Amazon Q integration for testing and evaluation

This guide combines and builds on the following guides and sources. It describes Amazon Q set-up for testing and evaluation purposes:

This guide describes how to set up Amazon Q in a GitLab Linux package running in a VM, using the staging AI Gateway. The reason we need a GitLab Linux package instance instead of GDK is that the GitLab instance needs an HTTPS URL that can be accessed by Amazon Q.

Install and configure a GitLab Linux package on a virtual machine

  1. Create a VM in AWS

    1. Go to cloud sandbox, and login with OKTA
    2. Click “Create Individual Account”, and choose aws-*** (not aws-services-*** or aws-dedicated-***). This will create a AWS sandbox and display login credentials
    3. Configure an EC2 machine

    A few things to note:

    • Need to enable both HTTP and HTTPS traffic under firewall setting.
    • Copy the external IP of the VM instance created.

  2. Install GitLab

    1. Follow this guide on how to install GitLab Linux package. We need to set up the external URL and an initial password. Install GitLab using the following command:

      sudo GITLAB_ROOT_PASSWORD="your_password" EXTERNAL_URL="https://<vm-instance-external-ip>.nip.io" apt install gitlab-ee

      This will use nip.io as the DNS service so the GitLab instance can be accessed through HTTPs

  3. Config the newly installed GitLab instance

    1. SSH into the VM, and add the following config into /etc/gitlab/gitlab.rb

      gitlab_rails['env'] = {
  "GITLAB_LICENSE_MODE" => "test",
  "CUSTOMER_PORTAL_URL" => "https://customers.staging.gitlab.com",
  "CLOUD_CONNECTOR_BASE_URL" => "https://cloud.staging.gitlab.com"
}

    2. Apply the config changes by sudo gitlab-ctl reconfigure

  4. Obtain and activate a self-managed ultimate license

    1. Go to staging customers portal, select “Signin with GitLab.com account”.
    2. Instead of clicking “Buy new subscription”, go to the product page directly. For reason of this, see buy_subscription
    3. Purchase the subscription using a test credit card. An activation code will be given. Do not purchase a duo-pro add-on, because currently duo-pro and Q are mutually exclusive.
    4. Go to the GitLab instance created earlier (https://<vm-instance-external-ip>.nip.io), log in with root account. Then on the left sidebar, go to Admin > Subscription, and enter the activation code

Create and configure an AWS sandbox

  1. Follow the same step described above on how to create an AWS sandbox if you haven’t had one already.

  2. Login into the newly created AWS account and create an Identity Provider following this instruction with slight modifications:

    • Provider URL: https://glgo.staging.runway.gitlab.net/cc/oidc/<your_gitlab_instance_id>
    • Audience: gitlab-cc-<your_gitlab_instance_id>

    The GitLab instance ID can be found at <gitlab_url>/admin/ai/amazon_q_settings

  3. Create a new role using the identity provider. For this, we can follow this section exactly.

Add Amazon Q to GitLab

  1. Follow Enter the ARN in GitLab and enable Amazon Q exactly
  2. Now Q should be working. We can test it like this