Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default to not attching AmazonSSMManagedInstanceCore to instances #143

Merged
merged 2 commits into from
Aug 25, 2020
Merged

Default to not attching AmazonSSMManagedInstanceCore to instances #143

merged 2 commits into from
Aug 25, 2020

Conversation

HenryNguyen5
Copy link
Contributor

@HenryNguyen5 HenryNguyen5 commented Aug 17, 2020
edited

Disables AmazonSSMManagedInstanceCore policy attachment to runner instances unless the
debug_instances variable is set.

Related issue:
#114

npalm
npalm requested changes Aug 18, 2020
View reviewed changes
README.md Outdated Show resolved Hide resolved
npalm
npalm requested changes Aug 19, 2020
View reviewed changes
Copy link
Member

@npalm npalm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@HenryNguyen5 please check the build, terraform format is failing. The repo has configured https://pre-commit.com/ run terraform format on commint and update the variables in the readme.

@HenryNguyen5
Copy link
Contributor Author

@npalm should be good now!

@HenryNguyen5
Copy link
Contributor Author

Rebased

@npalm
Copy link
Member

npalm commented Aug 21, 2020

@HenryNguyen5 thanks for updating, just checked the PR. Seems the permissions are set twice in the runner module. To disable the SSM we need to remove a bit more. Please can you remove resource "aws_iam_role_policy" "runner_session_manager_policy"

terraform-aws-github-runner/modules/runners/policies-runner.tf

Line 17 in 39a4b87

resource "aws_iam_role_policy" "runner_session_manager_policy" {
and policy file olicies/instance-session-manager-policy.json Permissions set in this file are also set via AmazonSSMManagedInstanceCore

@HenryNguyen5
Copy link
Contributor Author

@npalm removed!

@HenryNguyen5
Copy link
Contributor Author

@npalm anything I should do to push this along?

@npalm
Copy link
Member

npalm commented Aug 25, 2020

@npalm anything I should do to push this along?

Thank, looks all good. We will merge asap

@npalm npalm merged commit 214f0c7 into philips-labs:develop Aug 25, 2020
npalm pushed a commit that referenced this pull request Aug 25, 2020
@HenryNguyen5 @npalm
feat: Default to not attching AmazonSSMManagedInstanceCore to instanc…
f7792d1 
…es (#143)

* Default to not attching AmazonSSMManagedInstanceCore to instances

* Remove instance_runner_session_manager_policy
@gertjanmaas gertjanmaas mentioned this pull request Aug 26, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@npalm npalm npalm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@HenryNguyen5 @npalm