chore: SSM prefix (#2704)

Author: npalm

Diff for: README.md

@@ -528,7 +528,7 @@ We welcome any improvement to the standard module to make the default as secure
 | <a name="input_runners_scale_up_lambda_timeout"></a> [runners\_scale\_up\_lambda\_timeout](#input\_runners\_scale\_up\_lambda\_timeout) | Time out for the scale up lambda in seconds. | `number` | `30` | no |
 | <a name="input_scale_down_schedule_expression"></a> [scale\_down\_schedule\_expression](#input\_scale\_down\_schedule\_expression) | Scheduler expression to check every x for scale down. | `string` | `"cron(*/5 * * * ? *)"` | no |
 | <a name="input_scale_up_reserved_concurrent_executions"></a> [scale\_up\_reserved\_concurrent\_executions](#input\_scale\_up\_reserved\_concurrent\_executions) | Amount of reserved concurrent executions for the scale-up lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | `number` | `1` | no |
-| <a name="input_ssm_paths"></a> [ssm\_paths](#input\_ssm\_paths) | The root path used in SSM to store configuration and secreets. | <pre>object({<br>    root       = string<br>    use_prefix = bool<br>    app        = string<br>    runners    = string<br>  })</pre> | <pre>{<br>  "app": "app",<br>  "root": "github-action-runners",<br>  "runners": "runners",<br>  "use_prefix": true<br>}</pre> | no |
+| <a name="input_ssm_paths"></a> [ssm\_paths](#input\_ssm\_paths) | The root path used in SSM to store configuration and secreets. | <pre>object({<br>    root       = optional(string, "github-action-runners")<br>    app        = optional(string, "app")<br>    runners    = optional(string, "runners")<br>    use_prefix = optional(bool, true)<br>  })</pre> | `{}` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | n/a | yes |
 | <a name="input_syncer_lambda_s3_key"></a> [syncer\_lambda\_s3\_key](#input\_syncer\_lambda\_s3\_key) | S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. | `string` | `null` | no |
 | <a name="input_syncer_lambda_s3_object_version"></a> [syncer\_lambda\_s3\_object\_version](#input\_syncer\_lambda\_s3\_object\_version) | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | `string` | `null` | no |

Diff for: examples/multi-runner/main.tf

@@ -7,11 +7,6 @@ resource "random_id" "random" {
   byte_length = 20
 }
 
-
-################################################################################
-### Hybrid account
-################################################################################
-
 module "multi-runner" {
   source = "../../modules/multi-runner"
   multi_runner_config = {

Diff for: modules/multi-runner/README.md

@@ -156,7 +156,7 @@ module "multi-runner" {
 | <a name="input_runners_lambda_zip"></a> [runners\_lambda\_zip](#input\_runners\_lambda\_zip) | File location of the lambda zip file for scaling runners. | `string` | `null` | no |
 | <a name="input_runners_scale_down_lambda_timeout"></a> [runners\_scale\_down\_lambda\_timeout](#input\_runners\_scale\_down\_lambda\_timeout) | Time out for the scale down lambda in seconds. | `number` | `60` | no |
 | <a name="input_runners_scale_up_lambda_timeout"></a> [runners\_scale\_up\_lambda\_timeout](#input\_runners\_scale\_up\_lambda\_timeout) | Time out for the scale up lambda in seconds. | `number` | `30` | no |
-| <a name="input_ssm_paths"></a> [ssm\_paths](#input\_ssm\_paths) | The root path used in SSM to store configuration and secreets. | <pre>object({<br>    root    = string<br>    app     = string<br>    runners = string<br>  })</pre> | <pre>{<br>  "app": "app",<br>  "root": "github-action-runners",<br>  "runners": "runners"<br>}</pre> | no |
+| <a name="input_ssm_paths"></a> [ssm\_paths](#input\_ssm\_paths) | The root path used in SSM to store configuration and secreets. | <pre>object({<br>    root    = optional(string, "github-action-runners")<br>    app     = optional(string, "app")<br>    runners = optional(string, "runners")<br>  })</pre> | `{}` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | n/a | yes |
 | <a name="input_syncer_lambda_s3_key"></a> [syncer\_lambda\_s3\_key](#input\_syncer\_lambda\_s3\_key) | S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. | `string` | `null` | no |
 | <a name="input_syncer_lambda_s3_object_version"></a> [syncer\_lambda\_s3\_object\_version](#input\_syncer\_lambda\_s3\_object\_version) | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | `string` | `null` | no |

Diff for: modules/multi-runner/main.tf

@@ -13,7 +13,7 @@ locals {
   tmp_distinct_list_unique_os_and_arch = distinct([for i, config in local.runner_config : { "os_type" : config.runner_config.runner_os, "architecture" : config.runner_config.runner_architecture } if config.runner_config.enable_runner_binaries_syncer])
   unique_os_and_arch                   = { for i, v in local.tmp_distinct_list_unique_os_and_arch : "${v.os_type}_${v.architecture}" => v }
 
-  ssm_root_path = "/${var.ssm_paths.root}"
+  ssm_root_path = "/${var.ssm_paths.root}/${var.prefix}"
 }
 
 resource "random_string" "random" {

Diff for: modules/multi-runner/runners.tf

@@ -13,7 +13,7 @@ module "runners" {
   s3_runner_binaries = each.value.runner_config.enable_runner_binaries_syncer ? local.runner_binaries_by_os_and_arch_map["${each.value.runner_config.runner_os}_${each.value.runner_config.runner_architecture}"] : null
 
   ssm_paths = {
-    root   = "${local.ssm_root_path}/${var.prefix}-${each.key}"
+    root   = "${local.ssm_root_path}/${each.key}"
     tokens = "${var.ssm_paths.runners}/tokens"
     config = "${var.ssm_paths.runners}/config"
   }

Diff for: modules/multi-runner/variables.tf

@@ -515,13 +515,9 @@ variable "workflow_job_queue_configuration" {
 variable "ssm_paths" {
   description = "The root path used in SSM to store configuration and secreets."
   type = object({
-    root    = string
-    app     = string
-    runners = string
+    root    = optional(string, "github-action-runners")
+    app     = optional(string, "app")
+    runners = optional(string, "runners")
   })
-  default = {
-    root    = "github-action-runners"
-    runners = "runners"
-    app     = "app"
-  }
+  default = {}
 }

Diff for: variables.tf

@@ -756,15 +756,10 @@ variable "enable_user_data_debug_logging_runner" {
 variable "ssm_paths" {
   description = "The root path used in SSM to store configuration and secreets."
   type = object({
-    root       = string
-    use_prefix = bool
-    app        = string
-    runners    = string
+    root       = optional(string, "github-action-runners")
+    app        = optional(string, "app")
+    runners    = optional(string, "runners")
+    use_prefix = optional(bool, true)
   })
-  default = {
-    root       = "github-action-runners"
-    use_prefix = true
-    runners    = "runners"
-    app        = "app"
-  }
+  default = {}
 }