From b19291fa3dfcc5a7a161684f4554870d0f2f2f77 Mon Sep 17 00:00:00 2001 From: "Dylan M. Taylor" Date: Fri, 29 Sep 2023 18:49:52 -0400 Subject: [PATCH] feat: Use Instance Metadata Service Version 2 by default. --- README.md | 2 +- modules/multi-runner/variables.tf | 2 +- modules/runners/variables.tf | 2 +- variables.tf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8cb61bf508..17c6316194 100644 --- a/README.md +++ b/README.md @@ -575,7 +575,7 @@ We welcome any improvement to the standard module to make the default as secure | [runner\_group\_name](#input\_runner\_group\_name) | Name of the runner group. | `string` | `"Default"` | no | | [runner\_iam\_role\_managed\_policy\_arns](#input\_runner\_iam\_role\_managed\_policy\_arns) | Attach AWS or customer-managed IAM policies (by ARN) to the runner IAM role | `list(string)` | `[]` | no | | [runner\_log\_files](#input\_runner\_log\_files) | (optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. |
list(object({
log_group_name = string
prefix_log_group = bool
file_path = string
log_stream_name = string
}))
| `null` | no | -| [runner\_metadata\_options](#input\_runner\_metadata\_options) | Metadata options for the ec2 runner instances. By default, the module uses metadata tags for bootstrapping the runner, only disable `instance_metadata_tags` when using custom scripts for starting the runner. | `map(any)` |
{
"http_endpoint": "enabled",
"http_put_response_hop_limit": 1,
"http_tokens": "optional",
"instance_metadata_tags": "enabled"
}
| no | +| [runner\_metadata\_options](#input\_runner\_metadata\_options) | Metadata options for the ec2 runner instances. By default, the module uses metadata tags for bootstrapping the runner, only disable `instance_metadata_tags` when using custom scripts for starting the runner. | `map(any)` |
{
"http_endpoint": "enabled",
"http_put_response_hop_limit": 1,
"http_tokens": "required",
"instance_metadata_tags": "enabled"
}
| no | | [runner\_name\_prefix](#input\_runner\_name\_prefix) | The prefix used for the GitHub runner name. The prefix will be used in the default start script to prefix the instance name when register the runner in GitHub. The value is availabe via an EC2 tag 'ghr:runner\_name\_prefix'. | `string` | `""` | no | | [runner\_os](#input\_runner\_os) | The EC2 Operating System type to use for action runner instances (linux,windows). | `string` | `"linux"` | no | | [runner\_run\_as](#input\_runner\_run\_as) | Run the GitHub actions agent as user. | `string` | `"ec2-user"` | no | diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf index cec945838f..dbe17d2d86 100644 --- a/modules/multi-runner/variables.tf +++ b/modules/multi-runner/variables.tf @@ -33,7 +33,7 @@ variable "multi_runner_config" { runner_metadata_options = optional(map(any), { instance_metadata_tags = "enabled" http_endpoint = "enabled" - http_tokens = "optional" + http_tokens = "required" http_put_response_hop_limit = 1 }) ami_filter = optional(map(list(string)), { state = ["available"] }) diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index ffe7288e3a..3433e8d104 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -504,7 +504,7 @@ variable "metadata_options" { default = { instance_metadata_tags = "enabled" http_endpoint = "enabled" - http_tokens = "optional" + http_tokens = "required" http_put_response_hop_limit = 1 } } diff --git a/variables.tf b/variables.tf index 4268314302..5452b1f2ea 100644 --- a/variables.tf +++ b/variables.tf @@ -572,7 +572,7 @@ variable "runner_metadata_options" { default = { instance_metadata_tags = "enabled" http_endpoint = "enabled" - http_tokens = "optional" + http_tokens = "required" http_put_response_hop_limit = 1 } }