AWS Transform for mainframe refactor

Setup Gitlab

Create a CodeStar Connection (Mandatory)

You need to create a CodeConnection to GitLab in order to make CodePipelines work. This connection is a sort of token to the CodeSuite tools to connect to Gitlab.

  • Go to Connections. You can find Connections by going to any CodeSuite tool (CodeBuild, CodePipeline, etc), you can find it in the Settings section of the left panel
    aws-sde-dop-setup-gitlab_00.png
  • Click on Create connection
  • Select the GitLab self-managed provider
  • In Connection name, type Gitlab
  • The URL is f/
  • Tick the Use a VPC box
  • Select the Bluage VPC
  • Select the Private0 subnet
  • Select the seg-ec2-nlb-gitlab security group
  • Follow these steps to fill the TLS certificate field:
    1. Open a new tab to the AWS Certificate Manager (ACM) console
    2. In the left panel, click on List certificates
    3. Click on the Certificate ID where the Domain name is *.bluage.local
    4. In the top right, click on Export
    5. Type gitlab for the passphrase
    6. Tick the Billing acknowledgment box
    7. Click on Generate PEM Encoding
    8. Copy the Certificate body
    9. Come back to the CodeConnection tab and paste the certificate in the TLS certificate field
    10. Click on Connect to Gitlab self-managed

A window summarizing your connection appears. Wait for the Setup status in the Host section to turn Pending. (It can take up 5 mins). While waiting for the Setup status to be updated. We are going to create a Gitlab API token for the next steps

  • On your local computer, open a terminal, paste your temporary credentials and type the following command:
aws ssm start-session --region <AWS_REGION> --target <EC2_INSTANCE_ID> --parameters host="gitlab.bluage.local",localPortNumber="443",portNumber="443" --document-name AWS-StartPortForwardingSessionToRemoteHost

Note: The EC2_INSTANCE_ID variable must be the EC2 instance ID of ec2-<AWS_REGION>-gitlab

  1. Modify your C:\Windows\System32\drivers\etc\hosts file by adding the following line: 127.0.0.1 gitlab.bluage.local
  2. On your preferred browser, open https://gitlab.bluage.local
  3. The root credentials of Gitlab are referenced in the /gitlab/root secret of the AWS Secret Manager. Retrieve the credentials by clicking on Retrieve secret value
  4. Connect to Gitlab with these credentials
  5. On Gitlab, click on your avatar and Edit profile
    1. aws-sde-dop-setup-gitlab_01.png
  6. In the left panel, click on Access Tokens
  7. Click on Add new token
  8. In Token name, enter AWS
  9. The expiration date must be the end of the project
  10. In the Select scopes section, tick api
  11. Click on Create token
  12. Copy your personal access token
  13. Go back to the AWS CodeConnection Console and once the Setup status turns Pending, click on the new button Update pending connection appearing
  14. A new windows pops up requiring your Gitlab token. Paste it.
  15. Optional - The root credentials of Gitlab are referenced in the /gitlab/root secret of Secret Manager. Retrieve the credentials by clicking on Retrieve secret value. Connect to Gitlab with these credentials.
  16. Optional - Click on Sign in
  17. Click on Authorize AWS Connector for Gitlab Self-Managed
  18. Check your connection Status. It should appear as Available
    1. aws-sde-dop-setup-gitlab_02.png
    2. aws-sde-dop-setup-gitlab_03.png

  19. Copy the CodeConnection ARN and paste it in the env.yml file of the CDK

    Git commands over SSH (Windows and Linux) (Optional)

Note: Allowing Git commands over SSH will save you from having to enter your Gitlab credentials for each commit.

  1. On your dev EC2, open a terminal and type ssh-keygen -t ed25519
  2. Press Enter until the end
  3. Copy the content of id_ed25519.pub
    1. On linux: ~/.ssh/id_ed25519.pub
    2. On Windows: C:\Users\Administrator\.ssh\id_ed25519.pub
  4. On Gitlab, click on your avatar and Edit profile
    aws-sde-dop-setup-gitlab_04.png
  5. In the left panel, click on SSH Keys
  6. Click on Add new key
  7. Paste your key copied in step 3
  8. Modify the Expiration date field if necessary
  9. Click on Add key

  10. If you created your repository with an HTTPS git clone, you will have to reclone it with an SSH git clone

    Add the Blu Age certificate to your EC2 (Linux Only) (Optional)

Note: The Blu Age certificate is automatically added to the Dev windows EC2s. This step is for Linux EC2s

  1. Go to the AWS Certificate Manager (ACM) console
  2. In the left panel, click on List certificates
  3. Click on the Certificate ID where the Domain name is *.bluage.local
  4. In the top right, click on Export
  5. Type gitlab for the passphrase
  6. Tick the Billing acknowledgment box
  7. Click on Generate PEM Encoding
  8. Copy the Certificate chain and paste it in /etc/pki/ca-trust/source/anchors/gitlab.crt of your EC2.
  9. Run the command update-ca-trust