Provide official container with aws client installed

Problem to solve

As part of &1804, we should add support for AWS deployments in a simple way.

In contrast to a recipe (https://gitlab.com/gitlab-org/gitlab-ce/issues/53307), this should be much more built-in, discoverable, well-documented and part of the primary user experience for people setting up deployments to this cloud. They should also be maintained over time rather than being a bit of reference code stored somewhere.

Intended users

Teams implementing CD for the cloud

Further details

Proposal

For the first iteration we should create a container that can be used to perform arbitrary CLI commands. It should automatically authenticate using environment variables or a simple service integration made available to the container (note that it's likely that different credentials are needed for different environments), and fail if the needed values are not there.

deploy:
  stage: deploy
  image: gitlab/gitlab-awsclient@1.0
  script:
    - aws ..."

AWS does not provide a preconfigured AWS client Docker image to build on.

In the future, more sophisticated GitLab-specific behaviors can be integrated with the container, but as-is this will help teams get up and running using GitLab CI much more quickly. We could also consider including https://github.com/python-gitlab/python-gitlab ready to run.

Planning breakdown

  • Create new project (a new gitlab-org/cloud-deploy project? Can always be moved elsewhere if another location makes more sense).
  • Create new Dockerfile(s) (for both based on Alpine and Ubuntu?).
  • Have available images on Docker Hub.

Tests:

  • Update .gitlab-ci.yml by specifying image, env vaiables (AWS EC2 token? others?) and some aws-cli commands.
  • Run pipeline: check output, make sure that communication with ec2 instance is made and commands are run.
  • Run pipeline again without env. variables previously set: make sure that ssh to ec2 instance fails correctly.

Number of planned MR(s): 2 - one per used base Docker image.

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

Links / references

  • This is related to what GitHub provides via an action (https://github.com/actions/aws). If possible, we could leverage the same open source code so it is always kept up to date and working by community contributors.
Edited by Jason Yavorsky