Debian Question posted in
The oficial documentation can be found here.

Debian – AWS retrieve credentials GitLab CI/CD

I followed this video to get credentials from AWS via GitLab CI/CD. Video link: https://www.youtube.com/watch?v=7PvTjYTkYTo

I created the same variables as seen in the video. The role has also been created in AWS.

variables:
  AWS_REGION: "eu-west-2"
  aws_profile: "OIDC"
  IGNORE_TF_DEPRECATION_WARNING: "true"

oidc-example:
  image:
    name: amazon/aws-cli:latest
    entrypoint: [""]
  id_tokens:
   MY_OIDC_TOKEN:
    aud: https://gitlab.com
  script:
  - aws sts get-caller-identity

I run the pipeline and I get this error:

$ aws sts get-caller-identity
Unable to locate credentials. You can configure credentials by running "aws configure".
Cleaning up project directory and file based variables 00:00
ERROR: Job failed: exit code 1

So I add – aws configure to the script

variables:
  AWS_REGION: "eu-west-2"
  aws_profile: "OIDC"
  IGNORE_TF_DEPRECATION_WARNING: "true"

oidc-example:
  image:
    name: amazon/aws-cli:latest
    entrypoint: [""]
  id_tokens:
   MY_OIDC_TOKEN:
    aud: https://gitlab.com
  script:
  - aws configure
  - aws sts get-caller-identity

And the above scripts returns this error

$ aws configure
AWS Access Key ID [None]: 
EOF when reading a line
Cleaning up project directory and file based variables 00:01
ERROR: Job failed: exit code 1

AWS CLI is installed

$ /usr/local/bin/aws --version
aws-cli/2.15.30 Python/3.11.8 Linux/5.4.109+ exe/x86_64.debian.12 prompt/off
$ aws configure
AWS Access Key ID [None]:

The end goal is have a GitLab CI/CD pipeline for my Teraform but I can’t get past step 1 of authenticating GitLab with AWS.

Tags:

2

Answers


  1. 0

    I’ve found AWS’s auth workflow to be a little finicky. For some reason, it’s very sensitive to environment variables. The following doc outlines the order that AWS looks for your creds: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-authentication.html

    Here’s how we auth with AWS in our Gitlab CI pipeline

    - aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
- aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
- aws configure set region "$AWS_DEFAULT_REGION"
- aws sts get-caller-identity

    I noticed you use "aws profile". It might help to set the AWS_PROFILE environment variable instead, assuming you have the correct AWS credentials and config files set up
    https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html

    Login or Signup to reply.
  2. 0

    If the gitlab branch is non-protected, make sure the gitlab variables where AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY, the protected variable checkbox is unchecked.

    CI/CD variable

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search