diff --git a/README.md b/README.md
index f309425483..30640b14ad 100644
--- a/README.md
+++ b/README.md
@@ -428,7 +428,7 @@ In case the setup does not work as intended follow the trace of events:
| [kms\_key\_arn](#input\_kms\_key\_arn) | Optional CMK Key ARN to be used for Parameter Store. This key must be in the current account. | `string` | `null` | no |
| [lambda\_architecture](#input\_lambda\_architecture) | AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions. | `string` | `"x86_64"` | no |
| [lambda\_principals](#input\_lambda\_principals) | (Optional) add extra principals to the role created for execution of the lambda, e.g. for local testing. | list(object({
type = string
identifiers = list(string)
})) | `[]` | no |
-| [lambda\_runtime](#input\_lambda\_runtime) | AWS Lambda runtime. | `string` | `"nodejs14.x"` | no |
+| [lambda\_runtime](#input\_lambda\_runtime) | AWS Lambda runtime. | `string` | `"nodejs20.x"` | no |
| [lambda\_s3\_bucket](#input\_lambda\_s3\_bucket) | S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. | `any` | `null` | no |
| [lambda\_security\_group\_ids](#input\_lambda\_security\_group\_ids) | List of security group IDs associated with the Lambda function. | `list(string)` | `[]` | no |
| [lambda\_subnet\_ids](#input\_lambda\_subnet\_ids) | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | `[]` | no |
diff --git a/examples/arm64/versions.tf b/examples/arm64/versions.tf
index 750fd6c978..7f29b6e08c 100644
--- a/examples/arm64/versions.tf
+++ b/examples/arm64/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
local = {
source = "hashicorp/local"
diff --git a/examples/default/versions.tf b/examples/default/versions.tf
index 376c182312..ad7ae2a9ed 100644
--- a/examples/default/versions.tf
+++ b/examples/default/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
local = {
source = "hashicorp/local"
diff --git a/examples/ephemeral/versions.tf b/examples/ephemeral/versions.tf
index 376c182312..ad7ae2a9ed 100644
--- a/examples/ephemeral/versions.tf
+++ b/examples/ephemeral/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
local = {
source = "hashicorp/local"
diff --git a/examples/permissions-boundary/setup/versions.tf b/examples/permissions-boundary/setup/versions.tf
index ab771c896a..e5046aa5d1 100644
--- a/examples/permissions-boundary/setup/versions.tf
+++ b/examples/permissions-boundary/setup/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
}
required_version = ">= 1"
diff --git a/examples/permissions-boundary/versions.tf b/examples/permissions-boundary/versions.tf
index 376c182312..ad7ae2a9ed 100644
--- a/examples/permissions-boundary/versions.tf
+++ b/examples/permissions-boundary/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
local = {
source = "hashicorp/local"
diff --git a/examples/prebuilt/versions.tf b/examples/prebuilt/versions.tf
index 376c182312..ad7ae2a9ed 100644
--- a/examples/prebuilt/versions.tf
+++ b/examples/prebuilt/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
local = {
source = "hashicorp/local"
diff --git a/examples/ubuntu/versions.tf b/examples/ubuntu/versions.tf
index 376c182312..ad7ae2a9ed 100644
--- a/examples/ubuntu/versions.tf
+++ b/examples/ubuntu/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
local = {
source = "hashicorp/local"
diff --git a/examples/windows/versions.tf b/examples/windows/versions.tf
index 376c182312..ad7ae2a9ed 100644
--- a/examples/windows/versions.tf
+++ b/examples/windows/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
local = {
source = "hashicorp/local"
diff --git a/modules/download-lambda/versions.tf b/modules/download-lambda/versions.tf
index ac1bb9a5d5..5c929132c9 100644
--- a/modules/download-lambda/versions.tf
+++ b/modules/download-lambda/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
}
}
diff --git a/modules/runner-binaries-syncer/README.md b/modules/runner-binaries-syncer/README.md
index 056ca5e2ee..cbfa537510 100644
--- a/modules/runner-binaries-syncer/README.md
+++ b/modules/runner-binaries-syncer/README.md
@@ -86,7 +86,7 @@ No modules.
| [environment](#input\_environment) | A name that identifies the environment, used as prefix and for tagging. | `string` | `null` | no |
| [lambda\_architecture](#input\_lambda\_architecture) | AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions. | `string` | `"x86_64"` | no |
| [lambda\_principals](#input\_lambda\_principals) | (Optional) add extra principals to the role created for execution of the lambda, e.g. for local testing. | list(object({
type = string
identifiers = list(string)
})) | `[]` | no |
-| [lambda\_runtime](#input\_lambda\_runtime) | AWS Lambda runtime. | `string` | `"nodejs14.x"` | no |
+| [lambda\_runtime](#input\_lambda\_runtime) | AWS Lambda runtime. | `string` | `"nodejs20.x"` | no |
| [lambda\_s3\_bucket](#input\_lambda\_s3\_bucket) | S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. | `any` | `null` | no |
| [lambda\_schedule\_expression](#input\_lambda\_schedule\_expression) | Scheduler expression for action runner binary syncer. | `string` | `"cron(27 * * * ? *)"` | no |
| [lambda\_security\_group\_ids](#input\_lambda\_security\_group\_ids) | List of security group IDs associated with the Lambda function. | `list(string)` | `[]` | no |
diff --git a/modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/template.yaml b/modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/template.yaml
index ab0a4b6133..dbf0dc946a 100755
--- a/modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/template.yaml
+++ b/modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/template.yaml
@@ -3,7 +3,7 @@ Resources:
Syncer:
Type: AWS::Serverless::Function
Properties:
- Runtime: nodejs14.x
+ Runtime: nodejs20.x
Handler: dist/index.handler
MemorySize: 256
Timeout: 300
diff --git a/modules/runner-binaries-syncer/variables.tf b/modules/runner-binaries-syncer/variables.tf
index 05841a43bf..6d6ac3d431 100644
--- a/modules/runner-binaries-syncer/variables.tf
+++ b/modules/runner-binaries-syncer/variables.tf
@@ -185,7 +185,7 @@ variable "lambda_principals" {
variable "lambda_runtime" {
description = "AWS Lambda runtime."
type = string
- default = "nodejs14.x"
+ default = "nodejs20.x"
}
variable "lambda_architecture" {
diff --git a/modules/runner-binaries-syncer/versions.tf b/modules/runner-binaries-syncer/versions.tf
index ac1bb9a5d5..5c929132c9 100644
--- a/modules/runner-binaries-syncer/versions.tf
+++ b/modules/runner-binaries-syncer/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
}
}
diff --git a/modules/runners/README.md b/modules/runners/README.md
index 6120117de0..99b9d0a39e 100644
--- a/modules/runners/README.md
+++ b/modules/runners/README.md
@@ -144,7 +144,7 @@ yarn run dist
| [key\_name](#input\_key\_name) | Key pair name | `string` | `null` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | Optional CMK Key ARN to be used for Parameter Store. | `string` | `null` | no |
| [lambda\_architecture](#input\_lambda\_architecture) | AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions. | `string` | `"x86_64"` | no |
-| [lambda\_runtime](#input\_lambda\_runtime) | AWS Lambda runtime. | `string` | `"nodejs14.x"` | no |
+| [lambda\_runtime](#input\_lambda\_runtime) | AWS Lambda runtime. | `string` | `"nodejs20.x"` | no |
| [lambda\_s3\_bucket](#input\_lambda\_s3\_bucket) | S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. | `any` | `null` | no |
| [lambda\_security\_group\_ids](#input\_lambda\_security\_group\_ids) | List of security group IDs associated with the Lambda function. | `list(string)` | `[]` | no |
| [lambda\_subnet\_ids](#input\_lambda\_subnet\_ids) | List of subnets in which the lambda will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | `[]` | no |
diff --git a/modules/runners/policies-runner.tf b/modules/runners/policies-runner.tf
index 5ba9004b14..ef2c4a3c86 100644
--- a/modules/runners/policies-runner.tf
+++ b/modules/runners/policies-runner.tf
@@ -61,4 +61,10 @@ resource "aws_iam_role_policy" "ec2" {
policy = templatefile("${path.module}/policies/instance-ec2.json", {})
}
+resource "aws_iam_role_policy" "ec2_image_builder" {
+ name = "ec2-image-builder"
+ role = aws_iam_role.runner.name
+ policy = templatefile("${path.module}/policies/instance-ec2-image-builder.json", {})
+}
+
// see also logging.tf for logging and metrics policies
diff --git a/modules/runners/policies/instance-ec2-image-builder.json b/modules/runners/policies/instance-ec2-image-builder.json
new file mode 100644
index 0000000000..2f298c15aa
--- /dev/null
+++ b/modules/runners/policies/instance-ec2-image-builder.json
@@ -0,0 +1,10 @@
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": "imagebuilder:StartImagePipelineExecution",
+ "Resource": "*"
+ }
+ ]
+}
diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf
index 1b7d264610..1d0fc0223f 100644
--- a/modules/runners/variables.tf
+++ b/modules/runners/variables.tf
@@ -549,7 +549,7 @@ variable "disable_runner_autoupdate" {
variable "lambda_runtime" {
description = "AWS Lambda runtime."
type = string
- default = "nodejs14.x"
+ default = "nodejs20.x"
}
variable "lambda_architecture" {
diff --git a/modules/runners/versions.tf b/modules/runners/versions.tf
index ac1bb9a5d5..5c929132c9 100644
--- a/modules/runners/versions.tf
+++ b/modules/runners/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
}
}
diff --git a/modules/setup-iam-permissions/versions.tf b/modules/setup-iam-permissions/versions.tf
index ac1bb9a5d5..5c929132c9 100644
--- a/modules/setup-iam-permissions/versions.tf
+++ b/modules/setup-iam-permissions/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
}
}
diff --git a/modules/ssm/versions.tf b/modules/ssm/versions.tf
index ac1bb9a5d5..5c929132c9 100644
--- a/modules/ssm/versions.tf
+++ b/modules/ssm/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
}
}
diff --git a/modules/webhook/README.md b/modules/webhook/README.md
index 8c15816f26..38f4a747e6 100644
--- a/modules/webhook/README.md
+++ b/modules/webhook/README.md
@@ -79,7 +79,7 @@ No modules.
| [github\_app\_webhook\_secret\_arn](#input\_github\_app\_webhook\_secret\_arn) | n/a | `string` | n/a | yes |
| [kms\_key\_arn](#input\_kms\_key\_arn) | Optional CMK Key ARN to be used for Parameter Store. | `string` | `null` | no |
| [lambda\_architecture](#input\_lambda\_architecture) | AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions. | `string` | `"x86_64"` | no |
-| [lambda\_runtime](#input\_lambda\_runtime) | AWS Lambda runtime. | `string` | `"nodejs14.x"` | no |
+| [lambda\_runtime](#input\_lambda\_runtime) | AWS Lambda runtime. | `string` | `"nodejs20.x"` | no |
| [lambda\_s3\_bucket](#input\_lambda\_s3\_bucket) | S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. | `any` | `null` | no |
| [lambda\_timeout](#input\_lambda\_timeout) | Time out of the lambda in seconds. | `number` | `10` | no |
| [lambda\_zip](#input\_lambda\_zip) | File location of the lambda zip file. | `string` | `null` | no |
diff --git a/modules/webhook/variables.tf b/modules/webhook/variables.tf
index bf7dcef868..8d1e09699a 100644
--- a/modules/webhook/variables.tf
+++ b/modules/webhook/variables.tf
@@ -166,7 +166,7 @@ variable "sqs_build_queue_fifo" {
variable "lambda_runtime" {
description = "AWS Lambda runtime."
type = string
- default = "nodejs14.x"
+ default = "nodejs20.x"
}
variable "lambda_architecture" {
diff --git a/modules/webhook/versions.tf b/modules/webhook/versions.tf
index ac1bb9a5d5..5c929132c9 100644
--- a/modules/webhook/versions.tf
+++ b/modules/webhook/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
}
}
diff --git a/variables.tf b/variables.tf
index e3fdc04599..916a031b09 100644
--- a/variables.tf
+++ b/variables.tf
@@ -645,7 +645,7 @@ variable "disable_runner_autoupdate" {
variable "lambda_runtime" {
description = "AWS Lambda runtime."
type = string
- default = "nodejs14.x"
+ default = "nodejs20.x"
}
variable "lambda_architecture" {
diff --git a/versions.tf b/versions.tf
index ac1bb9a5d5..bdb1387667 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.14.1"
+ required_version = ">= 1.5"
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 4.0"
+ version = "~> 5"
}
}
}