Deploy to GCP with Terraform Using GitHub Actions (Workload Identity Federation)

Description

In this video, I’ll show you how to deploy Terraform to Google Cloud Platform (GCP) using GitHub Actions with Workload Identity Federation (WIF) – completely keyless and secure. You’ll learn how to: ✅ Set up a Workload Identity Pool and GitHub Provider ✅ Create a repo-scoped service account with impersonation rights ✅ Build a versioned and UBLA-enforced Terraform state bucket ✅ Configure a single GitHub Actions workflow for auth, init, and plan ✅ Use short-lived credentials instead of JSON keys By the end, you’ll have a fully automated, least-privileged, and keyless Terraform deployment pipeline to GCP. Resources: 🔗 GitHub Repo: https://github.com/amir-cloud-security/gcp-terraform-test-oidc 🔗 Official GCP Docs on Workload Identity Federation: https://cloud.google.com/iam/docs/workload-identity-federation Timestamps: 00:00 Intro 00:21 Architecture (GitHub → OIDC → WIF→ Terraform) 01:07 bootstrap script 01:38 Clone the repository 04:47 Authenticate with gcloud 06:10 Run the bootsrap script 09:05 Update the code 10:25 Check on the console if the resources have been created 12:05 Create a pull request to test 13: 43 Github action checks 15:04 Main branch protections 15:31 Pull request comment 16:50 Authenticating with no keys 17:30 Secrets we have 17:41 Confirm it has worked 17:55 like and subscribe thank you #GCP #Terraform #GitHubActions #WorkloadIdentityFederation #OIDC #CloudSecurity #DevSecOps #InfrastructureAsCode #KeylessCI