NYARAS/.gitlab-ci.yml

## .gitlab-ci.yml
variables:
   AWS_ROLE_ARN: <AWS_ROLE_ARN>
   AWS_WEB_IDENTITY_TOKEN_FILE: /tmp/web-identity-token

assume role:
  image:
      name: amazon/aws-cli
      entrypoint: [""]
  script:
    - >
      export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s"
      $(aws sts assume-role-with-web-identity
      --role-arn $AWS_ROLE_ARN
      --role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
      --web-identity-token $CI_JOB_JWT_V2
      --duration-seconds 3600
      --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]'
      --output text))
    - aws sts get-caller-identity
    - aws s3 ls s3://oidc-test-bucket/
	variables:
	AWS_ROLE_ARN: <AWS_ROLE_ARN>
	AWS_WEB_IDENTITY_TOKEN_FILE: /tmp/web-identity-token

	assume role:
	image:
	name: amazon/aws-cli
	entrypoint: [""]
	script:
	- >
	export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s"
	$(aws sts assume-role-with-web-identity
	--role-arn $AWS_ROLE_ARN
	--role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
	--web-identity-token $CI_JOB_JWT_V2
	--duration-seconds 3600
	--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]'
	--output text))
	- aws sts get-caller-identity
	- aws s3 ls s3://oidc-test-bucket/