Automating AWS infrastructure using Terraform and GitHub Actions — Introduction to GitOps — Part 2

Adil Shehzad
7 min readMar 12, 2022


This is the complete guide to implement Infrastructure as Code(IaC) Terraform and GitHub Actions to Automate the AWS Infrastructure. Before we get started we need to learn about the Infrastructure as Code(IaC), Terraform, Terraform Cloud, GitHub Actions, and GitOps.

What is GitOps

GitOps is the operational framework that allows us to take the best
practices used for application development to infrastructure automation. By combining our infrastructure as code and GitOps approaches, we can safely operate infrastructure by leveraging the same CI/CD tools and automated test pipelines and deployment.
GitOps provides us the ability and framework to automate our infrastructure provisioning. In practice, GitOps is achieved by combining Infrastructure as Code(IaC), Git Repositories, PR/MR, and CI/CD Pipelines.

To learn more about GitOps please check out my GitOps Blog which I explained in more detail.

What is Infrastructure as Code (IaC)

Infrastructure as a Code is an approach to automate your infrastructure based on practice from software development. It emphasizes a consistent, repeatable routine from provisioning and changing system and their configuration. You make changes to your code and then use automation to test and apply those changes to your system.

To learn more about the Infrastructure, Please check out my Infrastructure as Code (IaC) in which I explained these topics more in detail.

Terraform Cloud

Terraform Cloud is a cloud-based platform that makes it easier for team members to work with Terraform. Provides an environment for us to run our infrastructure operations and keep the shared state in the cloud. Allows us to set environment variables and secrets, which can integrate nicely with most version control and continuous integration systems.

To Learn More About Terraform, Please check out my Terraform Blog, where I covered Terraform and Amazon Web Services(AWS) more in detail.

What are GitHub Actions

GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline.

To learn how to Build Custom GitHub Actions, you can check out my separate blog on this topic, because this is a little different from the current topic.

What is Amazon Web Services (AWS)

AWS is considered as a public cloud provider, that provides various cloud-based IT services to its cloud consumers. You can always learn Amazon Web Services(AWS) free from the AWS Training Platform.

Let's get some hands Dirty

Before we start with the Hands-on, Please make sure you have an account on the following platforms.

  1. A GitHub Account (Free)
  2. A Terraform Cloud (Free)
  3. An Amazon Web Services Account (12 Month Free Trial on some Limited Services + Credit Card Required)

If you're done with Account Creation, let's Goooooo!!!

Setting Up Terraform Cloud and GitHub Repository

First, we need to Set up Terraform Cloud, So we can easily Configure it with GitHub Repository and Amazon Web Services. After creating an account, we need to create an Organization and Workspace on Terraform Cloud. After signing to your Terraform Cloud, On the Top Right, Click on New Workspace.

Now Select the API Driven Workflow

Now We need to configure Terraform cloud, First, you need to clone the code and then go to the terminal and then type terraform login and authenticate your organization using token. Now you need to initialize Terraform for this, use the command terraform init. Add the example code to your terraform code.

Creating AWS User

Now we need to create a new user, so we can assign limited policies to the user. To create a new user, make sure you have administrator-level access, and its good practice not to use a Root account. Firstly, you need to click on Identity Access and Management Service (IAM) and the left menu selects the user. Now Click on Add Users.

Now We need to Give access to the New User, the best practice is to limit the user to only the resources which he needed, so, right now I only provide access to the user to the Ec2 Launch and Add or Delete Tags of the Ec2.

You can use this policy to limit access of the New User, as I am giving Ec2 Access to this user only

So, New AWS Credentials are created, I know I made shortcuts, and you bit facing issues, you can refer to Google and Find out how to create a new user and attach a new policy to the new user.

Adding Secrets to Terraform Cloud And GitHub Repository

As we create a new user for this lab, we need to add the AWS Credentials to the Terraform Cloud, so Terraform Cloud can access and create the resources using this cloud. We need to add our AWS access credentials, AWS_ACCESS_KEY_ID, AND AWS_SECRET_ACCESS_KEY as environment variables in the configuration of the workspace. Now From Your Workspace Go to the Variable and Click on Add Variable. Then Select the Environment Vraibel and then add your AWS Access Key ID and Secret Access Key. Make Sure you select the Sensitive Options.

Now we need to create a Terraform Cloud Token and Add it to GitHub Repository. For this, you need to click on your Terraform Cloud Profile which is on the top right, and then click on User Setting from the top left click on Token and Generate your New Token. Once you are done adding credentials, go back to your terminal and apply to testify you're terraforming. For this, use the command terraform apply . Now let's move to the GitHub part, let's first add the Terraform Cloud Token to the GitHub Repository.

Copy the Token and go to the GitHub Repository settings and from the left bottom select the Secrets and then Actions and Add your API Token to it as TF_API_TOKEN.

Terraform Code and GitHub Actions Configurations

Now, we set up Terraform Cloud and also Setup Credentials to the Environment Variables. Now we need to make changes to the Terraform Code by creating a Pull Request. You can also clone and push the code to your new repository. Let's focus right now on GitHub Browser. Make changes to the Terraform Code and then commit by creating a new branch.

This will redirect you to the Pull Request, review your changes and create a Pull Request From the New branch to the main branch.

Create a Pull request and wait for the GitHub Actions to review and create a plan for you. After Revising the Terraform Plan, you can merge to the main branch. When The code changes merge to the main branch, it will start another GitHub action and this time it will plan these changes to the Amazon Web Services. As I merged my changes to the main branch and GitHub actions also successfully plan my changes.

Let's check out Amazon Web Services, whether our service is created or not. Hurray! It's created on Amazon Web Services, too. :)

Terraform Destroy

If you followed along, one last step is to terminate our demo instance. Head to Terraform Cloud console to our workspace and select Settings and then Destruction and Deletion. This destroys all the resources in the workspace, in our case our only EC2 instance. Click Queue destroy plan and on the next page Confirm & Apply. After a while, you’ll see your instance in terminated status.


That’s all folks, hope you enjoyed this demo. We applied the basic GitOps and Infrastructure as Code approaches with Terraform, Terraform Cloud, GitHub & GitHub Actions to set up quickly a workflow that handles our AWS cloud resources via a GitHub repository. Feel free to ask your queries on LinkedIn.