Integrating with AWS China

Last updated: November 7, 2024

Overview

Spacelift supports integration with AWS China regions, but due to specific restrictions from AWS in these regions, certain configuration adjustments are needed to enable seamless integration. AWS China does not permit role assumptions from non-China regions, so we recommend the following options to establish a secure and compliant connection.

Solutions

  1. Option 1: Use OpenID Connect (OIDC)

    Spacelift supports OIDC, which allows Spacelift to authenticate and authorize access to your AWS China account without requiring cross-region role assumptions.

    How to Set Up OIDC:

    • Configure OIDC in your AWS China account to establish a trusted relationship with Spacelift.

    • This method will allow Spacelift to communicate securely and directly with AWS China.

    View detailed instructions for configuring AWS OIDC integration.

  2. Option 2: Assume Role on Private Worker

    For customers utilizing private worker pools, you can enable the "Assume Role on Worker" option.

    How this Works:

    • This configuration allows role assumption to take place on the EC2 instance within the AWS China region itself, bypassing cross-region restrictions.

    • By deploying your worker pool in AWS China and ensuring the EC2 instance role has the necessary policies, Spacelift can perform role assumptions on the worker.

View detailed instructions for configuring assume AWS integration.