0

We want to implement Gitlab-AWS short-lived credentials but our Gitlab instance is located inside a private, non internet accessible VPC Subnet.

I have looked into VPC Endpoints but I cannot find the service related with the AWS Identity Provider so I can give access to the AWS service for out subnet.

Do you know how I can achive this without making Gitlab publically accessible? Or if I need to make it publically accessible (this will increase cost) how I can block all access except from our private subnet (I can do that) and from the AWS IPs? (I don't know if this is possible).

Any recommendations, best practice and workarounds would be very welcome.

Improve this question

1 Answer 1

Reset to default
0

As I find out, AWS cannot access the Gitlab instance that is inside a private subnet, you need to have Gitlab exposed in the public internet, we are looking for ways to secure it using firewall rules and/or AWS Cognito for increased security if the traffic is not coming from inside the VPC or the Office.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .