trackiam
aws
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
trackiam
-
Minimal IAM policy for a (read-only) plan on AWS?
Does anyone know if there is a policy to allow terraform plan to run, but not allow any state changes? https://github.com/glassechidna/trackiam/tree/master/policies
-
AWS federation comes to GitHub Actions
Shoutouts to Aidan, he always manages to dig up some real obscure AWS insights!
I can recommend checking out his trackiam project too: https://github.com/glassechidna/trackiam
aws
-
Setting up GitLab + AWS EKS for CI/CD - help/insight needed please
Please see https://gitlab.com/guided-explorations/aws/gitlab-runner-autoscaling-aws-asg/
-
Best way to host GL Runners on AWS
AWS GL Vending machine https://gitlab.com/guided-explorations/aws/gitlab-runner-autoscaling-aws-asg/ Pros: each team deploying their own runner quickly helps with cost allocation Cons: doesnt seem to be updated, tested heavily I dont see runner caching solutions
-
AWS Federation for Gitlab CI Jobs – Your Feedback Wanted
- New Working Example: https://gitlab.com/guided-explorations/aws/configure-openid-connect-in-aws
Huge thanks go out to Joe Randazzo, Brad Downey, Viktor Nagy and Krasimir Angelov for working the following issues and MRs to get this done:
-
AWS federation comes to GitHub Actions
There are a couple approaches. GitLab's JWT token allows custom scripting to interface it to other systems. This demo shows custom integration with Vault (it also demonstrates our native integration - so you have to parse out which code you are looking at): https://gitlab.com/bdowney/vault-demo
Another approach is placing a GitLab runner within AWS and assigning it an IAM role directly. While this isn't as flexible, it is also not as complex to debug why a specific user can't build or deploy a job when another can.
In this scheme, there is potentially a runner per-dev team that has the same exact IAM profile as the dev team.
This can be done using KIAM for EKS runners, or if you are doing docker runners, you can use the "GitLab HA Scaling Runner Vending Machine for AWS EC2 ASG" here: https://gitlab.com/guided-explorations/aws/gitlab-runner-aut...
That last automation is designed to be self-service and can be setup in AWS Service Manager for teams to self-deploy their runners.
The many other benefits to this automation are enumerated here: https://gitlab.com/guided-explorations/aws/gitlab-runner-aut...
What are some alternatives?
terraform-aws-gitlab-runner - Terraform module for AWS GitLab runners on ec2 (spot) instances
aws-runas - aws-runas rewritten in Go
aws-cct - AWS Cost Comparison Tool - Moved to https://gitlab.agodadev.io/partnertech/aws-cct
aws-redis-iam-auth-golang - Using IAM authentication for Redis on AWS
vault-demo
gitlab
awsdtc - AWS Data Transfer Cost Explorer
aws-sdk-go-v2 - AWS SDK for the Go programming language.