Automating AWS CDK Deployments with GitHub Actions π
As a senior software engineer, I’ve always sought ways to streamline the deployment process. Leveraging GitHub Actions for AWS CDK deployments has been a game-changer. This blog will guide you through setting up GitHub Actions to automate your AWS CDK deployments, ensuring a smooth CI/CD pipeline.
Why Use GitHub Actions for CDK Deployments? π
GitHub Actions provides a powerful way to automate, customize, and execute your software development workflows right in your GitHub repository. Hereβs why itβs beneficial:
- Automation: Automate the entire build and deployment process.
- Consistency: Ensure consistent deployments across environments.
- Efficiency: Speed up the deployment process and reduce manual interventions.
- Integration: Seamlessly integrates with AWS services and CDK.
Setting Up IAM Role for GitHub Actions π οΈ
First, we need to create an IAM role that GitHub Actions can assume to deploy your CDK stack.
1. Create IAM Role
Go to the IAM console and create a new role with the following trust policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "github.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "your-github-repo-external-id"
}
}
}
]
}
Attach the necessary policies to this role, such as AdministratorAccess or custom policies with specific permissions for CDK operations.
GitHub Secrets π
Add the ARN of the IAM role and other necessary secrets to your GitHub repository:
- Go to your repository on GitHub.
- Click on Settings > Secrets > New repository secret.
- Add the following secrets:
- AWS_ROLE_ARN: The ARN of your IAM role.
- AWS_REGION: The AWS region where your resources will be deployed.
- AWS_ACCESS_KEY_ID: Your AWS access key ID.
- AWS_SECRET_ACCESS_KEY: Your AWS secret access key.
Creating the Workflows π
We will create two workflows: build.yml and deploy.yml.
- build.yml This workflow builds your .NET project, publishes it to a ./dist directory, and uploads the artifact.
name: Build
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup .NET Core
uses: actions/setup-dotnet@v1
with:
dotnet-version: '3.1.x'
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Publish
run: dotnet publish --configuration Release --output ./dist
- name: Upload artifact
uses: actions/upload-artifact@v2
with:
name: build-artifacts
path: ./dist
- deploy.yml This workflow triggers on the success of the build workflow and deploys the CDK stack.
name: Deploy
on:
workflow_run:
workflows: ["Build"]
types:
- completed
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Download artifact
uses: actions/download-artifact@v2
with:
name: build-artifacts
path: ./dist
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Setup .NET Core
uses: actions/setup-dotnet@v1
with:
dotnet-version: '3.1.x'
- name: Install AWS CDK
run: npm install -g aws-cdk
- name: CDK Synth
run: cdk synth
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: CDK Deploy
run: cdk deploy --require-approval never
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CDK_DEPLOY_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }}
Conclusion π―
By leveraging GitHub Actions, we can automate the build and deployment process for AWS CDK projects. This setup ensures consistent and efficient deployments, reducing the risk of manual errors and accelerating the development workflow.
Feel free to explore more about GitHub Actions and AWS CDK, and start automating your deployments today!
Happy coding! π»