I have the following scenario. Currently a Wordpress site was hosted on an EC2
server. There is no deployment strategy in place. It was using the AWS CLI to
deploy the data from local to the server.
Problem For various reasons, I don't want to take it over that way of deployment and am
currently considering putting the deployment process into a GitHub Action. Which
in itself wouldn't be a problem if it weren't for the 2FA check.
Using the AWS CLI, I am forced to enter the code displayed in my MS Authenticator
app into the CLI to proceed.
Question: Is it possible to deploy via GitHub Action and 2FA? I guess almost no? But what do I know?
CodePudding user response:
No, you can't have GitHub Actions prompt and enter the 2FA tokens on your behalf. But what you can do, is setup OpenID Connect between GitHub actions and AWS.
That way you can authorize GitHub Actions to make changes to specific resources in AWS and OIDC handles the magic key exchange parts to make sure it can safely do its thing.
More info here: