From 2536b66276bb72e64d185c07d7f62f9d4b1ff91f Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 11 May 2023 03:08:56 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 doc/ci/cloud_services/aws/index.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'doc/ci')

diff --git a/doc/ci/cloud_services/aws/index.md b/doc/ci/cloud_services/aws/index.md
index e3655e67c7f..b1148d3a258 100644
--- a/doc/ci/cloud_services/aws/index.md
+++ b/doc/ci/cloud_services/aws/index.md
@@ -66,21 +66,24 @@ After you configure the OIDC and role, the GitLab CI/CD job can retrieve a tempo
 
 ```yaml
 assume role:
+  id_tokens:
+    GITLAB_OIDC_TOKEN:
+      aud: https://gitlab.example.com
   script:
     - >
       export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s"
       $(aws sts assume-role-with-web-identity
       --role-arn ${ROLE_ARN}
       --role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
-      --web-identity-token $CI_JOB_JWT_V2
+      --web-identity-token ${GITLAB_OIDC_TOKEN}
       --duration-seconds 3600
       --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]'
       --output text))
     - aws sts get-caller-identity
 ```
 
-- `CI_JOB_JWT_V2`: Predefined variable.
 - `ROLE_ARN`: The role ARN defined in this [step](#configure-a-role-and-trust).
+- `GITLAB_OIDC_TOKEN`: An OIDC [ID token](../../yaml/index.md#id_tokens).
 
 ## Working example
 
-- 
cgit v1.2.3