DEV Community

Nathan Ferguson
Nathan Ferguson

Posted on

Creating a GitHub Action to Update S3

#githubactions #aws #git

I set out the next challenge for myself: to upload my index.html page containing my resume to a GitHub repository, and have that automatically update the S3 bucket.

I watched a few videos on LinkedIn Learning and got the overall gist of it, and dove in! This is the YML file I came up with:

# .github/workflows/deploy-to-s3.yml
name: Deploy to S3

on:
  push:
    branches: [ main ]  # or whatever your default branch is
  pull_request:
    branches: [ main ]

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1  # Change to your bucket's region

    - name: Upload specific file to S3
      run: |
        aws s3 cp ./website/index.html s3.us-east-1.amazonaws.com/nathanferguson.me/index.html

    # Optional: Invalidate CloudFront cache if you're using it
    - name: Invalidate CloudFront
      run: |
        aws cloudfront create-invalidation --distribution-id E1IU0KCJ892E9E --paths "/*"
      # Only run this step if you have CloudFront
      if: false  # Change to true if you want to use this
Enter fullscreen mode Exit fullscreen mode

At a high level, this is an action set up so that every time I make a push to the repository, it will also run a linux container through GitHub Actions that will pull the repo contents, and upload the index.html file back up to the S3 bucket. Even better - it will also invalidate the cloudfront cache so the updates will be visible on the site!

A few bumps I ran into:

  • Access tokens
    • In order for the GitHub Action to communicate with AWS and authenticate without storing my access keys publicly, you can store them as repository variables. I was trying to use the SSO user I had created previously, but ran into issues with the action not running successfully due to the tokens. I then found out that SSO users only get temporary credentials which expire, due to the session. I needed a traditional IAM user that could have more permanent keys which could be used long term. Once I updated and used the IAM user, it worked!

Honestly this was all smoother than expected, and fun to see it actually working. It definitely is a time saver now so I can easily update my resume with just a few clicks.

Top comments (0)