我按照此视频通过 GitLab CI/CD 从 AWS 获取凭证。视频链接:https://www.youtube.com/watch?v=7PvTjYTkYTo
我创建了与视频中相同的变量。该角色也已在 AWS 中创建。
variables:
AWS_REGION: "eu-west-2"
aws_profile: "OIDC"
IGNORE_TF_DEPRECATION_WARNING: "true"
oidc-example:
image:
name: amazon/aws-cli:latest
entrypoint: [""]
id_tokens:
MY_OIDC_TOKEN:
aud: https://gitlab.com
script:
- aws sts get-caller-identity
我运行管道并收到此错误:
$ aws sts get-caller-identity
Unable to locate credentials. You can configure credentials by running "aws configure".
Cleaning up project directory and file based variables 00:00
ERROR: Job failed: exit code 1
所以我将 - aws configure 添加到脚本中
variables:
AWS_REGION: "eu-west-2"
aws_profile: "OIDC"
IGNORE_TF_DEPRECATION_WARNING: "true"
oidc-example:
image:
name: amazon/aws-cli:latest
entrypoint: [""]
id_tokens:
MY_OIDC_TOKEN:
aud: https://gitlab.com
script:
- aws configure
- aws sts get-caller-identity
上面的脚本返回此错误
$ aws configure
AWS Access Key ID [None]:
EOF when reading a line
Cleaning up project directory and file based variables 00:01
ERROR: Job failed: exit code 1
AWS CLI 已安装
$ /usr/local/bin/aws --version
aws-cli/2.15.30 Python/3.11.8 Linux/5.4.109+ exe/x86_64.debian.12 prompt/off
$ aws configure
AWS Access Key ID [None]:
最终目标是为我的 Teraform 建立一个 GitLab CI/CD 管道,但我无法完成使用 AWS 验证 GitLab 的第 1 步。
我发现 AWS 的身份验证工作流程有点挑剔。由于某种原因,它对环境变量非常敏感。以下文档概述了 AWS 查找您的凭证的顺序:https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-authentication.html
以下是我们如何在 Gitlab CI 管道中使用 AWS 进行身份验证
- aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
- aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
- aws configure set region "$AWS_DEFAULT_REGION"
- aws sts get-caller-identity
我注意到您使用“aws profile”。假设您设置了正确的 AWS 凭证和配置文件,设置
AWS_PROFILE