You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
***lambda:** bump the aws group in /lambdas with 6 updates ([#4525](https://github.com/github-aws-runners/terraform-aws-github-runner/issues/4525)) ([e0306f6](https://github.com/github-aws-runners/terraform-aws-github-runner/commit/e0306f6db7049d118c46672cf46dc9bc24019d16))
9
+
***lambda:** bump the octokit group in /lambdas with 2 updates ([#4527](https://github.com/github-aws-runners/terraform-aws-github-runner/issues/4527)) ([a787f1f](https://github.com/github-aws-runners/terraform-aws-github-runner/commit/a787f1fdd8f327d5d567d2ed6854390593fafff1))
| <aname="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter)| Map of lists used to create the AMI filter for the action runner AMI. |`map(list(string))`| <pre>{<br/> "state": [<br/> "available"<br/> ]<br/>}</pre> | no |
109
+
| <a name="input_ami"></a> [ami](#input\_ami) | AMI configuration for the action runner instances. This object allows you to specify all AMI-related settings in one place.<br/><br/>Parameters:<br/>- `filter`: Map of lists to filter AMIs by various criteria (e.g., { name = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-*"], state = ["available"] })<br/>- `owners`: List of AMI owners to limit the search. Common values: ["amazon"], ["self"], or specific AWS account IDs<br/>- `id_ssm_parameter_name`: Name of an SSM parameter containing the AMI ID. If specified, this overrides the AMI filter<br/>- `id_ssm_parameter_arn`: ARN of an SSM parameter containing the AMI ID. If specified, this overrides both AMI filter and parameter name<br/>- `kms_key_arn`: Optional KMS key ARN if the AMI is encrypted with a customer managed key<br/><br/>Defaults to null, in which case the module falls back to individual AMI variables (deprecated). | <pre>object({<br/> filter = optional(map(list(string)), { state = ["available"] })<br/> owners = optional(list(string), ["amazon"])<br/> id_ssm_parameter_arn = optional(string, null)<br/> kms_key_arn = optional(string, null)<br/> })</pre> | `null` | no |
110
+
| <aname="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter)|[DEPRECATED: Use ami.filter] Map of lists used to create the AMI filter for the action runner AMI. |`map(list(string))`| <pre>{<br/> "state": [<br/> "available"<br/> ]<br/>}</pre> | no |
110
111
| <a name="input_ami_housekeeper_cleanup_config"></a> [ami\_housekeeper\_cleanup\_config](#input\_ami\_housekeeper\_cleanup\_config) | Configuration for AMI cleanup.<br/><br/> `amiFilters` - Filters to use when searching for AMIs to cleanup. Default filter for images owned by the account and that are available.<br/> `dryRun` - If true, no AMIs will be deregistered. Default false.<br/> `launchTemplateNames` - Launch template names to use when searching for AMIs to cleanup. Default no launch templates.<br/> `maxItems` - The maximum numer of AMI's tha will be queried for cleanup. Default no maximum.<br/> `minimumDaysOld` - Minimum number of days old an AMI must be to be considered for cleanup. Default 30.<br/> `ssmParameterNames` - SSM parameter names to use when searching for AMIs to cleanup. This parameter should be set when using SSM to configure the AMI to use. Default no SSM parameters. | <pre>object({<br/> amiFilters = optional(list(object({<br/> Name = string<br/> Values = list(string)<br/> })),<br/> [{<br/> Name : "state",<br/> Values : ["available"],<br/> },<br/> {<br/> Name : "image-type",<br/> Values : ["machine"],<br/> }]<br/> )<br/> dryRun = optional(bool, false)<br/> launchTemplateNames = optional(list(string))<br/> maxItems = optional(number)<br/> minimumDaysOld = optional(number, 30)<br/> ssmParameterNames = optional(list(string))<br/> })</pre> | `{}` | no |
111
112
| <aname="input_ami_housekeeper_lambda_s3_key"></a> [ami\_housekeeper\_lambda\_s3\_key](#input\_ami\_housekeeper\_lambda\_s3\_key)| S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. |`string`|`null`| no |
112
113
| <aname="input_ami_housekeeper_lambda_s3_object_version"></a> [ami\_housekeeper\_lambda\_s3\_object\_version](#input\_ami\_housekeeper\_lambda\_s3\_object\_version)| S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. |`string`|`null`| no |
113
114
| <aname="input_ami_housekeeper_lambda_schedule_expression"></a> [ami\_housekeeper\_lambda\_schedule\_expression](#input\_ami\_housekeeper\_lambda\_schedule\_expression)| Scheduler expression for action runner binary syncer. |`string`|`"rate(1 day)"`| no |
114
115
| <aname="input_ami_housekeeper_lambda_timeout"></a> [ami\_housekeeper\_lambda\_timeout](#input\_ami\_housekeeper\_lambda\_timeout)| Time out of the lambda in seconds. |`number`|`300`| no |
115
116
| <aname="input_ami_housekeeper_lambda_zip"></a> [ami\_housekeeper\_lambda\_zip](#input\_ami\_housekeeper\_lambda\_zip)| File location of the lambda zip file. |`string`|`null`| no |
116
-
| <aname="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name)|Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami\_filter|`string`|`null`| no |
117
-
| <aname="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn)| Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI |`string`|`null`| no |
118
-
| <aname="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners)| The list of owners used to select the AMI of action runner instances. |`list(string)`| <pre>[<br/> "amazon"<br/>]</pre> | no |
117
+
| <aname="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name)|[DEPRECATED: Use ami.id\_ssm\_parameter\_name] String used to construct the SSM parameter name used to resolve the latest AMI ID for the runner instances. The SSM parameter should be of type String and contain a valid AMI ID. The default behavior is to use the latest Ubuntu 22.04 AMI.|`string`|`null`| no |
118
+
| <aname="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn)|[DEPRECATED: Use ami.kms\_key\_arn]Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI |`string`|`null`| no |
119
+
| <aname="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners)|[DEPRECATED: Use ami.owners]The list of owners that should be used to find the AMI. |`list(string)`| <pre>[<br/> "amazon"<br/>]</pre> | no |
119
120
| <aname="input_associate_public_ipv4_address"></a> [associate\_public\_ipv4\_address](#input\_associate\_public\_ipv4\_address)| Associate public IPv4 with the runner. Only tested with IPv4 |`bool`|`false`| no |
120
121
| <aname="input_aws_partition"></a> [aws\_partition](#input\_aws\_partition)| (optiona) partition in the arn namespace to use if not 'aws' |`string`|`"aws"`| no |
@@ -141,7 +142,7 @@ Join our discord community via [this invite link](https://discord.gg/bxgXW8jJGh)
141
142
| <aname="input_eventbridge"></a> [eventbridge](#input\_eventbridge)| Enable the use of EventBridge by the module. By enabling this feature events will be put on the EventBridge by the webhook instead of directly dispatching to queues for scaling.<br/><br/> `enable`: Enable the EventBridge feature.<br/> `accept_events`: List can be used to only allow specific events to be putted on the EventBridge. By default all events, empty list will be be interpreted as all events. | <pre>object({<br/> enable = optional(bool, true)<br/> accept_events = optional(list(string), null)<br/> })</pre> |`{}`| no |
142
143
| <aname="input_ghes_ssl_verify"></a> [ghes\_ssl\_verify](#input\_ghes\_ssl\_verify)| GitHub Enterprise SSL verification. Set to 'false' when custom certificate (chains) is used for GitHub Enterprise Server (insecure). |`bool`|`true`| no |
143
144
| <aname="input_ghes_url"></a> [ghes\_url](#input\_ghes\_url)| GitHub Enterprise Server URL. Example: https://github.internal.co - DO NOT SET IF USING PUBLIC GITHUB. However if you are using Github Enterprise Cloud with data-residency (ghe.com), set the endpoint here. Example - https://companyname.ghe.com|`string`|`null`| no |
144
-
| <a name="input_github_app"></a> [github\_app](#input\_github\_app) | GitHub app parameters, see your github app. <br/> You can optionally create the SSM parameters yourself and provide the ARN and name here, through the `*_ssm` attributes.<br/> If you chose to provide the configuration values directly here, <br/> please ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`).<br/> Note: the provided SSM parameters arn and name have a precedence over the actual value (i.e `key_base64_ssm` has a precedence over `key_base64` etc). | <pre>object({<br/> key_base64 = optional(string)<br/> key_base64_ssm = optional(object({<br/> arn = string<br/> name = string<br/> }))<br/> id = optional(string)<br/> id_ssm = optional(object({<br/> arn = string<br/> name = string<br/> }))<br/> webhook_secret = optional(string)<br/> webhook_secret_ssm = optional(object({<br/> arn = string<br/> name = string<br/> }))<br/> })</pre> | n/a | yes |
145
+
| <a name="input_github_app"></a> [github\_app](#input\_github\_app) | GitHub app parameters, see your github app.<br/> You can optionally create the SSM parameters yourself and provide the ARN and name here, through the `*_ssm` attributes.<br/> If you chose to provide the configuration values directly here,<br/> please ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`).<br/> Note: the provided SSM parameters arn and name have a precedence over the actual value (i.e `key_base64_ssm` has a precedence over `key_base64` etc). | <pre>object({<br/> key_base64 = optional(string)<br/> key_base64_ssm = optional(object({<br/> arn = string<br/> name = string<br/> }))<br/> id = optional(string)<br/> id_ssm = optional(object({<br/> arn = string<br/> name = string<br/> }))<br/> webhook_secret = optional(string)<br/> webhook_secret_ssm = optional(object({<br/> arn = string<br/> name = string<br/> }))<br/> })</pre> | n/a | yes |
145
146
| <aname="input_idle_config"></a> [idle\_config](#input\_idle\_config)| List of time periods, defined as a cron expression, to keep a minimum amount of runners active instead of scaling down to 0. By defining this list you can ensure that in time periods that match the cron expression within 5 seconds a runner is kept idle. | <pre>list(object({<br/> cron = string<br/> timeZone = string<br/> idleCount = number<br/> evictionStrategy = optional(string, "oldest_first")<br/> }))</pre> |`[]`| no |
146
147
| <aname="input_instance_allocation_strategy"></a> [instance\_allocation\_strategy](#input\_instance\_allocation\_strategy)| The allocation strategy for spot instances. AWS recommends using `price-capacity-optimized` however the AWS default is `lowest-price`. |`string`|`"lowest-price"`| no |
147
148
| <aname="input_instance_max_spot_price"></a> [instance\_max\_spot\_price](#input\_instance\_max\_spot\_price)| Max price price for spot instances per hour. This variable will be passed to the create fleet as max spot price for the fleet. |`string`|`null`| no |
@@ -239,6 +240,7 @@ Join our discord community via [this invite link](https://discord.gg/bxgXW8jJGh)
| <aname="output_deprecated_variables_warning"></a> [deprecated\_variables\_warning](#output\_deprecated\_variables\_warning)| Warning for deprecated variables usage. These variables will be removed in a future release. Please migrate to using the consolidated 'ami' object. |
Copy file name to clipboardExpand all lines: docs/configuration.md
+36
Original file line number
Diff line number
Diff line change
@@ -163,6 +163,42 @@ The option `job_retry.delay_in_seconds` is the delay before the job status is ch
163
163
164
164
This module also allows you to run agents from a prebuilt AMI to gain faster startup times. The module provides several examples to build your own custom AMI. To remove old images, an [AMI housekeeper module](modules/public/ami-housekeeper.md) can be used. See the [AMI examples](ami-examples/index.md) for more details.
165
165
166
+
## AMI Configuration
167
+
168
+
By default, the module will automatically select appropriate AMI images:
169
+
- For Linux x64: Amazon Linux 2023 x86_64
170
+
- For Linux ARM64: Amazon Linux 2023 ARM64
171
+
- For Windows: Windows Server 2022 English Full ECS Optimized
172
+
173
+
However, you can override these defaults using the `ami` object in two ways:
174
+
175
+
1.**Using AMI Filters**
176
+
177
+
You can define filters and owners to look up an AMI. The module will store the AMI ID in an SSM parameter that is managed by the module.
178
+
179
+
```hcl
180
+
ami = {
181
+
filter = {
182
+
name = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-*"]
183
+
state = ["available"]
184
+
}
185
+
owners = ["amazon"]
186
+
}
187
+
```
188
+
189
+
2.**Using SSM Parameter**
190
+
191
+
Provide a parameter in SSM that contains the AMI ID. The parameter should be of type `String` and the module will grant the required lambdas access to this parameter.
> **Note:** The old way of configuring AMIs using individual variables (`ami_filter`, `ami_owners`, `ami_kms_key_arn`) is deprecated and will be removed in a future version. It is recommended to migrate to the new consolidated `ami` object.
200
+
201
+
166
202
## Logging
167
203
168
204
The module uses [AWS Lambda Powertools](https://awslabs.github.io/aws-lambda-powertools-typescript/latest/) for logging. By default the log level is set to `info`, by setting the log level to `debug` the incoming events of the Lambda are logged as well.
0 commit comments