How To
Multiple AWS accounts
In this guide you will set up Digger to use completely segregated AWS accounts for Dev and Prod environments
Prerequisites
- 2 Terraform projects with remote backends - example repo
- 2 pairs of AWS keys
- Using digger with orchestrator
Create digger.yml file
Place digger.yml
file in the root of your repo. Point dir
to folders with terraform
projects:
- name: develop
dir: dev
workflow_file: digger-run-dev.yml
- name: production
dir: prod
workflow_file: digger-run-prod.yml
Create 2 environments in GitHub
- In your GitHub repo, go to Settings > Environments
- Press “New Environment”
- Name one “development” and another “production”
In each environment, create 2 secrets corresponding to your AWS accounts:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
Create 2 Actions workflow files
.github/workflows/digger-run-dev.yml
for dev.github/workflows/digger-run-prod.yml
for prod
Don’t forget to change environment
and the Rename step from Dev to Prod
name: Digger Dev on: pull_request: branches: [ "main" ] types: [ opened, synchronize ] issue_comment: types: [created] workflow_dispatch: jobs: plan: runs-on: ubuntu-latest environment: development # CHANGE HERE permissions: contents: write # required to merge PRs id-token: write # required for workload-identity-federation pull-requests: write # required to post PR comments statuses: write # required to validate combined PR status steps: - uses: actions/checkout@v4 - name: Rename # workaround until passing custom digger.yml is supported run: | mv digger.dev.yml digger.yml # CHANGE HERE - name: digger run uses: diggerhq/digger@v0.4.13 with: setup-aws: true aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-east-1 env: GITHUB_CONTEXT: ${{ toJson(github) }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Verify that it works
That’s it! Now you can use Digger to automate your Terraform PRs.
- Create a PR that changes terraform in one of your projects
- You should see 2 Actions jobs started
- Shortly after, a comment with plan output for the affected project will be added
- You can comment
digger apply
to apply changes - If you do so, another Action job will start to run apply