Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Several months back it was asked here: https://news.ycombinator.com/item?id=28535016 if GitLab supported AWS Federation at the CI Job level (ID federation has been supported for a while)
In GitLab Alliances we struck up a customer success collaboration to see if our existing JWT token was already working and we would just need to provide enablement (instructions, working examples, videos, blogs, etc).
We learned that there was some product work to do so the collaboration eventually snowballed to be cross team and cross company to include participation from Customer Success, Product, Engineering, Sales and AWS through our mutual partnership.
As a result alpha support was released in 14.6 and will be fully released in 14.7.
For clarity - the AWS role you link to might be scoped to only give access to specific paths in Secrets Manager or it could give permissions to do changes to AWS environments.
We are seeking customer feedback here: https://gitlab.com/gitlab-org/gitlab/-/issues/346737
Here is the enablement for this new functionality:
- New Working Example: https://gitlab.com/guided-explorations/aws/configure-openid-connect-in-aws
Huge thanks go out to Joe Randazzo, Brad Downey, Viktor Nagy and Krasimir Angelov for working the following issues and MRs to get this done:
- https://gitlab.com/gitlab-com/alliances/aws/public-tracker/-/issues/17