TechQA.

AWS retrieve credentials GitLab CI/CD

40 views Asked by At

I followed this video to get credentials from AWS via GitLab CI/CD. Video link: https://www.youtube.com/watch?v=7PvTjYTkYTo

I created the same variables as seen in the video. The role has also been created in AWS.

variables:
  AWS_REGION: "eu-west-2"
  aws_profile: "OIDC"
  IGNORE_TF_DEPRECATION_WARNING: "true"

oidc-example:
  image:
    name: amazon/aws-cli:latest
    entrypoint: [""]
  id_tokens:
   MY_OIDC_TOKEN:
    aud: https://gitlab.com
  script:
  - aws sts get-caller-identity

I run the pipeline and I get this error:

$ aws sts get-caller-identity
Unable to locate credentials. You can configure credentials by running "aws configure".
Cleaning up project directory and file based variables 00:00
ERROR: Job failed: exit code 1

So I add - aws configure to the script

variables:
  AWS_REGION: "eu-west-2"
  aws_profile: "OIDC"
  IGNORE_TF_DEPRECATION_WARNING: "true"

oidc-example:
  image:
    name: amazon/aws-cli:latest
    entrypoint: [""]
  id_tokens:
   MY_OIDC_TOKEN:
    aud: https://gitlab.com
  script:
  - aws configure
  - aws sts get-caller-identity

And the above scripts returns this error

$ aws configure
AWS Access Key ID [None]: 
EOF when reading a line
Cleaning up project directory and file based variables 00:01
ERROR: Job failed: exit code 1

AWS CLI is installed

$ /usr/local/bin/aws --version
aws-cli/2.15.30 Python/3.11.8 Linux/5.4.109+ exe/x86_64.debian.12 prompt/off
$ aws configure
AWS Access Key ID [None]:

The end goal is have a GitLab CI/CD pipeline for my Teraform but I can't get past step 1 of authenticating GitLab with AWS.

amazon-web-services gitlab amazon-iam cicd
Original Q&A
1

There are 1 answers

1
Aj Sampang On

I've found AWS's auth workflow to be a little finicky. For some reason, it's very sensitive to environment variables. The following doc outlines the order that AWS looks for your creds: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-authentication.html

Here's how we auth with AWS in our Gitlab CI pipeline

- aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
- aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
- aws configure set region "$AWS_DEFAULT_REGION"
- aws sts get-caller-identity

I noticed you use "aws profile". It might help to set the AWS_PROFILE environment variable instead, assuming you have the correct AWS credentials and config files set up https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html

Related Questions in AMAZON-WEB-SERVICES

Related Questions in GITLAB

Related Questions in AMAZON-IAM

Related Questions in CICD

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions