{"id":20359387,"url":"https://github.com/saidsef/terraform-aws-gitlab-oidc","last_synced_at":"2025-06-30T15:33:40.419Z","repository":{"id":63002108,"uuid":"563970900","full_name":"saidsef/terraform-aws-gitlab-oidc","owner":"saidsef","description":"Terraform module to configure GitLab Runner as an IAM OIDC identity provider in AWS","archived":false,"fork":false,"pushed_at":"2025-06-01T21:44:55.000Z","size":77,"stargazers_count":5,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-02T07:33:32.219Z","etag":null,"topics":["aws","aws-iam-policies","aws-iam-role","federated-identity","gitlab","gitlab-runner","oidc","openid","openid-connect","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/saidsef.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"custom":["https://revolut.me/saidsef"]}},"created_at":"2022-11-09T18:07:00.000Z","updated_at":"2025-06-01T21:44:57.000Z","dependencies_parsed_at":"2023-02-13T23:35:20.642Z","dependency_job_id":"5b3cb4ed-c386-4030-a32b-5634d6b98d4f","html_url":"https://github.com/saidsef/terraform-aws-gitlab-oidc","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/saidsef/terraform-aws-gitlab-oidc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saidsef%2Fterraform-aws-gitlab-oidc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saidsef%2Fterraform-aws-gitlab-oidc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saidsef%2Fterraform-aws-gitlab-oidc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saidsef%2Fterraform-aws-gitlab-oidc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/saidsef","download_url":"https://codeload.github.com/saidsef/terraform-aws-gitlab-oidc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saidsef%2Fterraform-aws-gitlab-oidc/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262800936,"owners_count":23366466,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-iam-policies","aws-iam-role","federated-identity","gitlab","gitlab-runner","oidc","openid","openid-connect","terraform"],"created_at":"2024-11-14T23:33:41.436Z","updated_at":"2025-06-30T15:33:40.399Z","avatar_url":"https://github.com/saidsef.png","language":"HCL","funding_links":["https://revolut.me/saidsef"],"categories":[],"sub_categories":[],"readme":"# Terraform AWS GitLab OIDC Provider\n[![CI](https://github.com/saidsef/terraform-aws-gitlab-oidc/actions/workflows/ci.yaml/badge.svg)](#deployment--usage) ![GitHub issues](https://img.shields.io/github/issues-raw/saidsef/terraform-aws-gitlab-oidc) [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](./LICENSE.md)\n[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fsaidsef%2Fterraform-aws-gitlab-oidc.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fsaidsef%2Fterraform-aws-gitlab-oidc?ref=badge_shield)\n\nThis Terraform module enables you to configure GitLab Runners as an AWS IAM OIDC identity provider in AWS, which enables GitLab Runners to access resources within an AWS account(s) without requiring long-lived credentials to be stored as GitLab secrets.\n\n## Prerequisites\n\n- AWS Account(s) and credentials\n- GitLab repository\n- Terraform \u003e= 1.x\n- ...\n- Profit?\n\n## Deployment / Usage\n\n```terraform\nprovider \"aws\" {\n  region = var.region\n}\n\nmodule \"gitlab_oidc\" {\n  source  = \"saidsef/gitlab-oidc/aws\"\n  version = \"\u003e= 1\"\n\n  attach_read_only_policy = true\n  gitlab_organisation     = \"saidsef\"\n  gitlab_repositories     = [\n  {\n      name     = \"terraform-aws-gitlab-oidc\",\n      refs     = [\"main\", \"pr-*\", \"*pull*\", \"*\"]\n      ref_type = \"branch\"\n    },\n    {\n      name     = \"terraform-aws-gitlab-oidc\",\n      refs     = [\"*\"]\n      ref_type = \"tag\"\n    }\n]\n  tags                    = var.tags\n}\n```\n\n## Provider Specifications and Requirements\n\nPlease see [TERRAFORM.md](./TERRAFORM.md)\n\n## GitLab Runner\n\nRetrieve temporary credentials via [GitLab Runner](https://github.com/saidsef/terraform-aws-gitlab-oidc/blob/a9f7cf02fd5789b41f2aca5978c752b8fc843977/.gitlab-ci.yml#L16-L28)\n\n## JWT\n\n\u003chttps://github.com/saidsef/terraform-aws-gitlab-oidc/blob/a9f7cf02fd5789b41f2aca5978c752b8fc843977/.gitlab-ci.yml#L16-L28\u003e\n\n\u003e `CI_JOB_JWT` and `CI_JOB_JWT_V2` were [deprecated in GitLab 15.9](https://docs.gitlab.com/ee/update/deprecations.html#old-versions-of-json-web-tokens-are-deprecated) and are scheduled to be removed in GitLab 17.0. Use [ID tokens](https://docs.gitlab.com/ee/ci/yaml/index.html#id_tokens) instead.\n\n## ID Tokens\n\n\u003chttps://github.com/saidsef/terraform-aws-gitlab-oidc/blob/3546911a7b0563e95ed9502a5f63ab52efcfee63/.gitlab-ci.yml#L16-L32\u003e\n\n## Source\n\nOur latest and greatest source of `terraform-aws-gitlab-oidc` can be found on [GitHub](https://github.com/saidsef/terraform-aws-gitlab-oidc/). Fork us!\n\n## Contributing\n\nWe would :heart: you to contribute by making a [pull request](https://github.com/saidsef/terraform-aws-gitlab-oidc/pulls).\n\nPlease read the official [Contribution Guide](./CONTRIBUTING.md) for more information on how you can contribute.\n\n[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fsaidsef%2Fterraform-aws-gitlab-oidc.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fsaidsef%2Fterraform-aws-gitlab-oidc?ref=badge_large)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaidsef%2Fterraform-aws-gitlab-oidc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsaidsef%2Fterraform-aws-gitlab-oidc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaidsef%2Fterraform-aws-gitlab-oidc/lists"}