Runner best practice

runner best practice on aws with iam roles

i’m hoping someone can point me in the direction of a video / blog / some other documentation on best practice for using gitlab runners on aws. we have a gitlab instance hosted by a third-party with runners on an eks cluster in one of our aws accounts

i want to be able to have runners assume a specific role for a job on a protected branch without allowing any user with access to the project to create jobs on feature branches to assume that same role if they know the name of it. i also want to cater for users’ personal projects where they should have access to a runner but not be able to assume roles if they know the name

i’m essentially to apply the principal of least privilege whilst having as few runners as i can get away with

thanks :slightly_smiling_face: