menu

Top Categories

Spotlight

todayNovember 25, 2022

industry Jake

9 ways to give access to an internal tool

The following is a work of fiction. However all the solutions are real things I’ve attempted in my time as a Cloud Consultant. Image this, you’re minding your own business when an empowered developer pops out of nowhere. They need to get an application deployed. You begin to open your [...]


Setting up Github Actions with AWS using CloudFormation

secure development + cloud Jake todayJanuary 25, 2022 115

Background
share close

I recently helped a client migrate their Devops Pipelines to Github Actions. One of the nice features about GH is that its relatively easy to setup and use an identity provider that will allow Github to do what it needs without having to store credentials. I found some great resources online for how to do this, including this one for terraform. In my case I needed to write one using CloudFormation. Thought I’d share:

The above contains a sample CFN doc for creating the Identity Provider and a sample role that allows access to ECR. The condition in the IAM policy restricts its usage to a specific repo so that other arbitrary Github users can’t assume the role.

Written by: Jake

Rate it
Previous post

todayMarch 6, 2021

  • 252
close

industry Jake

Critiquing cloud lockin

I hear a lot of talk about cloud lockin. I hear it from people with self funded startups, authors on tech blogs and developers. The argument I hear most is ...


Similar posts