I'm trying to figure out how to connect to my AWS VPN from GitHub Actions. Our VPN uses SAML authentication, so it seems like OpenVPN isn't an option here. The main goal is to connect to my RDS instance, which is only accessible through the VPN. I want to run some SQL scripts from GitHub Actions directly on the RDS. Any suggestions on how to achieve this?
4 Answers
One way to go about this is to run a container in ECS or Kubernetes from GitHub Actions, which can apply your SQL scripts directly to your RDS database.
You can also use SSM and SSM automation documents on an EC2 instance to manage the communication with RDS. This way, you won't need a VPN at all.
Consider hosting your own runner on EC2. Just make sure to grant that instance access to the VPN to connect to your RDS.
It might be more straightforward to use self-hosted runners for GitHub Actions. These options could help with the setup:
- Check out GitHub's AWS Runners for Terraform.
- Consider using the actions-runner-controller on Kubernetes.
- AWS CodeBuild can also act as a runner.
- Don't forget about CDK GitHub Runners if you're into that!
Also, look into the runs-on feature, which can be integrated into your existing VPC if needed. It’s another viable option!
Absolutely! Using CodeBuild makes sense because it can access your VPC and offers a more secure and manageable connection than directly routing from GitHub Actions.