Skip to content

Commit 9a3ec9b

Browse files
committed
grant permision to pool lambda for fetching ami paramater
1 parent e1db2c5 commit 9a3ec9b

File tree

5 files changed

+21
-0
lines changed

5 files changed

+21
-0
lines changed

examples/default/main.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,15 @@ module "runners" {
141141

142142
# enable CMK instead of aws managed key for encryptions
143143
# kms_key_arn = aws_kms_key.github.arn
144+
145+
# pool_runner_owner = "philips-test-runners"
146+
# pool_config = [{
147+
# size = 1
148+
# schedule_expression = "cron(0/3 14 * * ? *)" # every 3 minutes between 14:00 and 15:00
149+
# schedule_expression_timezone = "Europe/Amsterdam"
150+
151+
# }]
152+
144153
}
145154

146155
module "webhook_github_app" {

modules/runners/pool.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ module "pool" {
1717
instance_types = var.instance_types
1818
kms_key_arn = local.kms_key_arn
1919
ami_kms_key_arn = local.ami_kms_key_arn
20+
ami_id_ssm_parameter_arn = local.ami_id_ssm_module_managed ? aws_ssm_parameter.runner_ami_id[0].arn : var.ami_id_ssm_parameter_arn
2021
lambda = {
2122
log_level = var.log_level
2223
logging_retention_in_days = var.logging_retention_in_days

modules/runners/pool/main.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@ resource "aws_iam_role_policy" "pool" {
9191
github_app_key_base64_arn = var.config.github_app_parameters.key_base64.arn
9292
kms_key_arn = var.config.kms_key_arn
9393
ami_kms_key_arn = var.config.ami_kms_key_arn
94+
ssm_ami_id_parameter_arn = var.config.ami_id_ssm_parameter_arn
9495
})
9596
}
9697

modules/runners/pool/policies/lambda-pool.json

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,15 @@
3939
"${arn_ssm_parameters_path_config}/*"
4040
]
4141
},
42+
{
43+
"Effect": "Allow",
44+
"Action": [
45+
"ssm:GetParameters"
46+
],
47+
"Resource": [
48+
"${ssm_ami_id_parameter_arn}"
49+
]
50+
},
4251
{
4352
"Effect": "Allow",
4453
"Action": [

modules/runners/pool/variables.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ variable "config" {
5757
role_permissions_boundary = string
5858
kms_key_arn = string
5959
ami_kms_key_arn = string
60+
ami_id_ssm_parameter_arn = string
6061
role_path = string
6162
ssm_token_path = string
6263
ssm_config_path = string

0 commit comments

Comments
 (0)