Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-05-11 06:08:56 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-05-11 06:08:56 +0300
commit: 2536b66276bb72e64d185c07d7f62f9d4b1ff91f (patch)
tree: 68e98cb6af4d194a63e2fe512ed9bf2d6c04316e /doc/ci
parent: 2d9c62ffb595d2bf555046d09098a0d4af71e17f (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/doc/ci/cloud_services/aws/index.md b/doc/ci/cloud_services/aws/index.md
index e3655e67c7f..b1148d3a258 100644
--- a/doc/ci/cloud_services/aws/index.md
+++ b/doc/ci/cloud_services/aws/index.md
@@ -66,21 +66,24 @@ After you configure the OIDC and role, the GitLab CI/CD job can retrieve a tempo
 
 ```yaml
 assume role:
+  id_tokens:
+    GITLAB_OIDC_TOKEN:
+      aud: https://gitlab.example.com
   script:
     - >
       export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s"
       $(aws sts assume-role-with-web-identity
       --role-arn ${ROLE_ARN}
       --role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
-      --web-identity-token $CI_JOB_JWT_V2
+      --web-identity-token ${GITLAB_OIDC_TOKEN}
       --duration-seconds 3600
       --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]'
       --output text))
     - aws sts get-caller-identity
 ```
 
-- `CI_JOB_JWT_V2`: Predefined variable.
 - `ROLE_ARN`: The role ARN defined in this [step](#configure-a-role-and-trust).
+- `GITLAB_OIDC_TOKEN`: An OIDC [ID token](../../yaml/index.md#id_tokens).
 
 ## Working example
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-05-11 06:08:56 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-05-11 06:08:56 +0300
commit	2536b66276bb72e64d185c07d7f62f9d4b1ff91f (patch)
tree	68e98cb6af4d194a63e2fe512ed9bf2d6c04316e /doc/ci
parent	2d9c62ffb595d2bf555046d09098a0d4af71e17f (diff)