refactor(ami-updater): standardize module structure and zip file handling

dgokcin · dgokcin · commit 1fa930c07162 · 2025-03-20T20:35:32.000+03:00
- update zip file location in package.json to match other modules
- add ami-updater module configuration in root main.tf with consistent variable mapping
- add ami_updater_lambda variables in root variables.tf for zip, memory and timeout
- enable optional ami-updater functionality through enable_ami_updater variable
diff --git a/lambdas/functions/ami-updater/package.json b/lambdas/functions/ami-updater/package.json
@@ -11,7 +11,7 @@
         "lint": "eslint src",
         "watch": "ts-node-dev --respawn --exit-child src/local.ts",
         "build": "ncc build src/lambda.ts -o dist",
-        "dist": "yarn build && cp package.json dist/ && cd dist && zip ../dist/ami-updater.zip *",
+        "dist": "yarn build && cp package.json dist/ && cd dist && zip ../ami-updater.zip *",
         "format": "prettier --write \"**/*.ts\"",
         "format-check": "prettier --check \"**/*.ts\"",
         "all": "yarn build && yarn format && yarn lint && yarn test"
diff --git a/main.tf b/main.tf
@@ -353,6 +353,53 @@ module "ami_housekeeper" {
   lambda_schedule_expression = var.ami_housekeeper_lambda_schedule_expression
 }
 
+module "ami_updater" {
+  count  = var.enable_ami_updater ? 1 : 0
+  source = "./modules/ami-updater"
+
+  prefix        = var.prefix
+  tags          = local.tags
+  aws_partition = var.aws_partition
+
+  lambda_zip          = var.ami_updater_lambda_zip
+  lambda_memory_size  = var.ami_updater_lambda_memory_size
+  lambda_timeout      = var.ami_updater_lambda_timeout
+  lambda_s3_bucket    = var.lambda_s3_bucket
+  lambda_runtime      = var.lambda_runtime
+  lambda_architecture = var.lambda_architecture
+
+  lambda_subnet_ids         = var.lambda_subnet_ids
+  lambda_security_group_ids = var.lambda_security_group_ids
+  lambda_tags               = var.lambda_tags
+  tracing_config            = var.tracing_config
+
+  logging_retention_in_days = var.logging_retention_in_days
+  logging_kms_key_id        = var.logging_kms_key_id
+  log_level                 = var.log_level
+
+  role_path                 = var.role_path
+  role_permissions_boundary = var.role_permissions_boundary
+
+  ssm_parameter_name = var.ami_id_ssm_parameter_name
+
+  config = {
+    dry_run = false
+    ami_filter = {
+      owners = var.ami_owners
+      filters = [
+        {
+          name   = "state"
+          values = ["available"]
+        },
+        {
+          name   = "image-type"
+          values = ["machine"]
+        }
+      ]
+    }
+  }
+}
+
 locals {
   lambda_instance_termination_watcher = {
     prefix                    = var.prefix
diff --git a/variables.tf b/variables.tf
@@ -33,9 +33,9 @@ variable "enable_organization_runners" {
 
 variable "github_app" {
   description = <<EOF
-  GitHub app parameters, see your github app. 
+  GitHub app parameters, see your github app.
   You can optionally create the SSM parameters yourself and provide the ARN and name here, through the `*_ssm` attributes.
-  If you chose to provide the configuration values directly here, 
+  If you chose to provide the configuration values directly here,
   please ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`).
   Note: the provided SSM parameters arn and name have a precedence over the actual value (i.e `key_base64_ssm` has a precedence over `key_base64` etc).
   EOF
@@ -773,6 +773,12 @@ variable "enable_runner_binaries_syncer" {
   default     = true
 }
 
+variable "enable_ami_updater" {
+  description = "Option to enable the lambda to update the AMI, useful when using a pre-build AMI or an AMI that gets updated out of your control."
+  type        = bool
+  default     = false
+}
+
 variable "state_event_rule_binaries_syncer" {
   type        = string
   description = "Option to disable EventBridge Lambda trigger for the binary syncer, useful to stop automatic updates of binary distribution"
@@ -985,3 +991,21 @@ variable "user_agent" {
   type        = string
   default     = "github-aws-runners"
 }
+
+variable "ami_updater_lambda_zip" {
+  description = "File location of the ami-updater lambda zip file."
+  type        = string
+  default     = null
+}
+
+variable "ami_updater_lambda_memory_size" {
+  description = "Memory size limit in MB for ami-updater lambda."
+  type        = number
+  default     = 256
+}
+
+variable "ami_updater_lambda_timeout" {
+  description = "Time out for the ami-updater lambda in seconds."
+  type        = number
+  default     = 300
+}
