Identity Providers
Overview of Identity Providers and how to attack.
OpenID Connect (OIDC)
OIDC is a secure way to connect 3rd party services like GitLab to AWS but if the Trust Policy is left in a default or otherwise insecure state, it's possible to exploit this and gain access to resources.
With this set up, any GitLab account can authenticate to AWS provided the AWS Account ID and IAM Role name is known.
This can be resolved by including additional conditions in the IAM Trust Policy.
I wrote a more detailed blog post on this below
Last updated