AWS integration per-environment role management
Problem to solve
Beyond https://gitlab.com/gitlab-org/gitlab-ce/issues/57780, it would be good to have a way to have the equivalent of aws sts assume-role …
managed by the AWS integration, and configurable per-environment.. or perhaps even per-job. That way, it's easier to write generic CI jobs for multiple projects, and delegate the handling of AWS credentials and sessions to something else instead of coding all the possibilities into each job.
Target audience
-
Devon, DevOps Engineer, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#devon-devops-engineer
-
Sidney, Systems Administrator, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#sidney-systems-administrator
Further details
Sourced from comment https://gitlab.com/gitlab-org/gitlab-ce/issues/57780#note_146661044
Proposal
TBD
Permissions and Security
TBD but can likely follow existing security controls
Documentation
TBD
What does success look like, and how can we measure that?
TBD - possibly just measuring usage of main feature.