You need one AWS account and one GCP project each of you can fully manage.
And you need to get credentials after you set up system accounts for provisioning as described below.
You should create an AWS IAM user under the name provisioning-admin that attached follows permissions.
AdministratorAccess
You should create an Azure service principal under the name provisioning-owner that added follows roles.
Owner
You should create a GCP service account under the name provisioning-owner that added follows roles.
Project OwnerStorage Admin
You need create the .env file as follows.
rm -f .env
test $(uname -s) = 'Linux' && echo "UID=$(id -u)\nGID=$(id -g)" >> .env
echo "DOCKER_GID=$(getent group docker | cut -d : -f 3)" >> .env
cat<<EOE >> .env
PROJECT_UNIQUE_ID=YOUR_PROJECT_UNIZUE_ID
EOEecho TF_VAR_allowed_ipaddr_list='["'$(curl -sL ifconfig.io)'/32"]' >> .envPlace your credentials into config/credentials/ directory.
If you are using 1Password command-line tool, you can get credentials as follows from your 1Password vault.
eval $(op signin my)
source .env
op get document arn:aws:iam::${AWS_ACCOUNT_ID}:user/provisioning-admin > config/credentials/new_user_credentials.csv
op get document azure-service-principal.json > config/credentials/azure-service-principal.json
op get document provisioning-owner@${CLOUDSDK_CORE_PROJECT}.iam.gserviceaccount.com > config/credentials/google-cloud-keyfile.jsonYou need update the .env file as follows.
source .env
echo "AWS_ACCOUNT_ID=YOUR_AWS_ACCOUNT_ID" >> .env
echo "AWS_DEFAULT_REGION=us-east-1" >> .env
echo "AWS_ACCESS_KEY_ID=$(tail -1 config/credentials/new_user_credentials.csv | cut -d, -f3)" >> .env
echo "AWS_SECRET_ACCESS_KEY=$(tail -1 config/credentials/new_user_credentials.csv | cut -d, -f4)" >> .envsource .env
echo "ARM_SUBSCRIPTION_ID=YOUR_SUBSCRIPTION" >> .env
echo "ARM_CLIENT_ID=$(jq -r .appId config/credentials/azure-service-principal.json)" >> .env
echo "ARM_CLIENT_SECRET=$(jq -r .password config/credentials/azure-service-principal.json)" >> .env
echo "ARM_TENANT_ID=$(jq -r .tenant config/credentials/azure-service-principal.json)" >> .envsource .env
echo "CLOUDSDK_CORE_PROJECT=YOUR_GCP_PROJECT_ID" >> .envNow you can make provisioning as follows.
docker-compose up
docker-compose run provisioning terraform plandocker-compose run provisioning terraform output github-actions-admin-credentials
docker-compose run provisioning terraform output github-actions-owner-credentials-json