example copying iam secrets to github

test.tf

provider "github" {
  owner = "hexylena"
}
resource "github_actions_secret" "repo-name-ses-key" {
  repository       = "repo-name"
  secret_name      = "SES_ACCESS_KEY"
  plaintext_value  = "${aws_iam_access_key.amazon-ses.id}"
}

resource "github_actions_secret" "repo-name-ses-secret" {
  repository       = "repo-name"
  secret_name      = "SES_ACCESS_SECRET"
  plaintext_value  = "${aws_iam_access_key.amazon-ses.secret}"
}

# Setup an IAM key
resource "aws_iam_access_key" "amazon-ses" {
  user    = "tf-ses-send"
}

# And the user
resource "aws_iam_user" "ses-send" {
  name  = "tf-ses-send"
  path  = "/"
}

# And setup their policy
resource "aws_iam_policy" "email-access" {
  name        = "tf-ses-access"
  path        = "/"
  description = "Permit tf-ses-send to access SES"

  policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ses:SendEmail",
                "ses:SendRawEmail"
            ],
            "Resource": "arn:aws:ses:*:ID:identity/*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "ses:SendTemplatedEmail",
            "Resource": "*"
        }
    ]
}
EOF
}

# Attach policy to user
resource "aws_iam_user_policy_attachment" "tf-user-can-send-email" {
  user       = "${aws_iam_user.ses-send.name}"
  policy_arn = "${aws_iam_policy.email-access.arn}"
}