From 8d9ad74300b4b584335003669399a1055508385b Mon Sep 17 00:00:00 2001 From: new23d Date: Wed, 18 Aug 2021 13:24:49 +0100 Subject: [PATCH 1/2] current value turned to default under new variable --- main.tf | 1 + modules/runners/main.tf | 21 ++++++++++++++++----- modules/runners/variables.tf | 15 +++++++++++++++ variables.tf | 26 ++++++++++++++++++++++++++ 4 files changed, 58 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index 6a5e34e89e..36aa30fe20 100644 --- a/main.tf +++ b/main.tf @@ -97,6 +97,7 @@ module "runners" { runners_maximum_count = var.runners_maximum_count idle_config = var.idle_config enable_ssm_on_runners = var.enable_ssm_on_runners + egress_rules = var.runner_egress_rules runner_additional_security_group_ids = var.runner_additional_security_group_ids volume_size = var.volume_size diff --git a/modules/runners/main.tf b/modules/runners/main.tf index 65ac64db3d..ca00ec0f2e 100644 --- a/modules/runners/main.tf +++ b/modules/runners/main.tf @@ -128,12 +128,23 @@ resource "aws_security_group" "runner_sg" { vpc_id = var.vpc_id - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] + dynamic "egress" { + for_each = var.egress_rules + iterator = each + + content { + cidr_blocks = each.value.cidr_blocks + ipv6_cidr_blocks = each.value.ipv6_cidr_blocks + prefix_list_ids = each.value.prefix_list_ids + from_port = each.value.from_port + protocol = each.value.protocol + security_groups = each.value.security_groups + self = each.value.self + to_port = each.value.to_port + description = each.value.description + } } + tags = merge( local.tags, { diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index 99411ddf99..111fc84812 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -332,3 +332,18 @@ variable "kms_key_arn" { type = string default = null } + +variable "egress_rules" { + description = "List of egress rules for the GitHub runner instances." + type = list(object({ + cidr_blocks = list(string) + ipv6_cidr_blocks = list(string) + prefix_list_ids = list(string) + from_port = number + protocol = string + security_groups = list(string) + self = bool + to_port = number + description = string + })) +} diff --git a/variables.tf b/variables.tf index 5955b4e6cd..3b3eeeeda2 100644 --- a/variables.tf +++ b/variables.tf @@ -360,3 +360,29 @@ variable "delay_webhook_event" { type = number default = 30 } + +variable "runner_egress_rules" { + description = "List of egress rules for the GitHub runner instances." + type = list(object({ + cidr_blocks = list(string) + ipv6_cidr_blocks = list(string) + prefix_list_ids = list(string) + from_port = number + protocol = string + security_groups = list(string) + self = bool + to_port = number + description = string + })) + default = [{ + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + prefix_list_ids = null + from_port = 0 + protocol = "-1" + security_groups = null + self = null + to_port = 0 + description = null + }] +} From 55c54d4daf0c2a87449fdadd70e7724c983530a0 Mon Sep 17 00:00:00 2001 From: new23d Date: Wed, 18 Aug 2021 15:53:09 +0100 Subject: [PATCH 2/2] added defaults to submodule as well --- modules/runners/variables.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index 111fc84812..07803b87fb 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -346,4 +346,15 @@ variable "egress_rules" { to_port = number description = string })) + default = [{ + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + prefix_list_ids = null + from_port = 0 + protocol = "-1" + security_groups = null + self = null + to_port = 0 + description = null + }] }