feat: allow use any dynamic label with prefix ghr-

edersonbrilhante · edersonbrilhante · commit c8dfc22189c9 · 2026-01-30T16:36:12.000+01:00
diff --git a/lambdas/functions/control-plane/src/scale-runners/scale-up.test.ts b/lambdas/functions/control-plane/src/scale-runners/scale-up.test.ts
@@ -402,7 +402,7 @@ describe('scaleUp with GHES', () => {
   describe('Dynamic EC2 Configuration', () => {
     beforeEach(() => {
       process.env.ENABLE_ORGANIZATION_RUNNERS = 'true';
-      process.env.ENABLE_DYNAMIC_EC2_CONFIG = 'true';
+      process.env.ENABLE_DYNAMIC_LABELS = 'true';
       process.env.ENABLE_EPHEMERAL_RUNNERS = 'true';
       process.env.ENABLE_JOB_QUEUED_CHECK = 'false';
       process.env.RUNNER_LABELS = 'base-label';
@@ -497,8 +497,8 @@ describe('scaleUp with GHES', () => {
       );
     });
 
-    it('does not process EC2 labels when ENABLE_DYNAMIC_EC2_CONFIG is disabled', async () => {
-      process.env.ENABLE_DYNAMIC_EC2_CONFIG = 'false';
+    it('does not process EC2 labels when ENABLE_DYNAMIC_LABELS is disabled', async () => {
+      process.env.ENABLE_DYNAMIC_LABELS = 'false';
 
       const testDataWithEc2Labels = [
         {
diff --git a/lambdas/functions/control-plane/src/scale-runners/scale-up.ts b/lambdas/functions/control-plane/src/scale-runners/scale-up.ts
@@ -275,7 +275,7 @@ export async function scaleUp(payloads: ActionRequestMessageSQS[]): Promise<stri
   const instanceTypes = process.env.INSTANCE_TYPES.split(',');
   const instanceTargetCapacityType = process.env.INSTANCE_TARGET_CAPACITY_TYPE;
   const ephemeralEnabled = yn(process.env.ENABLE_EPHEMERAL_RUNNERS, { default: false });
-  const dynamicEc2ConfigEnabled = yn(process.env.ENABLE_DYNAMIC_EC2_CONFIG, { default: false });
+  const dynamicLabelsEnabled = yn(process.env.ENABLE_DYNAMIC_LABELS, { default: false });
   const enableJitConfig = yn(process.env.ENABLE_JIT_CONFIG, { default: ephemeralEnabled });
   const disableAutoUpdate = yn(process.env.DISABLE_RUNNER_AUTOUPDATE, { default: false });
   const launchTemplateName = process.env.LAUNCH_TEMPLATE_NAME;
@@ -341,12 +341,12 @@ export async function scaleUp(payloads: ActionRequestMessageSQS[]): Promise<stri
       : `${payload.repositoryOwner}/${payload.repositoryName}`;
 
     let key = runnerOwner;
-    if (dynamicEc2ConfigEnabled && labels?.length) {
-      const requestedDynamicEc2Config = labels.find((l) => l.startsWith('ghr-ec2-'))?.slice('ghr-ec2-'.length);
+    if (dynamicLabelsEnabled && labels?.length) {
+      const dynamicLabels = labels.find((l) => l.startsWith('ghr-'))?.slice('ghr-'.length);
 
-      if (requestedDynamicEc2Config) {
-        const ec2Hash = ec2LabelsHash(labels);
-        key = `${key}/${ec2Hash}`;
+      if (dynamicLabels) {
+        const dynamicLabelsHash = labelsHash(labels);
+        key = `${key}/${dynamicLabelsHash}`;
       }
     }
 
@@ -390,26 +390,28 @@ export async function scaleUp(payloads: ActionRequestMessageSQS[]): Promise<stri
 
     let ec2OverrideConfig: Ec2OverrideConfig | undefined = undefined;
 
-    if (messages.length > 0 && dynamicEc2ConfigEnabled) {
+    if (messages.length > 0 && dynamicLabelsEnabled) {
       logger.debug('Dynamic EC2 config enabled, processing labels', { labels: messages[0].labels });
 
       const dynamicEC2Labels = messages[0].labels?.map((l) => l.trim()).filter((l) => l.startsWith('ghr-ec2-')) ?? [];
+      const allDynamicLabels = messages[0].labels?.map((l) => l.trim()).filter((l) => l.startsWith('ghr-')) ?? [];
 
-      if (dynamicEC2Labels.length > 0) {
-        // Append all EC2 labels to runnerLabels
-        runnerLabels = runnerLabels ? `${runnerLabels},${dynamicEC2Labels.join(',')}` : dynamicEC2Labels.join(',');
+      if (allDynamicLabels.length > 0) {
+        runnerLabels = runnerLabels ? `${runnerLabels},${allDynamicLabels.join(',')}` : allDynamicLabels.join(',');
 
         logger.debug('Updated runner labels', { runnerLabels });
 
-        // Parse EC2 override configuration from labels
-        ec2OverrideConfig = parseEc2OverrideConfig(dynamicEC2Labels);
-        if (ec2OverrideConfig) {
-          logger.debug('EC2 override config parsed from labels', {
-            ec2OverrideConfig,
-          });
+        if (dynamicEC2Labels.length > 0) {
+
+          ec2OverrideConfig = parseEc2OverrideConfig(dynamicEC2Labels);
+          if (ec2OverrideConfig) {
+            logger.debug('EC2 override config parsed from labels', {
+              ec2OverrideConfig,
+            });
+          }
         }
       } else {
-        logger.debug('No dynamic EC2 labels found on message');
+        logger.debug('No dynamic labels found on message');
       }
     }
 
@@ -960,8 +962,8 @@ export function parseEc2OverrideConfig(labels: string[]): Ec2OverrideConfig | un
   return Object.keys(config).length > 0 ? config : undefined;
 }
 
-function ec2LabelsHash(labels: string[]): string {
-  const prefix = 'ghr-ec2-';
+function labelsHash(labels: string[]): string {
+  const prefix = 'ghr-';
 
   const input = labels
     .filter((l) => l.startsWith(prefix))
diff --git a/lambdas/functions/webhook/src/ConfigLoader.ts b/lambdas/functions/webhook/src/ConfigLoader.ts
@@ -119,9 +119,11 @@ export class ConfigWebhook extends MatcherAwareConfig {
   repositoryAllowList: string[] = [];
   webhookSecret: string = '';
   workflowJobEventSecondaryQueue: string = '';
+  enableDynamicLabels: boolean = false;
 
   async loadConfig(): Promise<void> {
     this.loadEnvVar(process.env.REPOSITORY_ALLOW_LIST, 'repositoryAllowList', []);
+    this.loadEnvVar(process.env.ENABLE_DYNAMIC_LABELS, 'enableDynamicLabels', false);
 
     await Promise.all([
       this.loadMatcherConfig(process.env.PARAMETER_RUNNER_MATCHER_CONFIG_PATH),
@@ -151,9 +153,11 @@ export class ConfigWebhookEventBridge extends BaseConfig {
 export class ConfigDispatcher extends MatcherAwareConfig {
   repositoryAllowList: string[] = [];
   workflowJobEventSecondaryQueue: string = ''; // Deprecated
+  enableDynamicLabels: boolean = false;
 
   async loadConfig(): Promise<void> {
     this.loadEnvVar(process.env.REPOSITORY_ALLOW_LIST, 'repositoryAllowList', []);
+    this.loadEnvVar(process.env.ENABLE_DYNAMIC_LABELS, 'enableDynamicLabels', false);
     await this.loadMatcherConfig(process.env.PARAMETER_RUNNER_MATCHER_CONFIG_PATH);
 
     validateRunnerMatcherConfig(this);
diff --git a/lambdas/functions/webhook/src/modules.d.ts b/lambdas/functions/webhook/src/modules.d.ts
@@ -5,6 +5,7 @@ declare namespace NodeJS {
     PARAMETER_GITHUB_APP_WEBHOOK_SECRET: string;
     PARAMETER_RUNNER_MATCHER_CONFIG_PATH: string;
     REPOSITORY_ALLOW_LIST: string;
+    ENABLE_DYNAMIC_LABELS: string
     RUNNER_LABELS: string;
     ACCEPT_EVENTS: string;
   }
diff --git a/lambdas/functions/webhook/src/runners/dispatch.test.ts b/lambdas/functions/webhook/src/runners/dispatch.test.ts
@@ -183,49 +183,61 @@ describe('Dispatcher', () => {
     it('should accept job with an exact match and identical labels.', () => {
       const workflowLabels = ['self-hosted', 'linux', 'x64', 'ubuntu-latest'];
       const runnerLabels = [['self-hosted', 'linux', 'x64', 'ubuntu-latest']];
-      expect(canRunJob(workflowLabels, runnerLabels, true)).toBe(true);
+      expect(canRunJob(workflowLabels, runnerLabels, true, false)).toBe(true);
     });
 
     it('should accept job with an exact match and identical labels, ignoring cases.', () => {
       const workflowLabels = ['self-Hosted', 'Linux', 'X64', 'ubuntu-Latest'];
       const runnerLabels = [['self-hosted', 'linux', 'x64', 'ubuntu-latest']];
-      expect(canRunJob(workflowLabels, runnerLabels, true)).toBe(true);
+      expect(canRunJob(workflowLabels, runnerLabels, true, false)).toBe(true);
     });
 
     it('should accept job with an exact match and runner supports requested capabilities.', () => {
       const workflowLabels = ['self-hosted', 'linux', 'x64'];
       const runnerLabels = [['self-hosted', 'linux', 'x64', 'ubuntu-latest']];
-      expect(canRunJob(workflowLabels, runnerLabels, true)).toBe(true);
+      expect(canRunJob(workflowLabels, runnerLabels, true, false)).toBe(true);
     });
 
     it('should NOT accept job with an exact match and runner not matching requested capabilities.', () => {
       const workflowLabels = ['self-hosted', 'linux', 'x64', 'ubuntu-latest'];
       const runnerLabels = [['self-hosted', 'linux', 'x64']];
-      expect(canRunJob(workflowLabels, runnerLabels, true)).toBe(false);
+      expect(canRunJob(workflowLabels, runnerLabels, true, false)).toBe(false);
     });
 
     it('should accept job with for a non exact match. Any label that matches will accept the job.', () => {
       const workflowLabels = ['self-hosted', 'linux', 'x64', 'ubuntu-latest', 'gpu'];
       const runnerLabels = [['gpu']];
-      expect(canRunJob(workflowLabels, runnerLabels, false)).toBe(true);
+      expect(canRunJob(workflowLabels, runnerLabels, false, false)).toBe(true);
     });
 
     it('should NOT accept job with for an exact match. Not all requested capabilities are supported.', () => {
       const workflowLabels = ['self-hosted', 'linux', 'x64', 'ubuntu-latest', 'gpu'];
       const runnerLabels = [['gpu']];
-      expect(canRunJob(workflowLabels, runnerLabels, true)).toBe(false);
+      expect(canRunJob(workflowLabels, runnerLabels, true, false)).toBe(false);
     });
 
     it('should not accept jobs not providing labels if exact match is.', () => {
       const workflowLabels: string[] = [];
       const runnerLabels = [['self-hosted', 'linux', 'x64']];
-      expect(canRunJob(workflowLabels, runnerLabels, true)).toBe(false);
+      expect(canRunJob(workflowLabels, runnerLabels, true, false)).toBe(false);
     });
 
     it('should accept jobs not providing labels and exact match is set to false.', () => {
       const workflowLabels: string[] = [];
       const runnerLabels = [['self-hosted', 'linux', 'x64']];
-      expect(canRunJob(workflowLabels, runnerLabels, false)).toBe(true);
+      expect(canRunJob(workflowLabels, runnerLabels, false, false)).toBe(true);
+    });
+
+    it('should filter out ghr- and ghr-run- labels when enableDynamicLabels is true.', () => {
+      const workflowLabels = ['self-hosted', 'linux', 'x64', 'ghr-ec2-instance-type:t3.large', 'ghr-run-id:12345'];
+      const runnerLabels = [['self-hosted', 'linux', 'x64']];
+      expect(canRunJob(workflowLabels, runnerLabels, true, true)).toBe(true);
+    });
+
+    it('should NOT filter out ghr- and ghr-run- labels when enableDynamicLabels is false.', () => {
+      const workflowLabels = ['self-hosted', 'linux', 'x64', 'ghr-ec2-instance-type:t3.large'];
+      const runnerLabels = [['self-hosted', 'linux', 'x64']];
+      expect(canRunJob(workflowLabels, runnerLabels, true, false)).toBe(false);
     });
   });
 });
diff --git a/lambdas/functions/webhook/src/runners/dispatch.ts b/lambdas/functions/webhook/src/runners/dispatch.ts
@@ -15,7 +15,7 @@ export async function dispatch(
 ): Promise<Response> {
   validateRepoInAllowList(event, config);
 
-  return await handleWorkflowJob(event, eventType, config.matcherConfig!);
+  return await handleWorkflowJob(event, eventType, config.matcherConfig!, config.enableDynamicLabels);
 }
 
 function validateRepoInAllowList(event: WorkflowJobEvent, config: ConfigDispatcher) {
@@ -29,6 +29,7 @@ async function handleWorkflowJob(
   body: WorkflowJobEvent,
   githubEvent: string,
   matcherConfig: Array<RunnerMatcherConfig>,
+  enableDynamicLabels: boolean,
 ): Promise<Response> {
   if (body.action !== 'queued') {
     return {
@@ -47,7 +48,7 @@ async function handleWorkflowJob(
     return a.matcherConfig.exactMatch === b.matcherConfig.exactMatch ? 0 : a.matcherConfig.exactMatch ? -1 : 1;
   });
   for (const queue of matcherConfig) {
-    if (canRunJob(body.workflow_job.labels, queue.matcherConfig.labelMatchers, queue.matcherConfig.exactMatch)) {
+    if (canRunJob(body.workflow_job.labels, queue.matcherConfig.labelMatchers, queue.matcherConfig.exactMatch, enableDynamicLabels)) {
       await sendActionRequest({
         id: body.workflow_job.id,
         repositoryName: body.repository.name,
@@ -81,9 +82,12 @@ export function canRunJob(
   workflowJobLabels: string[],
   runnerLabelsMatchers: string[][],
   workflowLabelCheckAll: boolean,
+  enableDynamicLabels: boolean,
 ): boolean {
-  // Filter out ghr-ec2- labels as they are handled by the dynamic EC2 instance type feature
-  const filteredLabels = workflowJobLabels.filter((label) => !label.startsWith('ghr-ec2-'));
+  // Filter out ghr- and ghr-run- labels only if dynamic labels config is enabled
+  const filteredLabels = enableDynamicLabels 
+    ? workflowJobLabels.filter((label) => !label.startsWith('ghr-'))
+    : workflowJobLabels;
 
   runnerLabelsMatchers = runnerLabelsMatchers.map((runnerLabel) => {
     return runnerLabel.map((label) => label.toLowerCase());
diff --git a/main.tf b/main.tf
@@ -136,6 +136,7 @@ module "webhook" {
   tracing_config                                = var.tracing_config
   logging_retention_in_days                     = var.logging_retention_in_days
   logging_kms_key_id                            = var.logging_kms_key_id
+  enable_dynamic_labels                         = var.enable_dynamic_labels
 
   role_path                 = var.role_path
   role_permissions_boundary = var.role_permissions_boundary
@@ -184,7 +185,7 @@ module "runners" {
   github_app_parameters                = local.github_app_parameters
   enable_organization_runners          = var.enable_organization_runners
   enable_ephemeral_runners             = var.enable_ephemeral_runners
-  enable_dynamic_ec2_config            = var.enable_dynamic_ec2_config
+  enable_dynamic_labels                = var.enable_dynamic_labels
   enable_job_queued_check              = var.enable_job_queued_check
   enable_jit_config                    = var.enable_jit_config
   enable_on_demand_failover_for_errors = var.enable_runner_on_demand_failover_for_errors
diff --git a/modules/multi-runner/runners.tf b/modules/multi-runner/runners.tf
@@ -35,7 +35,7 @@ module "runners" {
   scale_errors                         = each.value.runner_config.scale_errors
   enable_organization_runners          = each.value.runner_config.enable_organization_runners
   enable_ephemeral_runners             = each.value.runner_config.enable_ephemeral_runners
-  enable_dynamic_ec2_config            = each.value.runner_config.enable_dynamic_ec2_config
+  enable_dynamic_labels                = each.value.runner_config.enable_dynamic_labels
   enable_jit_config                    = each.value.runner_config.enable_jit_config
   enable_job_queued_check              = each.value.runner_config.enable_job_queued_check
   disable_runner_autoupdate            = each.value.runner_config.disable_runner_autoupdate
diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf
@@ -77,7 +77,6 @@ variable "multi_runner_config" {
       disable_runner_autoupdate            = optional(bool, false)
       ebs_optimized                        = optional(bool, false)
       enable_ephemeral_runners             = optional(bool, false)
-      enable_dynamic_ec2_config            = optional(bool, false)
       enable_job_queued_check              = optional(bool, null)
       enable_on_demand_failover_for_errors = optional(list(string), [])
       scale_errors = optional(list(string), [
@@ -207,7 +206,7 @@ variable "multi_runner_config" {
         disable_runner_autoupdate: "Disable the auto update of the github runner agent. Be aware there is a grace period of 30 days, see also the [GitHub article](https://github.blog/changelog/2022-02-01-github-actions-self-hosted-runners-can-now-disable-automatic-updates/)"
         ebs_optimized: "The EC2 EBS optimized configuration."
         enable_ephemeral_runners: "Enable ephemeral runners, runners will only be used once."
-        enable_dynamic_ec2_config: "Enable dynamic EC2 configs based on workflow job labels. When enabled, jobs can request specific configs via the 'gh-ec2-<config type key>:<config type value>' label (e.g., 'gh-ec2-instance-type:t3.large')."
+        enable_dynamic_labels: "Enable dynamic labels with 'ghr-' prefix. When enabled, jobs can use 'ghr-ec2-<config>:<value>' labels to dynamically configure EC2 instances (e.g., 'ghr-ec2-instance-type:t3.large') and 'ghr-run-<label>' to add unique labels dynamically to runners."
         enable_job_queued_check: "(Optional) Only scale if the job event received by the scale up lambda is is in the state queued. By default enabled for non ephemeral runners and disabled for ephemeral. Set this variable to overwrite the default behavior."
         enable_on_demand_failover_for_errors: "Enable on-demand failover. For example to fall back to on demand when no spot capacity is available the variable can be set to `InsufficientInstanceCapacity`. When not defined the default behavior is to retry later."
         scale_errors: "List of aws error codes that should trigger retry during scale up. This list will replace the default errors defined in the variable `defaultScaleErrors` in https://github.com/github-aws-runners/terraform-aws-github-runner/blob/main/lambdas/functions/control-plane/src/aws/runners.ts"
@@ -754,3 +753,9 @@ variable "lambda_event_source_mapping_maximum_batching_window_in_seconds" {
   type        = number
   default     = 0
 }
+
+variable "enable_dynamic_labels" {
+  description = "Enable dynamic labels with 'ghr-' prefix. When enabled, jobs can use 'ghr-ec2-<config>:<value>' labels to dynamically configure EC2 instances (e.g., 'ghr-ec2-instance-type:t3.large') and 'ghr-run-<label>' to add unique labels dynamically to runners."
+  type        = bool
+  default     = false
+}
diff --git a/modules/multi-runner/webhook.tf b/modules/multi-runner/webhook.tf
@@ -38,5 +38,7 @@ module "webhook" {
   lambda_security_group_ids = var.lambda_security_group_ids
   aws_partition             = var.aws_partition
 
+  enable_dynamic_labels = var.enable_dynamic_labels
+
   log_level = var.log_level
 }
diff --git a/modules/runners/scale-up.tf b/modules/runners/scale-up.tf
@@ -28,7 +28,7 @@ resource "aws_lambda_function" "scale_up" {
       AMI_ID_SSM_PARAMETER_NAME                = local.ami_id_ssm_parameter_name
       DISABLE_RUNNER_AUTOUPDATE                = var.disable_runner_autoupdate
       ENABLE_EPHEMERAL_RUNNERS                 = var.enable_ephemeral_runners
-      ENABLE_DYNAMIC_EC2_CONFIG                = var.enable_dynamic_ec2_config
+      ENABLE_DYNAMIC_EC2_CONFIG                = var.enable_dynamic_labels
       ENABLE_JIT_CONFIG                        = var.enable_jit_config
       ENABLE_JOB_QUEUED_CHECK                  = local.enable_job_queued_check
       ENABLE_METRIC_GITHUB_APP_RATE_LIMIT      = var.metrics.enable && var.metrics.metric.enable_github_app_rate_limit
diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf
@@ -520,8 +520,8 @@ variable "enable_ephemeral_runners" {
   default     = false
 }
 
-variable "enable_dynamic_ec2_config" {
-  description = "Enable dynamic EC2 instance types based on workflow job labels. When enabled, jobs can request specific instance types via the 'gh:ec2:instance-type' label."
+variable "enable_dynamic_labels" {
+  description = "Enable dynamic labels with 'ghr-' prefix. When enabled, jobs can use 'ghr-ec2-<config>:<value>' labels to dynamically configure EC2 instances (e.g., 'ghr-ec2-instance-type:t3.large') and 'ghr-run-<label>' to add unique labels dynamically to runners."
   type        = bool
   default     = false
 }
diff --git a/modules/webhook/direct/variables.tf b/modules/webhook/direct/variables.tf
@@ -46,5 +46,6 @@ variable "config" {
       arn     = string
       version = string
     }))
+    enable_dynamic_labels = optional(bool, false)
   })
 }
diff --git a/modules/webhook/direct/webhook.tf b/modules/webhook/direct/webhook.tf
@@ -20,6 +20,7 @@ resource "aws_lambda_function" "webhook" {
     variables = {
       for k, v in {
         LOG_LEVEL                                = var.config.log_level
+        ENABLE_DYNAMIC_EC2_CONFIG                = var.config.enable_dynamic_labels
         POWERTOOLS_LOGGER_LOG_EVENT              = var.config.log_level == "debug" ? "true" : "false"
         POWERTOOLS_TRACE_ENABLED                 = var.config.tracing_config.mode != null ? true : false
         POWERTOOLS_TRACER_CAPTURE_HTTPS_REQUESTS = var.config.tracing_config.capture_http_requests
diff --git a/modules/webhook/eventbridge/variables.tf b/modules/webhook/eventbridge/variables.tf
@@ -46,6 +46,7 @@ variable "config" {
       arn     = string
       version = string
     }))
-    accept_events = optional(list(string), null)
+    accept_events         = optional(list(string), null)
+    enable_dynamic_labels = optional(bool, false)
   })
 }
diff --git a/modules/webhook/eventbridge/webhook.tf b/modules/webhook/eventbridge/webhook.tf
@@ -22,6 +22,7 @@ resource "aws_lambda_function" "webhook" {
     variables = {
       for k, v in {
         LOG_LEVEL                                = var.config.log_level
+        ENABLE_DYNAMIC_EC2_CONFIG                = var.config.enable_dynamic_labels
         POWERTOOLS_LOGGER_LOG_EVENT              = var.config.log_level == "debug" ? "true" : "false"
         POWERTOOLS_SERVICE_NAME                  = "webhook"
         POWERTOOLS_TRACE_ENABLED                 = var.config.tracing_config.mode != null ? true : false
diff --git a/modules/webhook/variables.tf b/modules/webhook/variables.tf
@@ -214,3 +214,9 @@ EOF
     accept_events = optional(list(string), null)
   })
 }
+
+variable "enable_dynamic_labels" {
+  description = "Enable dynamic EC2 configs based on workflow job labels. When enabled, jobs can request specific configs via the 'gh-ec2-<config type key>:<config type value>' label (e.g., 'gh-ec2-instance-type:t3.large')."
+  type        = bool
+  default     = false
+}
diff --git a/modules/webhook/webhook.tf b/modules/webhook/webhook.tf
diff --git a/variables.tf b/variables.tf

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ declare namespace NodeJS {`
`5`	`5`	`PARAMETER_GITHUB_APP_WEBHOOK_SECRET: string;`
`6`	`6`	`PARAMETER_RUNNER_MATCHER_CONFIG_PATH: string;`
`7`	`7`	`REPOSITORY_ALLOW_LIST: string;`
	`8`	`+ ENABLE_DYNAMIC_LABELS: string`
`8`	`9`	`RUNNER_LABELS: string;`
`9`	`10`	`ACCEPT_EVENTS: string;`
`10`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,5 +38,7 @@ module "webhook" {`
`38`	`38`	`lambda_security_group_ids = var.lambda_security_group_ids`
`39`	`39`	`aws_partition = var.aws_partition`
`40`	`40`
	`41`	`+ enable_dynamic_labels = var.enable_dynamic_labels`
	`42`	`+`
`41`	`43`	`log_level = var.log_level`
`42`	`44`	`}`