terraform-aws-mcaf-gitlab-oidc

Terraform module to configure GitLab as an IAM OIDC identity provider in AWS.

IMPORTANT: We do not pin modules to versions in our examples. We highly recommend that in your code you pin the version to the exact version you are using so that your infrastructure remains stable.

Requirements

Name	Version
terraform	>= 1.3
aws	>= 4.0.0
tls	>= 4.0.0

Providers

Name	Version
aws	>= 4.0.0
tls	>= 4.0.0

Modules

Name	Source	Version
oidc_role	schubergphilis/mcaf-role/aws	~> 0.4.0

Resources

Name	Type
aws_iam_openid_connect_provider.gitlab	resource
aws_iam_openid_connect_provider.gitlab	data source
aws_iam_policy_document.assume_role_policy	data source
tls_certificate.gitlab	data source

Inputs

Name	Description	Type	Default	Required
create_provider	Toggle to whether or not create the provider. Put to false to not create the provider but instead data source it and create roles only.	bool	true	no
gitlab_url	GitLab URL. The address of your GitLab instance, such as https://gitlab.com or https://gitlab.example.com.	string	"https://gitlab.com"	no
iam_roles	Configuration for IAM roles, the key of the map is used as the IAM role name. Unless overwritten by setting the name field.	map(object({ description = optional(string, "Role assumed by the Gitlab IAM OIDC provider") name = optional(string, null) path = optional(string, "/") permissions_boundary_arn = optional(string, "") policy = optional(string, null) policy_arns = optional(set(string), []) subject_filter_allowed = object({ path = string ref_type = string ref = string }) }))	{}	no
tags	A mapping of tags to assign to all resources.	map(string)	null	no

Outputs

Name	Description
iam_roles	Map GitLab OIDC IAM roles name and ARN

Licensing

100% Open Source and licensed under the Apache License Version 2.0. See LICENSE for full details.