Hi all,
I am fairly new to Terraform and github action but I am currently trying to set up github action to deploy terraform. I can run terraform plan and terraform apply locally and it does not raise and error. However when I tried via github action it failed when it was running terraform plan with the following error:
│ Error: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 400, RequestID: xxxxxxx, api error IncompleteSignature: '/20231005/us-east-1/sts/aws4_request' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 Credential=*** /20231005/us-east-1/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date, Signature=xxxxxxxxx'.
│
│ with provider["registry.terraform.io/hashicorp/aws"],
│ on main.tf line 30, in provider "aws":
│ 30: provider "aws" {
I made sure that the IAM user I used to produce the access key and secret key for aws provider has a correct permission for S3 bucket and dynamodb for remote backend. In addition, I searched online for related issues but could not seem to figure out what was wrong.
My terraform configuration looks like the following:
terraform {
backend "s3" {
bucket = "clean-in-cle"
dynamodb_table = "state_lock"
key = "~/grafana/terraform.tfstate"
region = "us-east-1"
encrypt = true
}
aws = {
source = "hashicorp/aws"
version = "5.19.0"
}
}
}
variable "aws_access_key" {
type = string
}
variable "aws_secret_key" {
type = string
}
provider "aws" {
region = "us-east-1"
access_key = var.aws_access_key
secret_key = var.aws_secret_key
}
and my yaml file for the github action looks like th following:
name: Terraform Deployment
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
TF_ACCESS_KEY: ${{ secrets.TERRAFORM_ACCESS_KEY }}
TF_SECRET_KEY: ${{ secrets.TERRAFORM_SECRET_KEY }}
TF_AUTH: ${{ secrets.GRAFANA_AUTH }}
TF_URL: ${{ secrets.GRAFANA_URL }}
TF_AWS_ACCESS_KEY: ${{ secrets.AWS_TF_ACCESS_KEY_ID }}
TF_AWS_SECRET_KEY: ${{ secrets.AWS_TF_SECRET_KEY }}
jobs:
terraform:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: setup terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.5.7
- name: Terraform Init
working-directory: ./grafana
run: |
terraform init -backend-config="access_key=${{ env.TF_AWS_ACCESS_KEY }}" -backend-config="secret_key=${{ env.TF_AWS_SECRET_KEY }}"
terraform init -upgrade -backend-config="access_key=${{ env.TF_AWS_ACCESS_KEY }}" -backend-config="secret_key=${{ env.TF_AWS_SECRET_KEY }}"
- name: Terrraform Plan
working-directory: ./grafana
run: terraform plan -var="aws_access_key=${{ env.TF_AWS_ACCESS_KEY }} " -var="aws_secret_key=${{ env.TF_AWS_SECRET_KEY }}" -var="grafana_access_key=${{ env.TF_ACCESS_KEY }}" -var="grafana_secret_key=${{ env.TF_SECRET_KEY }}" -var="auth=${{ env.TF_AUTH }}" -var="url=${{ env.TF_URL }}"
- name: Terraform Apply
working-directory: ./grafana
run: terraform apply -var="aws_access_key=${{ env.TF_AWS_ACCESS_KEY }} " -var="aws_secret_key=${{ env.TF_AWS_SECRET_KEY }}" -var="grafana_access_key=${{ env.TF_ACCESS_KEY }}" -var="grafana_secret_key=${{ env.TF_SECRET_KEY }}" -var="auth=${{ env.TF_AUTH }}" -var="url=${{ env.TF_URL }}" -auto-approve
Any suggestions are appreciated. Thank you very for your time and help in advance!