Skip to content

Commit

Permalink
Merge pull request #6 from cisagov/improvement/update_from_skeleton
Browse files Browse the repository at this point in the history 
Update from skeleton-packer
  • Loading branch information
@dav3r
dav3r authored Mar 24, 2020
2 parents 17291fd + c04c045 commit af6c043
Showing 1 changed file with 13 additions and 18 deletions.
31 changes: 13 additions & 18 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,24 +38,19 @@ terraform apply
```

Once the user is created you will need to update the
[repository's secrets](https://github.com/cisagov/skeleton-packer-cool/settings/secrets)
with the new encrypted environment variables.

```console
terraform state show module.iam_user.aws_iam_access_key.key
```

Take the `id` and `secret` fields from the above command's output and create the
`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables in the
[repository's secrets](https://github.com/cisagov/skeleton-packer-cool/settings/secrets).

You will also need to add one additional repository secret called
`BUILD_ROLE_TO_ASSUME`. Here is how to see the ARN that you need to set
as the value for that secret:

```console
terraform state show module.iam_user.aws_iam_role.ec2amicreate_role[0] | grep ":role/"
```
[repository's secrets](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)
with the new encrypted environment variables. This should be done using the
[`terraform-to-secrets`](https://github.com/cisagov/development-guide/tree/develop/project_setup#terraform-iam-credentials-to-github-secrets-)
tool available in the
[development guide](https://github.com/cisagov/development-guide). Instructions
for how to use this tool can be found in the
["Terraform IAM Credentials to GitHub Secrets" section](https://github.com/cisagov/development-guide/tree/develop/project_setup#terraform-iam-credentials-to-github-secrets-).
of the Project Setup README.

If you have appropriate permissions for the repository you can view existing
secrets on the
[appropriate page](https://github.com/cisagov/skeleton-packer-cool/settings/secrets)
in the repository's settings.

IMPORTANT: The account where your images will be built must have a VPC and
a public subnet both tagged with the name "AMI Build", otherwise `packer`
Expand Down

0 comments on commit af6c043

Please sign in to comment.