From cdd9eddea80444dc2c39d702732be958b70e2b89 Mon Sep 17 00:00:00 2001 From: Igor Mishchuk Date: Wed, 13 Sep 2023 10:49:10 +0300 Subject: [PATCH 1/7] allow assignment of public IP to runner --- modules/multi-runner/README.md | 1 + modules/multi-runner/runners.tf | 1 + modules/multi-runner/variables.tf | 6 ++++++ modules/runners/README.md | 1 + modules/runners/main.tf | 8 ++++++++ modules/runners/variables.tf | 6 ++++++ 6 files changed, 23 insertions(+) diff --git a/modules/multi-runner/README.md b/modules/multi-runner/README.md index 1e01796c39..6bbea21365 100644 --- a/modules/multi-runner/README.md +++ b/modules/multi-runner/README.md @@ -116,6 +116,7 @@ module "multi-runner" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Associate public IP with the runner | `bool` | `false` | no | | [aws\_partition](#input\_aws\_partition) | (optiona) partition in the arn namespace to use if not 'aws' | `string` | `"aws"` | no | | [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes | | [cloudwatch\_config](#input\_cloudwatch\_config) | (optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. | `string` | `null` | no | diff --git a/modules/multi-runner/runners.tf b/modules/multi-runner/runners.tf index 30cabe7f91..5237810381 100644 --- a/modules/multi-runner/runners.tf +++ b/modules/multi-runner/runners.tf @@ -102,4 +102,5 @@ module "runners" { pool_lambda_timeout = var.pool_lambda_timeout pool_runner_owner = each.value.runner_config.pool_runner_owner pool_lambda_reserved_concurrent_executions = var.pool_lambda_reserved_concurrent_executions + associate_public_ip_address = var.associate_public_ip_address } diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf index 12710ad923..fc435e7dab 100644 --- a/modules/multi-runner/variables.tf +++ b/modules/multi-runner/variables.tf @@ -554,3 +554,9 @@ variable "lambda_tracing_mode" { type = string default = null } + +variable "associate_public_ip_address" { + description = "Associate public IP with the runner" + type = bool + default = false +} diff --git a/modules/runners/README.md b/modules/runners/README.md index 63349b97ed..54fa786063 100644 --- a/modules/runners/README.md +++ b/modules/runners/README.md @@ -126,6 +126,7 @@ yarn run dist | [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami\_filter | `string` | `null` | no | | [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn) | Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | `string` | `null` | no | | [ami\_owners](#input\_ami\_owners) | The list of owners used to select the AMI of action runner instances. | `list(string)` | 
[
  "amazon"
]
| no | +| [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Associate public IP with the runner | `bool` | `false` | no | | [aws\_partition](#input\_aws\_partition) | (optional) partition for the base arn if not 'aws' | `string` | `"aws"` | no | | [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes | | [block\_device\_mappings](#input\_block\_device\_mappings) | The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`, `throughput`, `kms_key_id`, `snapshot_id`. | 
list(object({
    delete_on_termination = optional(bool, true)
    device_name           = optional(string, "/dev/xvda")
    encrypted             = optional(bool, true)
    iops                  = optional(number)
    kms_key_id            = optional(string)
    snapshot_id           = optional(string)
    throughput            = optional(number)
    volume_size           = number
    volume_type           = optional(string, "gp3")
  }))
| 
[
  {
    "volume_size": 30
  }
]
| no | diff --git a/modules/runners/main.tf b/modules/runners/main.tf index 9dbacbd4ff..e7b62703d1 100644 --- a/modules/runners/main.tf +++ b/modules/runners/main.tf @@ -175,6 +175,14 @@ resource "aws_launch_template" "runner" { tags = local.tags update_default_version = true + + dynamic "network_interfaces" { + for_each = var.associate_public_ip_address ? [var.associate_public_ip_address] : [] + iterator = associate_public_ip_address + content { + associate_public_ip_address = associate_public_ip_address.value + } + } } resource "aws_security_group" "runner_sg" { diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index dea9c8c898..e7d1010c65 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -616,3 +616,9 @@ variable "enable_jit_config" { type = bool default = null } + +variable "associate_public_ip_address" { + description = "Associate public IP with the runner" + type = bool + default = false +} From a6338eb8f458612a4a69ed0453f07bcb8a9a53ea Mon Sep 17 00:00:00 2001 From: Igor Mishchuk Date: Wed, 13 Sep 2023 11:05:52 +0300 Subject: [PATCH 2/7] mutually exclusive network_interfaces and vpc_security_group_ids --- modules/runners/main.tf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/runners/main.tf b/modules/runners/main.tf index e7b62703d1..8cd6cd57da 100644 --- a/modules/runners/main.tf +++ b/modules/runners/main.tf @@ -118,10 +118,10 @@ resource "aws_launch_template" "runner" { image_id = data.aws_ami.runner.id key_name = var.key_name - vpc_security_group_ids = compact(concat( + vpc_security_group_ids = !var.associate_public_ip_address ? compact(concat( var.enable_managed_runner_security_group ? [aws_security_group.runner_sg[0].id] : [], var.runner_additional_security_group_ids, - )) + )) : [] tag_specifications { resource_type = "instance" @@ -181,6 +181,10 @@ resource "aws_launch_template" "runner" { iterator = associate_public_ip_address content { associate_public_ip_address = associate_public_ip_address.value + security_groups = compact(concat( + var.enable_managed_runner_security_group ? [aws_security_group.runner_sg[0].id] : [], + var.runner_additional_security_group_ids, + )) } } } From 00e785167aae137039f34529c656a8d371238823 Mon Sep 17 00:00:00 2001 From: Igor Mishchuk Date: Fri, 20 Oct 2023 11:28:38 +0300 Subject: [PATCH 3/7] add ipv6 support --- modules/multi-runner/README.md | 1 + modules/multi-runner/runners.tf | 1 + modules/multi-runner/variables.tf | 6 ++++++ modules/runners/README.md | 1 + modules/runners/main.tf | 1 + modules/runners/variables.tf | 6 ++++++ 6 files changed, 16 insertions(+) diff --git a/modules/multi-runner/README.md b/modules/multi-runner/README.md index 7e0832222f..904becc194 100644 --- a/modules/multi-runner/README.md +++ b/modules/multi-runner/README.md @@ -127,6 +127,7 @@ module "multi-runner" { | [ghes\_url](#input\_ghes\_url) | GitHub Enterprise Server URL. Example: https://github.internal.co - DO NOT SET IF USING PUBLIC GITHUB | `string` | `null` | no | | [github\_app](#input\_github\_app) | GitHub app parameters, see your github app. Ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`). | 
object({
    key_base64     = string
    id             = string
    webhook_secret = string
  })
| n/a | yes | | [instance\_profile\_path](#input\_instance\_profile\_path) | The path that will be added to the instance\_profile, if not set the environment name will be used. | `string` | `null` | no | +| [ipv6\_address\_count](#input\_ipv6\_address\_count) | The number of IPv6 addresses to assign to a network interface | `number` | `0` | no | | [key\_name](#input\_key\_name) | Key pair name | `string` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | Optional CMK Key ARN to be used for Parameter Store. | `string` | `null` | no | | [lambda\_architecture](#input\_lambda\_architecture) | AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions. | `string` | `"arm64"` | no | diff --git a/modules/multi-runner/runners.tf b/modules/multi-runner/runners.tf index fb342364cd..8a78fd06b0 100644 --- a/modules/multi-runner/runners.tf +++ b/modules/multi-runner/runners.tf @@ -104,4 +104,5 @@ module "runners" { pool_runner_owner = each.value.runner_config.pool_runner_owner pool_lambda_reserved_concurrent_executions = var.pool_lambda_reserved_concurrent_executions associate_public_ip_address = var.associate_public_ip_address + ipv6_address_count = var.ipv6_address_count } diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf index fbc2d9d4ff..66f988f55c 100644 --- a/modules/multi-runner/variables.tf +++ b/modules/multi-runner/variables.tf @@ -562,3 +562,9 @@ variable "associate_public_ip_address" { type = bool default = false } + +variable "ipv6_address_count" { + description = "The number of IPv6 addresses to assign to a network interface" + type = number + default = 0 +} diff --git a/modules/runners/README.md b/modules/runners/README.md index 6f1dcc562a..a0ba7e3a4d 100644 --- a/modules/runners/README.md +++ b/modules/runners/README.md @@ -158,6 +158,7 @@ yarn run dist | [instance\_target\_capacity\_type](#input\_instance\_target\_capacity\_type) | Default lifecyle used runner instances, can be either `spot` or `on-demand`. | `string` | `"spot"` | no | | [instance\_type](#input\_instance\_type) | [DEPRECATED] See instance\_types. | `string` | `"m5.large"` | no | | [instance\_types](#input\_instance\_types) | List of instance types for the action runner. Defaults are based on runner\_os (amzn2 for linux and Windows Server Core for win). | `list(string)` | `null` | no | +| [ipv6\_address\_count](#input\_ipv6\_address\_count) | The number of IPv6 addresses to assign to a network interface | `number` | `0` | no | | [key\_name](#input\_key\_name) | Key pair name | `string` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | Optional CMK Key ARN to be used for Parameter Store. | `string` | `null` | no | | [lambda\_architecture](#input\_lambda\_architecture) | AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions. | `string` | `"arm64"` | no | diff --git a/modules/runners/main.tf b/modules/runners/main.tf index c44770473c..cc338aaf3a 100644 --- a/modules/runners/main.tf +++ b/modules/runners/main.tf @@ -182,6 +182,7 @@ resource "aws_launch_template" "runner" { iterator = associate_public_ip_address content { associate_public_ip_address = associate_public_ip_address.value + ipv6_address_count = var.ipv6_address_count security_groups = compact(concat( var.enable_managed_runner_security_group ? [aws_security_group.runner_sg[0].id] : [], var.runner_additional_security_group_ids, diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index b5b6f49eac..bf2d98bb90 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -628,3 +628,9 @@ variable "associate_public_ip_address" { type = bool default = false } + +variable "ipv6_address_count" { + description = "The number of IPv6 addresses to assign to a network interface" + type = number + default = 0 +} From 85865add0955fc570ff7cf490fd6398fc62ef30f Mon Sep 17 00:00:00 2001 From: Igor Mishchuk Date: Fri, 20 Oct 2023 12:28:08 +0300 Subject: [PATCH 4/7] configure s3 to dualstack if ipv6 is used --- modules/runners/templates/install-runner.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/runners/templates/install-runner.sh b/modules/runners/templates/install-runner.sh index d960d6f45c..ff87803ed9 100644 --- a/modules/runners/templates/install-runner.sh +++ b/modules/runners/templates/install-runner.sh @@ -10,6 +10,14 @@ if [ -z "$RUNNER_TARBALL_URL" ] && [ -z "$s3_location" ]; then exit 1 fi +ipv6=$(TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ +&& curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/ipv6 2>/dev/null | head -n 1 | cut -d$' ' -f2) + +if [[ $ipv6 == '200' ]]; then + aws configure set default.s3.use_dualstack_endpoint true + aws configure set default.s3.addressing_style virtual +fi + file_name="actions-runner.tar.gz" echo "Setting up GH Actions runner tool cache" From 989921a9e1170a3201fc5479d3abb11489c52ab3 Mon Sep 17 00:00:00 2001 From: Igor Mishchuk Date: Fri, 20 Oct 2023 13:02:20 +0300 Subject: [PATCH 5/7] Revert "configure s3 to dualstack if ipv6 is used" This reverts commit 85865add0955fc570ff7cf490fd6398fc62ef30f. --- modules/runners/templates/install-runner.sh | 8 -------- 1 file changed, 8 deletions(-) diff --git a/modules/runners/templates/install-runner.sh b/modules/runners/templates/install-runner.sh index ff87803ed9..d960d6f45c 100644 --- a/modules/runners/templates/install-runner.sh +++ b/modules/runners/templates/install-runner.sh @@ -10,14 +10,6 @@ if [ -z "$RUNNER_TARBALL_URL" ] && [ -z "$s3_location" ]; then exit 1 fi -ipv6=$(TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ -&& curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/ipv6 2>/dev/null | head -n 1 | cut -d$' ' -f2) - -if [[ $ipv6 == '200' ]]; then - aws configure set default.s3.use_dualstack_endpoint true - aws configure set default.s3.addressing_style virtual -fi - file_name="actions-runner.tar.gz" echo "Setting up GH Actions runner tool cache" From e6baaab8f78f199ed455bfa52762a8e6c7222b82 Mon Sep 17 00:00:00 2001 From: Igor Mishchuk Date: Fri, 20 Oct 2023 13:02:24 +0300 Subject: [PATCH 6/7] Revert "add ipv6 support" This reverts commit 00e785167aae137039f34529c656a8d371238823. --- modules/multi-runner/README.md | 1 - modules/multi-runner/runners.tf | 1 - modules/multi-runner/variables.tf | 6 ------ modules/runners/README.md | 1 - modules/runners/main.tf | 1 - modules/runners/variables.tf | 6 ------ 6 files changed, 16 deletions(-) diff --git a/modules/multi-runner/README.md b/modules/multi-runner/README.md index 904becc194..7e0832222f 100644 --- a/modules/multi-runner/README.md +++ b/modules/multi-runner/README.md @@ -127,7 +127,6 @@ module "multi-runner" { | [ghes\_url](#input\_ghes\_url) | GitHub Enterprise Server URL. Example: https://github.internal.co - DO NOT SET IF USING PUBLIC GITHUB | `string` | `null` | no | | [github\_app](#input\_github\_app) | GitHub app parameters, see your github app. Ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`). | 
object({
    key_base64     = string
    id             = string
    webhook_secret = string
  })
| n/a | yes | | [instance\_profile\_path](#input\_instance\_profile\_path) | The path that will be added to the instance\_profile, if not set the environment name will be used. | `string` | `null` | no | -| [ipv6\_address\_count](#input\_ipv6\_address\_count) | The number of IPv6 addresses to assign to a network interface | `number` | `0` | no | | [key\_name](#input\_key\_name) | Key pair name | `string` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | Optional CMK Key ARN to be used for Parameter Store. | `string` | `null` | no | | [lambda\_architecture](#input\_lambda\_architecture) | AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions. | `string` | `"arm64"` | no | diff --git a/modules/multi-runner/runners.tf b/modules/multi-runner/runners.tf index 8a78fd06b0..fb342364cd 100644 --- a/modules/multi-runner/runners.tf +++ b/modules/multi-runner/runners.tf @@ -104,5 +104,4 @@ module "runners" { pool_runner_owner = each.value.runner_config.pool_runner_owner pool_lambda_reserved_concurrent_executions = var.pool_lambda_reserved_concurrent_executions associate_public_ip_address = var.associate_public_ip_address - ipv6_address_count = var.ipv6_address_count } diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf index 66f988f55c..fbc2d9d4ff 100644 --- a/modules/multi-runner/variables.tf +++ b/modules/multi-runner/variables.tf @@ -562,9 +562,3 @@ variable "associate_public_ip_address" { type = bool default = false } - -variable "ipv6_address_count" { - description = "The number of IPv6 addresses to assign to a network interface" - type = number - default = 0 -} diff --git a/modules/runners/README.md b/modules/runners/README.md index a0ba7e3a4d..6f1dcc562a 100644 --- a/modules/runners/README.md +++ b/modules/runners/README.md @@ -158,7 +158,6 @@ yarn run dist | [instance\_target\_capacity\_type](#input\_instance\_target\_capacity\_type) | Default lifecyle used runner instances, can be either `spot` or `on-demand`. | `string` | `"spot"` | no | | [instance\_type](#input\_instance\_type) | [DEPRECATED] See instance\_types. | `string` | `"m5.large"` | no | | [instance\_types](#input\_instance\_types) | List of instance types for the action runner. Defaults are based on runner\_os (amzn2 for linux and Windows Server Core for win). | `list(string)` | `null` | no | -| [ipv6\_address\_count](#input\_ipv6\_address\_count) | The number of IPv6 addresses to assign to a network interface | `number` | `0` | no | | [key\_name](#input\_key\_name) | Key pair name | `string` | `null` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | Optional CMK Key ARN to be used for Parameter Store. | `string` | `null` | no | | [lambda\_architecture](#input\_lambda\_architecture) | AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions. | `string` | `"arm64"` | no | diff --git a/modules/runners/main.tf b/modules/runners/main.tf index cc338aaf3a..c44770473c 100644 --- a/modules/runners/main.tf +++ b/modules/runners/main.tf @@ -182,7 +182,6 @@ resource "aws_launch_template" "runner" { iterator = associate_public_ip_address content { associate_public_ip_address = associate_public_ip_address.value - ipv6_address_count = var.ipv6_address_count security_groups = compact(concat( var.enable_managed_runner_security_group ? [aws_security_group.runner_sg[0].id] : [], var.runner_additional_security_group_ids, diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index bf2d98bb90..b5b6f49eac 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -628,9 +628,3 @@ variable "associate_public_ip_address" { type = bool default = false } - -variable "ipv6_address_count" { - description = "The number of IPv6 addresses to assign to a network interface" - type = number - default = 0 -} From 2e1fe50f4eac497997765ea0f61400e8634f1d77 Mon Sep 17 00:00:00 2001 From: Igor Mishchuk Date: Fri, 20 Oct 2023 13:10:30 +0300 Subject: [PATCH 7/7] clarify that public ip is only ipv4 --- modules/multi-runner/README.md | 2 +- modules/multi-runner/runners.tf | 2 +- modules/multi-runner/variables.tf | 4 ++-- modules/runners/README.md | 2 +- modules/runners/main.tf | 8 ++++---- modules/runners/variables.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/multi-runner/README.md b/modules/multi-runner/README.md index 7e0832222f..e1aded5945 100644 --- a/modules/multi-runner/README.md +++ b/modules/multi-runner/README.md @@ -116,7 +116,7 @@ module "multi-runner" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Associate public IP with the runner | `bool` | `false` | no | +| [associate\_public\_ipv4\_address](#input\_associate\_public\_ipv4\_address) | Associate public IPv4 with the runner. Only tested with IPv4 | `bool` | `false` | no | | [aws\_partition](#input\_aws\_partition) | (optiona) partition in the arn namespace to use if not 'aws' | `string` | `"aws"` | no | | [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes | | [cloudwatch\_config](#input\_cloudwatch\_config) | (optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. | `string` | `null` | no | diff --git a/modules/multi-runner/runners.tf b/modules/multi-runner/runners.tf index fb342364cd..e2960e8536 100644 --- a/modules/multi-runner/runners.tf +++ b/modules/multi-runner/runners.tf @@ -103,5 +103,5 @@ module "runners" { pool_lambda_timeout = var.pool_lambda_timeout pool_runner_owner = each.value.runner_config.pool_runner_owner pool_lambda_reserved_concurrent_executions = var.pool_lambda_reserved_concurrent_executions - associate_public_ip_address = var.associate_public_ip_address + associate_public_ipv4_address = var.associate_public_ipv4_address } diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf index fbc2d9d4ff..638bfa9f48 100644 --- a/modules/multi-runner/variables.tf +++ b/modules/multi-runner/variables.tf @@ -557,8 +557,8 @@ variable "lambda_tracing_mode" { default = null } -variable "associate_public_ip_address" { - description = "Associate public IP with the runner" +variable "associate_public_ipv4_address" { + description = "Associate public IPv4 with the runner. Only tested with IPv4" type = bool default = false } diff --git a/modules/runners/README.md b/modules/runners/README.md index 6f1dcc562a..7c9c97180b 100644 --- a/modules/runners/README.md +++ b/modules/runners/README.md @@ -126,7 +126,7 @@ yarn run dist | [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami\_filter | `string` | `null` | no | | [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn) | Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | `string` | `null` | no | | [ami\_owners](#input\_ami\_owners) | The list of owners used to select the AMI of action runner instances. | `list(string)` | 
[
  "amazon"
]
| no | -| [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Associate public IP with the runner | `bool` | `false` | no | +| [associate\_public\_ipv4\_address](#input\_associate\_public\_ipv4\_address) | Associate public IPv4 with the runner. Only tested with IPv4 | `bool` | `false` | no | | [aws\_partition](#input\_aws\_partition) | (optional) partition for the base arn if not 'aws' | `string` | `"aws"` | no | | [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes | | [block\_device\_mappings](#input\_block\_device\_mappings) | The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`, `throughput`, `kms_key_id`, `snapshot_id`. | 
list(object({
    delete_on_termination = optional(bool, true)
    device_name           = optional(string, "/dev/xvda")
    encrypted             = optional(bool, true)
    iops                  = optional(number)
    kms_key_id            = optional(string)
    snapshot_id           = optional(string)
    throughput            = optional(number)
    volume_size           = number
    volume_type           = optional(string, "gp3")
  }))
| 
[
  {
    "volume_size": 30
  }
]
| no | diff --git a/modules/runners/main.tf b/modules/runners/main.tf index c44770473c..070511d496 100644 --- a/modules/runners/main.tf +++ b/modules/runners/main.tf @@ -119,7 +119,7 @@ resource "aws_launch_template" "runner" { key_name = var.key_name ebs_optimized = var.ebs_optimized - vpc_security_group_ids = !var.associate_public_ip_address ? compact(concat( + vpc_security_group_ids = !var.associate_public_ipv4_address ? compact(concat( var.enable_managed_runner_security_group ? [aws_security_group.runner_sg[0].id] : [], var.runner_additional_security_group_ids, )) : [] @@ -178,10 +178,10 @@ resource "aws_launch_template" "runner" { update_default_version = true dynamic "network_interfaces" { - for_each = var.associate_public_ip_address ? [var.associate_public_ip_address] : [] - iterator = associate_public_ip_address + for_each = var.associate_public_ipv4_address ? [var.associate_public_ipv4_address] : [] + iterator = associate_public_ipv4_address content { - associate_public_ip_address = associate_public_ip_address.value + associate_public_ip_address = associate_public_ipv4_address.value security_groups = compact(concat( var.enable_managed_runner_security_group ? [aws_security_group.runner_sg[0].id] : [], var.runner_additional_security_group_ids, diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index b5b6f49eac..15a94a793b 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -623,8 +623,8 @@ variable "enable_jit_config" { default = null } -variable "associate_public_ip_address" { - description = "Associate public IP with the runner" +variable "associate_public_ipv4_address" { + description = "Associate public IPv4 with the runner. Only tested with IPv4" type = bool default = false }