This Terraform module enables you to configure GitLab Runners as an AWS IAM OIDC identity provider in AWS, which enables GitLab Runners to access resources within an AWS account(s) without requiring long-lived credentials to be stored as GitLab secrets.
- AWS Account(s) and credentials
- GitLab repository
- Terraform >= 1.x
- ...
- Profit?
provider "aws" {
region = var.region
}
module "gitlab_oidc" {
source = "saidsef/gitlab-oidc/aws"
version = ">= 1"
attach_read_only_policy = true
gitlab_organisation = "saidsef"
gitlab_repositories = [
{
name = "terraform-aws-gitlab-oidc",
refs = ["main", "pr-*", "*pull*", "*"]
ref_type = "branch"
},
{
name = "terraform-aws-gitlab-oidc",
refs = ["*"]
ref_type = "tag"
}
]
tags = var.tags
}Please see TERRAFORM.md
Retrieve temporary credentials via GitLab Runner
Our latest and greatest source of terraform-aws-gitlab-oidc can be found on GitHub. Fork us!
We would ❤️ you to contribute by making a pull request.
Please read the official Contribution Guide for more information on how you can contribute.