Provide official container with aws client installed
Problem to solve
As part of &1804, we should add support for AWS deployments in a simple way.
In contrast to a recipe (https://gitlab.com/gitlab-org/gitlab-ce/issues/53307), this should be much more built-in, discoverable, well-documented and part of the primary user experience for people setting up deployments to this cloud. They should also be maintained over time rather than being a bit of reference code stored somewhere.
Teams implementing CD for the cloud
For the first iteration we should create a container that can be used to perform arbitrary CLI commands. It should automatically authenticate using environment variables or a simple service integration made available to the container (note that it's likely that different credentials are needed for different environments), and fail if the needed values are not there.
deploy: stage: deploy image: gitlab/[email protected] script: - aws ..."
AWS does not provide a preconfigured AWS client Docker image to build on.
In the future, more sophisticated GitLab-specific behaviors can be integrated with the container, but as-is this will help teams get up and running using GitLab CI much more quickly. We could also consider including https://github.com/python-gitlab/python-gitlab ready to run.
- Create new project (a new
gitlab-org/cloud-deployproject? Can always be moved elsewhere if another location makes more sense).
- Create new Dockerfile(s) (for both based on Alpine and Ubuntu?).
- Have available images on Docker Hub.
.gitlab-ci.ymlby specifying image, env vaiables (AWS EC2 token? others?) and some
- Run pipeline: check output, make sure that communication with ec2 instance is made and commands are run.
- Run pipeline again without env. variables previously set: make sure that ssh to ec2 instance fails correctly.
Number of planned MR(s): 2 - one per used base Docker image.
Permissions and Security
What does success look like, and how can we measure that?
Links / references
- This is related to what GitHub provides via an action (https://github.com/actions/aws). If possible, we could leverage the same open source code so it is always kept up to date and working by community contributors.