Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/saidsef/terraform-aws-gitlab-oidc
Terraform module to configure GitLab Runner as an IAM OIDC identity provider in AWS
https://github.com/saidsef/terraform-aws-gitlab-oidc
aws aws-iam-policies aws-iam-role federated-identity gitlab gitlab-runner oidc openid openid-connect terraform
Last synced: about 1 month ago
JSON representation
Terraform module to configure GitLab Runner as an IAM OIDC identity provider in AWS
- Host: GitHub
- URL: https://github.com/saidsef/terraform-aws-gitlab-oidc
- Owner: saidsef
- License: apache-2.0
- Created: 2022-11-09T18:07:00.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-08-03T00:51:38.000Z (5 months ago)
- Last Synced: 2024-08-03T01:59:06.402Z (5 months ago)
- Topics: aws, aws-iam-policies, aws-iam-role, federated-identity, gitlab, gitlab-runner, oidc, openid, openid-connect, terraform
- Language: HCL
- Homepage:
- Size: 69.3 KB
- Stars: 3
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
Awesome Lists containing this project
README
# Terraform AWS GitLab OIDC Provider
[![CI](https://github.com/saidsef/terraform-aws-gitlab-oidc/actions/workflows/ci.yaml/badge.svg)](#deployment--usage) ![GitHub issues](https://img.shields.io/github/issues-raw/saidsef/terraform-aws-gitlab-oidc) [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](./LICENSE.md)This Terraform module enables you to configure GitLab Runners as an AWS IAM OIDC identity provider in AWS, which enables GitLab Runners to access resources within an AWS account(s) without requiring long-lived credentials to be stored as GitLab secrets.
## Prerequisites
- AWS Account(s) and credentials
- GitLab repository
- Terraform >= 1.x
- ...
- Profit?## Deployment / Usage
```terraform
provider "aws" {
region = var.region
}module "gitlab_oidc" {
source = "saidsef/gitlab-oidc/aws"
version = ">= 1"attach_read_only_policy = true
gitlab_organisation = "saidsef"
gitlab_repositories = [
{
name = "terraform-aws-gitlab-oidc",
refs = ["main", "pr-*", "*pull*", "*"]
ref_type = "branch"
},
{
name = "terraform-aws-gitlab-oidc",
refs = ["*"]
ref_type = "tag"
}
]
tags = var.tags
}
```## Provider Specifications and Requirements
Please see [TERRAFORM.md](./TERRAFORM.md)
## GitLab Runner
Retrieve temporary credentials via [GitLab Runner](https://github.com/saidsef/terraform-aws-gitlab-oidc/blob/a9f7cf02fd5789b41f2aca5978c752b8fc843977/.gitlab-ci.yml#L16-L28)
## JWT
> `CI_JOB_JWT` and `CI_JOB_JWT_V2` were [deprecated in GitLab 15.9](https://docs.gitlab.com/ee/update/deprecations.html#old-versions-of-json-web-tokens-are-deprecated) and are scheduled to be removed in GitLab 17.0. Use [ID tokens](https://docs.gitlab.com/ee/ci/yaml/index.html#id_tokens) instead.
## ID Tokens
## Source
Our latest and greatest source of `terraform-aws-gitlab-oidc` can be found on [GitHub](https://github.com/saidsef/terraform-aws-gitlab-oidc/). Fork us!
## Contributing
We would :heart: you to contribute by making a [pull request](https://github.com/saidsef/terraform-aws-gitlab-oidc/pulls).
Please read the official [Contribution Guide](./CONTRIBUTING.md) for more information on how you can contribute.