Again that mail about the need of rotating the Github Tokens of your pipelines?

“CodeStar Connect” will release you of that pain.


Everybody knows the inconvenience of working with secrets like Tokens or Webhooks: You need to create them, save them in the Parameter Store to avoid leakage, and rotate them every couple of months. But now, using CodeStar connections and the Github App on AWS you are completely free of them!

Creating this connection is as simple as you can see in this link; however, in Terraform you will find that it’s as easy as in the AWS Management Console!


You just need to create your codestar_connection:


resource "aws_codestarconnections_connection" "github" {
 name          = "pipeline-github-connection"
 provider_type = "GitHub"
}


After applying, the connection will be on Pending status:


You need to update the status by enabling the connection manually. You will be redirected to the connection settings, where you must allow GithubApp to connect the repo with AWS (if it’s the first time, only the organization or repo owner can set this connection). You can connect all your repos or just one:




Once the connection is established you just need to update the source stage on your CodePipeline:



stage {
 name = "Source"
 action {
   name             = "Source"
   category         = "Source"
   owner            = "AWS"
   provider         = "CodeStarSourceConnection"
   version          = "1"
   output_artifacts = ["source"]
 
   configuration = {
     ConnectionArn    = aws_codestarconnections_connection.github.arn
     FullRepositoryId = var.repo_path
     BranchName       = var.repo_branch
   }
 }
}


And that's it!, you can run your Pipelines as usual, but no longer being worried about the need of updating the Github token!

This solution also applies to Bitbucket repos!


You can find more info about configuration here:

https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html

https://docs.aws.amazon.com/dtconsole/latest/userguide/connections.html









Lourdes Dorado

DevOps Engineer

Teracloud








If you want to know more about our services, email our team member ben@teracloud.io



#Teracloud #aws #AWSLatam #TeraBlog #security #Terraform #token #codestar #awsmanagementconsole

Entradas recientes
Archivo
Buscar por tags
Síguenos
  • Twitter Basic Square