amazon-web-servicesgitlabamazon-iamassume-role

Using IAM role with Gitlab pipeline to deploy resources on AWS


I have recently signed up for gitlab trial and in the process of setting up a Terraform project in GitLab to deploy resources to one of our AWS accounts. I’ve reviewed the GitLab documentation on authenticating with AWS, but I can only find information on using IAM user access/secret key pairs. Instead, I would like to use an IAM role for authentication (basically the company standard). I’m wondering if anyone in the community has experience with this and could provide guidance on how to configure GitLab pipelines to assume an IAM role.

Any advice or resources would be greatly appreciated. Thank you!

Note: I've posted the same question on Gitlab forum and yet to receive a response.


Solution

  • Apparently, the only option is to use OpenID Connect in AWS to retrieve temporary credentials on Gitlab CI. https://docs.gitlab.com/ee/ci/cloud_services/aws/