This Terraform module enables you to configure GitLab Runners as an AWS IAM OIDC identity provider in AWS, which enables GitLab Runners to access resources within an AWS account(s) without requiring long-lived credentials to be stored as GitLab secrets.
- AWS Account(s) and credentials
- GitLab repository
- Terraform >= 1.x
- ...
- Profit?
provider "aws" {
region = var.region
}
module "gitlab_oidc" {
source = "saidsef/gitlab-oidc/aws"
version = ">= 1"
attach_read_only_policy = true
gitlab_organisation = "saidsef"
gitlab_repositories = [{
name = "terraform-aws-gitlab-oidc",
branches = ["main", "pr-*", "*pull*", "*"]
}]
tags = var.tags
}
Please see TERRAFORM.md
Retrieve temporary credentials via GitLab Runner
terraform-aws-gitlab-oidc/.gitlab-ci.yml
Lines 16 to 28 in a9f7cf0
Our latest and greatest source of terraform-aws-gitlab-oidc
can be found on GitHub. Fork us!
We would ❤️ you to contribute by making a pull request.
Please read the official Contribution Guide for more information on how you can contribute.