Fix IAM policy error, make some stuff configurable #1

draoncc · 2020-10-12T15:46:07Z

I've found this module to be incredibly helpful but somewhat limiting with how many of the options weren't configurable. I've also run into an issue where the runner instance wasn't able to create spot requests due to ec2:AuthorizeSecurityGroupIngress missing in its IAM policy.

I'm not so sure about the default for the new variable tags. Perhaps just remove the default?

…tomatic scaling

…spot instances

…nners_name for runner ASG name, change local.runners_ssm_token_key into a variable

…ycle expiration days

nullify-app · 2023-01-17T15:32:15Z

policies.tf

-  policy = data.template_file.instance_profile.rendered
+  name_prefix = "gitlab-runner-instance-role"
+  role        = aws_iam_role.instance.name
+  policy      = data.template_file.instance_profile.rendered
 }

 resource "aws_cloudwatch_log_group" "environment" {


This could potentially be a aws-cloudwatch-log-group-customer-key vulnerability which is of LOW severity.
Message: CloudWatch log groups should be encrypted using CMK

draoncc added 3 commits October 12, 2020 17:08

Add ec2:AuthorizeSecurityGroupIngress to docker-machine IAM policy

e9ea2b2

Make runner version, tags and docker volumes configurable

26ef893

Add tags variable

e31cff2

draoncc requested a review from alex-harvey-z3q as a code owner October 12, 2020 15:46

Add optional docker login

b645e81

draoncc force-pushed the master branch from 5116d0d to b645e81 Compare December 3, 2020 16:58

draoncc added 7 commits December 3, 2020 18:02

Add run_untagged to default gitlab_runner_registration_config

16759bd

Add instance_type variable to control the GitLab Runner's instance type

94eb4d0

Add "enabled" to schedule_config variable to enable or disable ASG au…

28d9191

…tomatic scaling

Add "request_spot_instance" variable to enable or disable requesting …

c3e229e

…spot instances

Add "runners_tags" variable to control amazonec2-tags machine option

c294b0f

Upgrade runner version to v14.1.0

ba7ebd4

Log user-data to /var/log/user-data.log

7f2c000

draoncc force-pushed the master branch from eee1ed4 to 7f2c000 Compare July 29, 2021 13:52

draoncc added 3 commits November 12, 2021 12:46

Use name_prefix instead of name for IAM related resources, use var.ru…

6c35b45

…nners_name for runner ASG name, change local.runners_ssm_token_key into a variable

Fix installed Docker version to 19.03.9 (docker/machine#4858)

b3d829e

Add "runners_cache_expiration_days" variable to configure cache lifec…

cbde833

…ycle expiration days

nullify-app bot reviewed Jan 17, 2023

View reviewed changes

Add "root_size" variable to configure runners root disk size

59a1330

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix IAM policy error, make some stuff configurable #1

Fix IAM policy error, make some stuff configurable #1

Uh oh!

draoncc commented Oct 12, 2020

Uh oh!

nullify-app bot Jan 17, 2023

Uh oh!

Uh oh!

Fix IAM policy error, make some stuff configurable #1

Are you sure you want to change the base?

Fix IAM policy error, make some stuff configurable #1

Uh oh!

Conversation

draoncc commented Oct 12, 2020

Uh oh!

nullify-app bot Jan 17, 2023

Choose a reason for hiding this comment

Uh oh!

Uh oh!