Jeremy Cooper [AFS MBP]
b7b5ad1706
Ignore comments for tfsec ID - aws-ec2-no-public-egress-sgr
|
3 年之前 | |
|---|---|---|
| .. | ||
| docs | 3 年之前 | |
| examples | 3 年之前 | |
| images | 3 年之前 | |
| modules | 3 年之前 | |
| policies | 3 年之前 | |
| templates | 3 年之前 | |
| CHANGELOG.md | 3 年之前 | |
| CONTRIBUTING.md | 3 年之前 | |
| LICENSE.md | 3 年之前 | |
| MAINTAINERS.md | 3 年之前 | |
| README.XDR.md | 3 年之前 | |
| README.md | 3 年之前 | |
| main.tf | 3 年之前 | |
| outputs.tf | 3 年之前 | |
| variables.tf | 3 年之前 | |
| versions.tf | 3 年之前 | |
README.XDR.md
XDR's Submodule for GitHub Runners
Original Source: https://github.com/philips-labs/terraform-aws-github-runner
For USAGE, see the module documentation at
~/xdr-terraform-modules/base/github-runners/README.md
Significant Changes
in
modules/runners/policies/lambda-scale-up.json, added section for KMS access:{ "Effect": "Allow", "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", "kms:GenerateDataKey*", "kms:ReEncrypt*" ], "Resource": "*"in
modules/runners/scale-{up,down}.tf,modules/webhook/webhook.tf, and./modules/runner-binaries-syncer/runner-binaries-syncer.tfchanged architectures line to be:architectures = var.lambda_architecture == "x86_64" ? [] : [var.lambda_architecture]This solves an issue where terraform thinks there's a change every time.
Similarly, for
./modules/runners/pool/main.tf, changed architectures line to be:architectures = var.config.lambda_architecture == "x86_64" ? [] : [var.config.lambda_architecture]
Process
- Cloned repo
rm -rf .git- Follow the
Setup GitHub App (part 1)instructions at https://github.com/philips-labs/terraform-aws-github-runner#setup-github-app-part-1 a. App name:mdr-engineering-runnersb. Everything else as instructed. - Download the lambdas from the 'releases' page into
~/Downloads/terraform-aws-github Upload the lambdas:
cd ~/Downloads/ aws --profile mdr-common-services-gov s3 sync terraform-aws-github s3://afsxdr-binaries/terraform-aws-github aws --profile mdr-common-services s3 sync terraform-aws-github s3://afsxdr-binaries/terraform-aws-githubAdd variables to ~/xdr-terraform-modules/base/github-runners/locals.tf
Modify variables in ~/xdr-terraform-live/test/aws-us-gov/mdr-test-c2/093-github-runners-mdr-engineering
terragrunt-local init && terragrunt-local applyFollow the instructions at 'Setup the webhook'