AWS integration per-environment role management

Problem to solve

Beyond https://gitlab.com/gitlab-org/gitlab-ce/issues/57780, it would be good to have a way to have the equivalent of aws sts assume-role … managed by the AWS integration, and configurable per-environment.. or perhaps even per-job. That way, it's easier to write generic CI jobs for multiple projects, and delegate the handling of AWS credentials and sessions to something else instead of coding all the possibilities into each job.

Target audience

• Devon, DevOps Engineer, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#devon-devops-engineer

• Sidney, Systems Administrator, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#sidney-systems-administrator

Further details

Sourced from comment https://gitlab.com/gitlab-org/gitlab-ce/issues/57780#note_146661044

Proposal

TBD

Permissions and Security

TBD but can likely follow existing security controls

Documentation

TBD

What does success look like, and how can we measure that?

TBD - possibly just measuring usage of main feature.

Links / references