The following improvements should be made to the workflow for deploying terraform:
The workflow should not autoformat and commit the changes, but rather in the pull request send a comment saying that the formatting failed
The workflow should comment to the pull request the current terraform plan for easier pull request review
Currently the workflow is using AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID If these keys leak they can be used from anywhere. I would recommend creating a workflow IAM role in AWS that can be assumed with OICD to ensure that only github runners are able to limit access to the AWS account.
The following improvements should be made to the workflow for deploying terraform: