EC2 instance에서 AWS CLI를 사용하여 아마존의 리소스에 접근하려면 먼저 권한이 필요하다. 이 권한을 설정하는 방법에는 대표적으로 두가지 방법이 있다. IAM role을 생성하여 EC2 인스턴스에 적용하는 방법, IAM user을 생성하여 EC2 인스턴스에서 설정하는 방법이 있다.
EC2 instance에 부여할 PowerUserAccess or AdministratorAccess policy가 포함된 IAM role을 생성한다. (추가로 AmazonEC2FullAccess 권한도 추가할것)
name: remote ssh command for deploy
on:
push:
branches: [master]
jobs:
build:
name: Build
runs-on: ubuntu-18.04
steps:
- name: Get Github action IP
id: ip
uses: haythem/public-ip@v1.2
- name: Setting environment variables
run: |
echo "AWS_DEFAULT_REGION=ap-northeast-2" >> $GITHUB_ENV
echo "AWS_SG_NAME=launch-wizard-2" >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Add Github Actions IP to Security group
run: |
aws ec2 authorize-security-group-ingress --group-name ${{ env.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ap-northeast-2
- name: executing remote ssh commands using key
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
./deploy.sh
- name: Remove Github Actions IP from security group
run: |
aws ec2 revoke-security-group-ingress --group-name ${{ env.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ap-northeast-2