I had terraform and cloudfront working locally. Now that I have tried to add a github action, I am unable to run 'terraform plan' successfully. It passes locally and fails in github actions.
│ Error: credentials are not set correctly
│
│ with provider["registry.terraform.io/cloudflare/cloudflare"],
│ on main.tf line 29, in provider "cloudflare":
│ 29: provider "cloudflare" {
My main file before my changes looked like this:
provider "aws" {
region = var.aws_region
}
provider "cloudflare" {
api_token = var.cloudflare_api_token
}
resource "aws_s3_bucket" "site" {
bucket = var.site_domain
acl = "public-read"
website {
index_document = "index.html"
error_document = "index.html"
}
}
resource "aws_s3_bucket" "www" {
bucket = "www.${var.site_domain}"
acl = "private"
policy = ""
website {
redirect_all_requests_to = "https://${var.site_domain}"
}
}
resource "aws_s3_bucket_policy" "public_read" {
bucket = aws_s3_bucket.site.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = "PublicReadGetObject"
Effect = "Allow"
Principal = "*"
Action = "s3:GetObject"
Resource = [
aws_s3_bucket.site.arn,
"${aws_s3_bucket.site.arn}/*",
]
},
]
})
}
data "cloudflare_zones" "domain" {
filter {
name = var.site_domain
}
}
resource "cloudflare_record" "site_cname" {
zone_id = data.cloudflare_zones.domain.zones[0].id
name = var.site_domain
value = aws_s3_bucket.site.website_endpoint
type = "CNAME"
ttl = 1
proxied = true
}
resource "cloudflare_record" "www" {
zone_id = data.cloudflare_zones.domain.zones[0].id
name = "www"
value = var.site_domain
type = "CNAME"
ttl = 1
proxied = true
}
My terraform.tfvars file looks like this:
aws_region = "us-east-1"
aws_access_key_id = <my awsaccesskeyid>
aws_secret_key = <my awssecretkey>
site_domain = <my domain name>
cloudflare_api_token=<mytoken>
My variables.tf looked like:
variable "aws_region" {
type = string
description = "The AWS region to put the bucket into"
default = "us-east-1"
}
variable "site_domain" {
type = string
description = "The domain name to use for the static site"
default = "<my website name>.net"
}
variable "cloudflare_api_token" {
type = string
description = "The cloudflare Api key"
default = null
}
I ran CLOUDFLARE_API_TOKEN=<my token>
Everything worked until I tried following hashicorps tutorial here. When my first github action ran, terraform plan failed with this error:
Error: credentials are not set correctly
with provider["registry.terraform.io/cloudflare/cloudflare"],
on main.tf line 29, in provider "c
To get past the cloudflare error, I have tried:
any time I try to pass anything new in the provider {}
blocks, I get 'unsupported argument'
errors
Found the fix: I added an extra block in my github workflow/terraform.yml file:
ENV_NAME: prod
AWS_ACCESS_KEY_ID: $${{secrets.AWSACCESSKEY}}
AWS_SECRET_ACCESS_KEY: $${{secrets.AWSSECRETACCESSKEY}}
CLOUDFLARE_API_TOKEN: $${{secrets.CLOUDFLARE_API_TOKEN}}