Skip to content

Instantly share code, notes, and snippets.

@hexylena
Created September 29, 2021 08:31
Show Gist options
  • Save hexylena/9beb7ca8d19e4b82fd636a766d8c47d5 to your computer and use it in GitHub Desktop.
Save hexylena/9beb7ca8d19e4b82fd636a766d8c47d5 to your computer and use it in GitHub Desktop.
example copying iam secrets to github
provider "github" {
owner = "hexylena"
}
resource "github_actions_secret" "repo-name-ses-key" {
repository = "repo-name"
secret_name = "SES_ACCESS_KEY"
plaintext_value = "${aws_iam_access_key.amazon-ses.id}"
}
resource "github_actions_secret" "repo-name-ses-secret" {
repository = "repo-name"
secret_name = "SES_ACCESS_SECRET"
plaintext_value = "${aws_iam_access_key.amazon-ses.secret}"
}
# Setup an IAM key
resource "aws_iam_access_key" "amazon-ses" {
user = "tf-ses-send"
}
# And the user
resource "aws_iam_user" "ses-send" {
name = "tf-ses-send"
path = "/"
}
# And setup their policy
resource "aws_iam_policy" "email-access" {
name = "tf-ses-access"
path = "/"
description = "Permit tf-ses-send to access SES"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ses:SendEmail",
"ses:SendRawEmail"
],
"Resource": "arn:aws:ses:*:ID:identity/*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "ses:SendTemplatedEmail",
"Resource": "*"
}
]
}
EOF
}
# Attach policy to user
resource "aws_iam_user_policy_attachment" "tf-user-can-send-email" {
user = "${aws_iam_user.ses-send.name}"
policy_arn = "${aws_iam_policy.email-access.arn}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment