Action runners deployed with permissions boundary

This module shows how to create GitHub action runners with permissions boundaries and paths used in role, policies, and instance profiles.

Usages

cd setup
terraform init
terraform apply
cd ..

Now a new role and policies should be created. The output of the previous step is imported in this workspace to load the role and policy. The deployment of the runner module assumes the new role before creating all resources (https://www.terraform.io/docs/providers/aws/index.html#assume-role). Before running Terraform, ensure the GitHub app is configured.

Download the lambda releases.

cd ../lambdas-download
terraform init
terraform apply -var=module_version=<VERSION>
cd -

Now you can deploy the module.

terraform init
terraform apply

Requirements

Name	Version
terraform	>= 1.3.0
aws	~> 5.27
local	~> 2.0
random	~> 3.0

Providers

Name	Version
aws	5.31.0
random	3.6.0
terraform	n/a

Modules

Name	Source	Version
base	../base	n/a
runners	../../	n/a

Resources

Name	Type
aws_kms_alias.github	resource
aws_kms_key.github	resource
random_id.random	resource
terraform_remote_state.iam	data source

Inputs

Name	Description	Type	Default	Required
github_app	GitHub for API usages.	object({ id = string key_base64 = string })	n/a	yes

Outputs

Name	Description
runners	n/a
webhook	n/a