Merge branch 'master' into 'master' (7b0452bf) · Commits · to be continuous... / Amazon Web Services

templates/gitlab-ci-aws.yml

+9 −1

Original line number	Diff line number	Diff line
		@@ -372,7 +372,15 @@ stages:
		log_info "Obtaining temporary credentials with OpenID connect..."
		# see: https://docs.gitlab.com/ee/ci/cloud_services/aws/
		# shellcheck disable=SC2046,SC2183
		export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role-with-web-identity --role-arn "$oidc_role_arn" --role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}" --web-identity-token "${AWS_JWT:-$CI_JOB_JWT_V2}" --duration-seconds 3600 --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text))
		read -r AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN <<< $(aws sts assume-role-with-web-identity \
		--role-arn "$oidc_role_arn" \
		--role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}" \
		--web-identity-token "${AWS_JWT:-$CI_JOB_JWT_V2}" \
		--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \
		--output text)
		export AWS_ACCESS_KEY_ID
		export AWS_SECRET_ACCESS_KEY
		export AWS_SESSION_TOKEN
		aws sts get-caller-identity
		else
		log_info "Implicit authentication with AWS access key ID & secret access key..."