AWS Federation for Gitlab CI Jobs – Your Feedback Wanted

3 points

4 years ago

Several months back it was asked here: https://news.ycombinator.com/item?id=28535016 if GitLab supported AWS Federation at the CI Job level (ID federation has been supported for a while)

In GitLab Alliances we struck up a customer success collaboration to see if our existing JWT token was already working and we would just need to provide enablement (instructions, working examples, videos, blogs, etc).

We learned that there was some product work to do so the collaboration eventually snowballed to be cross team and cross company to include participation from Customer Success, Product, Engineering, Sales and AWS through our mutual partnership.

As a result alpha support was released in 14.6 and will be fully released in 14.7.

For clarity - the AWS role you link to might be scoped to only give access to specific paths in Secrets Manager or it could give permissions to do changes to AWS environments.

We are seeking customer feedback here: https://gitlab.com/gitlab-org/gitlab/-/issues/346737

Here is the enablement for this new functionality: - New ODIC Documentation: https://docs.gitlab.com/ee/ci/cloud_services - New AWS Specific Documentation: https://docs.gitlab.com/ee/ci/cloud_services/aws/ - New Working Example: https://gitlab.com/guided-explorations/aws/configure-openid-connect-in-aws

Huge thanks go out to Joe Randazzo, Brad Downey, Viktor Nagy and Krasimir Angelov for working the following issues and MRs to get this done: - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72555 - https://gitlab.com/gitlab-org/gitlab/-/issues/216259 - https://gitlab.com/gitlab-com/alliances/aws/public-tracker/-/issues/17