diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-11 06:08:56 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-11 06:08:56 +0300 |
commit | 2536b66276bb72e64d185c07d7f62f9d4b1ff91f (patch) | |
tree | 68e98cb6af4d194a63e2fe512ed9bf2d6c04316e /doc/ci | |
parent | 2d9c62ffb595d2bf555046d09098a0d4af71e17f (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/ci')
-rw-r--r-- | doc/ci/cloud_services/aws/index.md | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/doc/ci/cloud_services/aws/index.md b/doc/ci/cloud_services/aws/index.md index e3655e67c7f..b1148d3a258 100644 --- a/doc/ci/cloud_services/aws/index.md +++ b/doc/ci/cloud_services/aws/index.md @@ -66,21 +66,24 @@ After you configure the OIDC and role, the GitLab CI/CD job can retrieve a tempo ```yaml assume role: + id_tokens: + GITLAB_OIDC_TOKEN: + aud: https://gitlab.example.com script: - > export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role-with-web-identity --role-arn ${ROLE_ARN} --role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}" - --web-identity-token $CI_JOB_JWT_V2 + --web-identity-token ${GITLAB_OIDC_TOKEN} --duration-seconds 3600 --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text)) - aws sts get-caller-identity ``` -- `CI_JOB_JWT_V2`: Predefined variable. - `ROLE_ARN`: The role ARN defined in this [step](#configure-a-role-and-trust). +- `GITLAB_OIDC_TOKEN`: An OIDC [ID token](../../yaml/index.md#id_tokens). ## Working example |