We want to implement Gitlab-AWS short-lived credentials but our Gitlab instance is located inside a private, non internet accessible VPC Subnet.
I have looked into VPC Endpoints but I cannot find the service related with the AWS Identity Provider so I can give access to the AWS service for out subnet.
Do you know how I can achive this without making Gitlab publically accessible? Or if I need to make it publically accessible (this will increase cost) how I can block all access except from our private subnet (I can do that) and from the AWS IPs? (I don't know if this is possible).
Any recommendations, best practice and workarounds would be very welcome.