Skip to content

feat(terraform): allow assuming TerraformPlanRole from github oidc role#160

Merged
rochecompaan merged 1 commit intomainfrom
rcompaan/github-terraform-plan
Feb 27, 2026
Merged

feat(terraform): allow assuming TerraformPlanRole from github oidc role#160
rochecompaan merged 1 commit intomainfrom
rcompaan/github-terraform-plan

Conversation

@rochecompaan
Copy link
Contributor

@rochecompaan rochecompaan commented Feb 25, 2026

Summary

This PR updates GitHub OIDC IAM permissions in the Terraform base module so CI can assume TerraformPlanRole.

What Changed

  • Added a new IAM policy in github-iam-role.tf (/home/roche/scaf-fullstack-temlate/template/terraform/modules/base/github-iam-
    role.tf) that allows:
    • sts:AssumeRole on arn:aws:iam::${var.account_id}:role/TerraformPlanRole
  • Attached that policy to the existing GitHub OIDC role ({{ copier__project_slug }}-github-oidc-role).

Why

  • Enables GitHub Actions workflows using the shared OIDC role to assume TerraformPlanRole for Terraform plan operations.

Scope / Impact

  • Affects only IAM permissions for the GitHub OIDC role in the base Terraform module.
  • Existing ECR push permissions remain unchanged.

@rochecompaan rochecompaan merged commit a886bb7 into main Feb 27, 2026
2 checks passed
@rochecompaan rochecompaan deleted the rcompaan/github-terraform-plan branch February 27, 2026 16:16
rochecompaan pushed a commit that referenced this pull request Feb 27, 2026
@semantic-release-bot
chore(release): 1.12.0 [skip ci]
8a6165a 
## [1.12.0](v1.11.5...v1.12.0) (2026-02-27)

### Features

* **terraform:** allow assuming TerraformPlanRole from github oidc role ([#160](#160)) ([a886bb7](a886bb7))

### Bug Fixes

* template URL ([6ee59ef](6ee59ef))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@licquia licquia licquia approved these changes

@mgogoulos mgogoulos Awaiting requested review from mgogoulos

@ratmav ratmav Awaiting requested review from ratmav

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rochecompaan @licquia