This collection of AWS CloudFormation resource types allow GitLab to be controlled using AWS CloudFormation.
| Resource | Description | Documentation |
|---|---|---|
| GitLab::Code::Tag | This resource type manages a GitLab Git Tag | /GitLab-Code-Tag |
| GitLab::Groups::Group | This resource type manages a GitLab Group | /Gitlab-Groups-Group |
| GitLab::Groups::GroupAccessToGroup | This resource type manages a GitLab Group Access | /GitLab-Groups-GroupAccessToGroup |
| GitLab::Groups::UserMemberOfGroup | This resource type manages a GitLab Group Access | /GitLab-Groups-UserMemberOfGroup |
| GitLab::Projects::AccessToken | This resource type manages a GitLab Project Access Token | /GitLab-Projects-AccessToken |
| GitLab::Projects::GroupAccessToProject | This resource type manages a GitLab Projects Group Access | /GitLab-Projects-GroupAccessToProject |
| GitLab::Projects::Project | This resource type manages a GitLab Project | /GitLab-Projects-Project |
| GitLab::Projects::UserMemberOfProject | This resource type manages a GitLab Project User Membership | /GitLab-Projects-UserMemberOfProject |
To get started:
-
Sign in to the AWS Management Console with your account and navigate to CloudFormation.
-
Select "Public extensions" from the left hand pane and filter Publisher by "Third Party".
-
Use the search bar to filter by the "GitLab" prefix.
Note: All official GitLab resources begin with GitLab:: and specify that they are Published by GitLab.
-
Select the desired resource name to view more information about its schema, and click Activate.
-
On the Extension details page, specify:
- Extension name
- Execution role ARN
- Automatic updates for minor version releases
- Configuration
- In your terminal, specify the configuration data for the registered GitLab CloudFormation resource type, in the given account and region by using the SetTypeConfiguration operation:
For example:
$ aws cloudformation set-type-configuration \
--region us-west-2 --type RESOURCE \
--type-name GitLab::Code::Tag \
--configuration-alias default \
--configuration '{ "GitLabAccess": { "AccessToken": "{{resolve:ssm-secure:/cfn/gitlab/token:1}}", "Url": "{{resolve:ssm-secure:/cfn/gitlab/url:1}}"}}'- After you have your resource configured, create your AWS stack that includes any of the activated GitLab resources.
For more information about available commands and workflows, see the official AWS documentation.
The GitLab CloudFormation resources are available on the CloudFormation Public Registry in the following regions:
| Code | Name |
|---|---|
| us-east-1 | US East (N. Virginia) |
| us-east-2 | US East (Ohio) |
| us-west-1 | US West (N. California) |
| us-west-2 | US West (Oregon) |
| ap-south-1 | Asia Pacific (Mumbai) |
| ap-northeast-1 | Asia Pacific (Tokyo) |
| ap-northeast-2 | Asia Pacific (Seoul) |
| ap-southeast-1 | Asia Pacific (Singapore) |
| ap-southeast-2 | Asia Pacific (Sydney) |
| ca-central-1 | Canada (Central) |
| eu-central-1 | Europe (Frankfurt) |
| eu-west-1 | Europe (Ireland) |
| eu-west-2 | Europe (London) |
| eu-west-3 | Europe (Paris) |
| eu-north-1 | Europe (Stockholm) |
| sa-east-1 | South America (São Paulo) |
Note: To privately register a resource in any other region, use the provided packages.
---
AWSTemplateFormatVersion: '2010-09-09'
Description: Manages an organization's standard groups and users within GitLab
Parameters:
ParentGroupId:
Type: Number
Default: 16090842
Description: Enter the ID of an existing group, e.g. for a "sample-company", where new groups will be created
Resources:
All:
Type: GitLab::Groups::Group
Properties:
ParentId: { Ref: ParentGroupId }
Name: All Users
Path: company-all
AllIncludesAllDevelopers:
Type: GitLab::Groups::GroupAccessToGroup
Properties:
SharedGroupId: {Ref: All}
SharedWithGroupId: {Ref: AllDevelopers}
AccessLevel: Developer
AllIncludesAllReporters:
Type: GitLab::Groups::GroupAccessToGroup
Properties:
SharedGroupId: {Ref: All}
SharedWithGroupId: {Ref: AllReporters}
AccessLevel: Reporter
AllDevelopers:
Type: GitLab::Groups::Group
Properties:
ParentId: { Ref: ParentGroupId }
Name: All Developers
Path: company-all-developers
AllReporters:
Type: GitLab::Groups::Group
Properties:
ParentId: { Ref: ParentGroupId }
Name: All Reporters
Path: company-all-reporters
DeveloperUser1:
Type: GitLab::Groups::UserMemberOfGroup
Properties:
GroupId: {Ref: AllDevelopers}
Username: User1
AccessLevel: Developer
DeveloperSooz:
Type: GitLab::Groups::UserMemberOfGroup
Properties:
GroupId: {Ref: AllDevelopers}
Username: sooz
AccessLevel: Developer
ReporterBob:
Type: GitLab::Groups::UserMemberOfGroup
Properties:
GroupId: {Ref: AllReporters}
Username: bob
AccessLevel: Reporter
FrontEndDevelopers:
Type: GitLab::Groups::Group
Properties:
ParentId: { Ref: ParentGroupId }
Name: Front-End Developers
Path: company-front-end-developers
FrontEndDeveloperNakomis:
Type: GitLab::Groups::UserMemberOfGroup
Properties:
GroupId: {Ref: FrontEndDevelopers}
Username: Nakomis
AccessLevel: Developer
FrontEndReporters:
Type: GitLab::Groups::Group
Properties:
ParentId: { Ref: ParentGroupId }
Name: Front-End Reporters
Path: company-front-end-reporters
FrontEndReporterBob:
Type: GitLab::Groups::UserMemberOfGroup
Properties:
GroupId: {Ref: FrontEndReporters}
Username: bob
AccessLevel: Reporter---
AWSTemplateFormatVersion: '2010-09-09'
Description: Creates GitLab structure for a new project kick off, including projects, groups and users
Parameters:
ParentGroupId:
Type: Number
Default: 15776179
Description: Enter the ID of an existing group, e.g. for a "sample-company", where new groups will be created
Resources:
FrontEnd:
Type: GitLab::Projects::Project
Properties:
Name: AcmeProject-FrontEnd
BackEnd:
Type: GitLab::Projects::Project
Properties:
Name: AcmeProject-BackEnd
ProjectGroups:
Type: GitLab::Groups::Group
Properties:
Name: AcmeProject-AllGroups
ParentId: { Ref: ParentGroupId }
Path: acme-project-groups
ProjectManagers:
Type: GitLab::Groups::Group
Properties:
Name: AcmeProject-ProjectManagers
ParentId: { Ref: ProjectGroups }
Path: acme-project-project-managers
FrontEndDevelopers:
Type: GitLab::Groups::Group
Properties:
Name: AcmeProject-FrontEndDevelopers
ParentId: { Ref: ProjectGroups }
Path: acme-project-frontend-developers
BackEndDevelopers:
Type: GitLab::Groups::Group
Properties:
Name: AcmeProject-BackEndDevelopers
ParentId: { Ref: ProjectGroups }
Path: acme-project-backend-developers
ProjectManagerMemberOfGroup:
Type: GitLab::Groups::UserMemberOfGroup
Properties:
GroupId: {Ref: ProjectManagers }
Username: cloudsoft_admin_geralt
AccessLevel: Maintainer
FrontEndDeveloperMemberOfGroup:
Type: GitLab::Groups::UserMemberOfGroup
Properties:
GroupId: {Ref: FrontEndDevelopers }
Username: cloudsoft_developer_ciri
AccessLevel: Developer
BackEndDeveloperMemberOfGroup:
Type: GitLab::Groups::UserMemberOfGroup
Properties:
GroupId: {Ref: BackEndDevelopers }
Username: cloudsoft_developer_jaskier
AccessLevel: Developer
FullStackDeveloperMemberOfFrontEndGroup:
Type: GitLab::Groups::UserMemberOfGroup
Properties:
GroupId: { Ref: FrontEndDevelopers }
Username: cloudsoft_developer_yennefer
AccessLevel: Developer
FullStackDeveloperMemberOfBackEndGroup:
Type: GitLab::Groups::UserMemberOfGroup
Properties:
GroupId: { Ref: BackEndDevelopers }
Username: cloudsoft_developer_yennefer
AccessLevel: Developer
ManagersInFrontEndProject:
Type: GitLab::Projects::GroupAccessToProject
Properties:
ProjectId: { Ref: FrontEnd }
GroupId: { Ref: ProjectManagers }
AccessLevel: Maintainer
ManagersInBackEndProject:
Type: GitLab::Projects::GroupAccessToProject
Properties:
ProjectId: { Ref: BackEnd }
GroupId: { Ref: ProjectManagers }
AccessLevel: Maintainer
DevelopersInFrontEndProject:
Type: GitLab::Projects::GroupAccessToProject
Properties:
ProjectId: {Ref: FrontEnd }
GroupId: {Ref: FrontEndDevelopers}
AccessLevel: Developer
DevelopersInBackEndProject:
Type: GitLab::Projects::GroupAccessToProject
Properties:
ProjectId: { Ref: BackEnd }
GroupId: { Ref: BackEndDevelopers }
AccessLevel: Developer
DeveloperVesemirInFrontEndProject:
Type: GitLab::Projects::UserMemberOfProject
Properties:
ProjectId: { Ref: FrontEnd }
Username: cloudsoft_developer_vesemir
AccessLevel: DeveloperIt is becoming increasingly common to use CloudFormation as part of continuous deployment. This ensures that the latest code on a nominated branch is available, whether for review by dev/test (in a staging or develop branch) or for end-users (in a release branch).
With GitLab tags integration available from CloudFormation, it's trivial to have tags to indicate which commit is deployed. This can help us keep track of the version that is currently deployed, for example in a staging environment or even a live environment. We can easily refer to the Commit SHA reference of the tag to determine whether the version deployed on the staging environment has the desired state (e.g. if a particular commit is included in that build).
Simply add the following to your the CloudFormation template which is deployed and updated as part of the CD pipeline:
# Parameters:
# Timestamp
# CommitSha
# ProjectId
# TagPrefix
Resources:
GitLabTag:
Type: GitLab::Code::Tag
Properties:
Name: {Fn::Join: [{Ref: TagPrefix}, "-", {Ref: Timestamp}]}
Ref: {Ref: CommitSha}
Message: Commit currently deployed to dev-head staging environment
ProjectId: {Ref: ProjectId}