Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there a way to disable NAT Gateway and deploy directly to public subnets? #3528

Closed
guillaume-michel opened this issue Oct 6, 2023 · 1 comment · Fixed by #3547
Closed

Is there a way to disable NAT Gateway and deploy directly to public subnets? #3528

guillaume-michel opened this issue Oct 6, 2023 · 1 comment · Fixed by #3547

Comments

@guillaume-michel
Copy link

guillaume-michel commented Oct 6, 2023
edited
Loading

Hi,
We would like to cut down the cost of NAT Gateway and we don't mind for now, having our runners in subnet with direct internet access.

Is there a way to achieve this please?
@imishchuk-carbon imishchuk-carbon mentioned this issue Oct 17, 2023
Merged
2 tasks
@imishchuk-carbon
Copy link
Contributor

Hello @guillaume-michel

We've investigated this question too and as far as I can see, currently there is no option to associate Public IPs with runners.

I've submitted this PR to add necessary functionality.

For context:
Running runners in private subnet behind NAT gateways incurs additional cost due to NAT gateway usage. In AWS Cost Explorer this can be found under UsageTypes -> NatGateway-Bytes.
In our case that is ~13k $/year.

Placing runners in public subnet with public IP associated in theory makes them accessible from internet, but:

  1. By default, security group does not allow any ingress traffic
  2. In case of ephemeral runners, they are short lived
  3. By default runners don't have any SSH key associated

Based on that, risk likelihood is deemed low.

npalm referenced this issue Oct 26, 2023
@imishchuk-carbon @npalm
feat: Add public IP association to github runner (#3547)
1a25b2c 
### Description

* Add option to associate public IP with runner (disabled by default)

Fixes
[3528](https://github.com/philips-labs/terraform-aws-github-runner/issues/3528)

Suggested changes have been used in our env for over a month and it
works as expected.

### Checklists

**Development and testing:**
- [x] All tests related to the changed code pass in development
- [x] Pull request is ready for review

---------

Co-authored-by: Niek Palm <[email protected]>
npalm referenced this issue Oct 26, 2023
@imishchuk-carbon @npalm
feat: Add public IP association to github runner (#3547)
586020a 
### Description

* Add option to associate public IP with runner (disabled by default)

Fixes
[3528](https://github.com/philips-labs/terraform-aws-github-runner/issues/3528)

Suggested changes have been used in our env for over a month and it
works as expected.

### Checklists

**Development and testing:**
- [x] All tests related to the changed code pass in development
- [x] Pull request is ready for review

---------

Co-authored-by: Niek Palm <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add public IP association to github runner mdcollab/terraform-aws-github-runner
2 participants
@guillaume-michel @imishchuk-carbon