We are trying to automate our Genesys Cloud infrastructure changes using the official Terraform provider. The goal is to have a CI/CD pipeline that runs terraform plan on every pull request to validate changes, and then runs terraform apply automatically when the PR is merged to the main branch.
We are using GitHub Actions with the hashicorp/setup-terraform action. The issue we are facing is with state management and authentication. We are storing the Terraform state in a remote backend, but we are getting authentication errors when the pipeline tries to access the state file.
Here is our GitHub Actions workflow file:
name: Terraform
on:
pull_request:
branches: [ main ]
push:
branches: [ main ]
jobs:
terraform:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
- name: Terraform Init
run: terraform init
- name: Terraform Plan
if: github.event_name == 'pull_request'
run: terraform plan -out=tfplan
- name: Terraform Apply
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
run: terraform apply tfplan
The error we are getting during the terraform init step is:
│ Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
We are using environment variables to pass the AWS credentials for the S3 backend, but they are not being picked up correctly. We have also tried using the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY secrets, but it still fails.
How do we correctly configure the CI/CD pipeline to handle authentication for the remote state backend? We need to make sure that the pipeline can securely access the state file without exposing any credentials in the logs.