticate with AWS, eliminating the need for long-lived credentials. If you’re new to OIDC or need help setting it up, I’ve written a dedicated post explaining how to configure the OIDC connection between GitHub and your AWS account.
The provided workflow does not include any testing steps. For a robust CI/CD pipeline, consider adding unit and integration tests before the deployment job. This ensures your infrastructure changes are validated before being applied.
For production environments, it’s recommended to: