1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
2. Make sure the issue has been reviewed and agreed.
3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation).
3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation).
Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.
This project builds a Docker image with an API able to retrieve authorization tokens from AWS APIs.
It is aimed at being used in GitLab CI as a [service container](https://docs.gitlab.com/ee/ci/services/)
It is aimed at being used in GitLab CI as a [service container](https://docs.gitlab.com/ci/services/)
in order to decouple the image of your jobs and the way AWS authorization tokens are retrieved.
## API usage
@@ -20,7 +20,7 @@ This is therefore a way of specializing configuration variables to a specific co
#### How is guessed `env_ctx`?
When not explicitly set, `env_ctx` is automatically guessed based on [GitLab predefined variables](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html):
When not explicitly set, `env_ctx` is automatically guessed based on [GitLab predefined variables](https://docs.gitlab.com/ci/variables/predefined_variables/):
| `$CI_COMMIT_REF_NAME` | `env_ctx` value |
| --------------------- | --------------- |
@@ -33,7 +33,7 @@ When not explicitly set, `env_ctx` is automatically guessed based on [GitLab pre
The API supports two authentication methods:
1. basic authentication with AWS access key ID & secret access key,
2. or [federated authentication using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/).
2. or [federated authentication using OpenID Connect](https://docs.gitlab.com/ci/cloud_services/aws/).
#### Basic authentication
@@ -44,11 +44,11 @@ The expected environment variables are `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCES
#### Federated authentication using OpenID Connect
The API supports [OpenID Connect to retrieve temporary credentials](https://docs.gitlab.com/ee/ci/cloud_services/aws/).
The API supports [OpenID Connect to retrieve temporary credentials](https://docs.gitlab.com/ci/cloud_services/aws/).
If you wish to use this authentication mode, please apply carefully the instructions from the GitLab guide, then provide the following variables to the API:
*`AWS_JWT` for the JWT token (using GitLab [ID Tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html)),
*`AWS_JWT` for the JWT token (using GitLab [ID Tokens](https://docs.gitlab.com/ci/secrets/id_token_authentication/)),
*`AWS_OIDC_ROLE_ARN`: the configured role ARN.
You may specialize those variables for the current `env_ctx`.
