-
Notifications
You must be signed in to change notification settings - Fork 721
Expand file tree
/
Copy pathmain.tf
More file actions
114 lines (93 loc) · 3.37 KB
/
main.tf
File metadata and controls
114 lines (93 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
locals {
environment = var.environment != null ? var.environment : "default"
aws_region = var.aws_region
}
resource "random_id" "random" {
byte_length = 20
}
data "aws_caller_identity" "current" {}
module "base" {
source = "../base"
prefix = local.environment
aws_region = local.aws_region
}
module "runners" {
source = "../../"
create_service_linked_role_spot = true
aws_region = local.aws_region
vpc_id = module.base.vpc.vpc_id
subnet_ids = module.base.vpc.private_subnets
prefix = local.environment
runner_registration_level = "repo"
github_app = {
key_base64 = var.github_app.key_base64
id = var.github_app.id
webhook_secret = random_id.random.hex
}
# link to downloaded lambda zip files.
# When not explicitly set lambda zip files are grabbed from the module requiring lambda build.
#
# webhook_lambda_zip = "../lambdas-download/webhook.zip"
# runner_binaries_syncer_lambda_zip = "../lambdas-download/runner-binaries-syncer.zip"
# runners_lambda_zip = "../lambdas-download/runners.zip"
runner_extra_labels = ["default", "example"]
runner_os = var.runner_os
# configure your pre-built AMI
enable_userdata = false
ami = {
filter = { name = [var.ami_name_filter], state = ["available"] }
owners = [data.aws_caller_identity.current.account_id]
}
# disable binary syncer since github agent is already installed in the AMI.
enable_runner_binaries_syncer = false
# enable access to the runners via SSM
enable_ssm_on_runners = true
# override delay of events in seconds
delay_webhook_event = 5
# override scaling down
scale_down_schedule_expression = "cron(* * * * ? *)"
enable_ami_housekeeper = true
ami_housekeeper_cleanup_config = {
ssmParameterNames = ["*/ami_id"]
minimumDaysOld = 1
dryRun = true
amiFilters = [
{
Name = "name"
Values = ["*al2023*"]
}
]
}
# variable "runners_ssm_housekeeper" {
# description = <<EOF
# Configuration for the SSM housekeeper lambda. This lambda deletes token / JIT config from SSM.
# `schedule_expression`: is used to configure the schedule for the lambda.
# `enabled`: enable or disable the lambda trigger via the EventBridge.
# `lambda_memory_size`: lambda memory size limit.
# `lambda_timeout`: timeout for the lambda in seconds.
# `config`: configuration for the lambda function. Token path will be read by default from the module.
# EOF
# type = object({
# schedule_expression = optional(string, "rate(1 day)")
# enabled = optional(bool, true)
# lambda_memory_size = optional(number, 512)
# lambda_timeout = optional(number, 60)
# config = object({
# tokenPath = optional(string)
# minimumDaysOld = optional(number, 1)
# dryRun = optional(bool, false)
# })
# })
# default = { config = {} }
# log_level = "debug"
}
module "webhook_github_app" {
source = "../../modules/webhook-github-app"
depends_on = [module.runners]
github_app = {
key_base64 = var.github_app.key_base64
id = var.github_app.id
webhook_secret = random_id.random.hex
}
webhook_endpoint = module.runners.webhook.endpoint
}