- Step 1: Open
Terminal
and provisionAWS
credentials
asectl init aws
- Step 2: Clone the repository
cd /root
git clone https://github.com/appsecengineer/aws-tags-opa-terraform.git
- Step 3: Go to cloned respository directory
cd aws-tags-opa-terraform
Note: You need to login into your github account
-
Step 1: Open browser and create New repository or Click here
-
Step 2: In the
Repository name
enter this name
aws-tags-opa-terraform
- Step 3: Now copy the repository
URL
https://github.com/<your-github-username>/aws-tags-opa-terraform.git
-
Step 4: Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
Step 5: Select Actions and click on General then Under "Workflow permissions", choose GITHUB_TOKEN to have read and write access for all scopes and also check the
Allow GitHub Actions to create and approve pull requests
.
- Step 1: Change Directory
cd /root/aws-tags-opa-terraform
- Step 2: Check the existing repo owner info
git remote -v
It will show appsecengineer
- Step 3: Let's change the repository owner
git remote set-url origin <paste the copied repository URL>
Example: git remote set-url origin https://github.com//aws-tags-opa-terraform.git
- Step 4: Now check the repository owner
git remote -v
It show your github username
-
Expand
Explorer
in the web IDE -
Go to
aws-cred.txt
file. -
Copy the
aws_access_key_id
andaws_secret_access_key
and paste it somewhere -
Go back to browser and click on newly created repo
settings
- Select
secrets
from left hand side menu - Click on
actions
- Click on
New repository secret
- Select
-
Now let's add a secret
- Secret Name
AWS_ACCESS_KEY_ID
- Please add Access key in the
Value
field
AKIAIOSFODNN7EXAMPLE
Enter the copied
aws_access_key_id
fromaws-cred.txt
in theValue
field
-
Click
Add secret
button -
Secret Name
AWS_SECRET_ACCESS_KEY
- Please add Secret key in the
Value
field
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Enter the copied
aws_secret_access_key
fromaws-cred.txt
in theValue
field
- Click
Add secret
button
- Step 1: Generate
personal access token
for authentication to your github account.
using this token we can push the code into github repository
- Step 2: Copy the
Personal access token
and paste it somewhere
- Let's generate the
s3 bucket name
usinguuid
command
export BUCKET_NAME=$(uuid)-tfstate
- Let's create the
s3 bucket
usingaws cli
aws s3api create-bucket --bucket $BUCKET_NAME --region us-west-2 --create-bucket-configuration LocationConstraint=us-west-2
- Let's update the
s3 bucket name
inprovider.tf
file
sed -i -e 's/ase-terraform-state-bucket/'"$(BUCKET_NAME)"'/g' /root/aws-tags-opa-terraform/provider.tf
- Change directory
cd /root/aws-tags-opa-terraform
- Commit the code to the repo
git add -A
git commit -m "Updated S3 bucket value in provider.tf file"
- Push the code into
main
branch
git push -u origin main
Note: It will ask username and password, In username enter your github username and in the password section enter copied
Personal access token
-
Click on
Actions
tab -
Under the Workflow click on
Updated S3 bucket value in provider.tf file
Refresh the page if required
You will have the following output stating set-output name=result::OPA policy not satsfied, Please ensure tags are created according to organization policy
- Change directory
cd /root/aws-tags-opa-terraform
-
Comment the code in resource.tf file and uncomment the code in resource_valid.tf file under /root/aws-tags-opa-terraform directory
-
Commit the code to the repo
git add -A
git commit -m "Updated resource.tf file"
- Push the code into
main
branch
git push -u origin main
Note: It will ask username and password, In username enter your github username and in the password section enter copied
Personal access token
-
Click on
Actions
tab -
Under the Workflow click on
Updated resource.tf file
Refresh the page if required
-
click on
build
-
Wait until the
Actions completes
and view the results
You will have the following output stating set-output name=result::OPA policy satsfied, terraform stack deployed succesfully
-
Step 1: Open GitHub on the Browser and click on the repo
-
Step 2: Click on
Settings
Scroll until the bottom you will find theDelete this repository