I want to use a GitLab Runner to deploy to AWS with Terraform. I have setup AWS credentials in GitLab "Variables" (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY). I must be misunderstanding how .gitlab-cy.yml performs string interpolation because I cannot get the credentials to populate.
The stage in question looks like this:
validate:
stage: validate
dependencies:
- lint
- unit
image:
name: hashicorp/terraform:light
entrypoint:
- "/usr/bin/env"
- "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
- "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}"
- "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}"
before_script:
- rm -rf terraform/test/.terraform
- terraform --version
- terraform init -input=false -backend-config="access_key=${AWS_ACCESS_KEY_ID}" -backend-config="secret_key=${AWS_SECRET_ACCESS_KEY}" terraform/test
script:
- terraform validate
The pipeline fails without fail on the terraform init command. However, just to confirm I'm not crazy, I did try a pipeline run with the credentials hardcoded and it worked (I also immediately learned about how to permanently delete commits and pipelines).
From the relevant GitLab documentation on variable usage, I don't see anything obviously wrong.
Error message:
Initializing the backend...
Error: error using credentials to get account ID: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
