This project is intended to demonstrate how to build a simple HTTP function in Rust and provision it to AWS with AWS Lambda using Terraform.
First we need to configure AWS, so you have the access to provision necessary infrastructure on AWS.
Navigate to IAM > Identity providers and create a new provider. Select OpenID Connect and add the following:
Provider URL: https://token.actions.githubusercontent.com
Audience: sts.amazonaws.com
Navigate to IAM > Roles and create a new role. Select Web Identity and choose the just created identity provider. Add the permissions you want to role to have, in this example we will use the AWS managed permission AdministratorAccess (please do not use it in production).
After the role has been created we are going to add the GitHub repo to the Trust relationships. After editing the trusted entities JSON should look something like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::12345678:oidc-provider/token.actions.githubusercontent.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
},
"StringLike": {
"token.actions.githubusercontent.com:sub": "repo:mjovanc/rust-aws-lambda:*"
}
}
}
]
}permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkoutWe need to update the role-to-assume to match your IAM account number and the role name.
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::12345678:role/YourRoleNameHere
aws-region: eu-west-1Now you should be good to go and can run run the workflow.
The GPLv3 License.