You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jan 16, 2025. It is now read-only.
## Description
Quite common to build AMI's with packer. Cleaning up old images could be
a challenge. This housekeeping lambda can remove old AMI based on a few
criteria.
The AMI housekeepr is implemented as an extra terraform module with a
lambda that runs once a day. The housekeepr can be configured to exclude
images based on reference in SSM, and tags. Images. The module is
deisabled by default and can used as part of the main module,
multi-runner or stand alone.
This PR also updates outdated lambda dependencies. And updates terraform
workflows to 1.5.6 as main version.
## Tested
- [x] default example (with new housekeeper)
- [x] multi runner example
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Copy file name to clipboardExpand all lines: README.md
+9-1
Original file line number
Diff line number
Diff line change
@@ -337,7 +337,7 @@ The example for [ephemeral runners](./examples/ephemeral) is based on the [defau
337
337
338
338
### Prebuilt Images
339
339
340
-
This module also allows you to run agents from a prebuilt AMI to gain faster startup times. You can find more information in [the image README.md](/images/README.md)
340
+
This module also allows you to run agents from a prebuilt AMI to gain faster startup times. The module provides several examples to build your own custom AMI. To remove old images, an [AMI housekeeper module](./modules/ami-housekeeper/README.md) can be used. You can find more information in [the image README.md](/images/README.md) for building custom images.
| <aname="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter)| Map of lists used to create the AMI filter for the action runner AMI. |`map(list(string))`| <pre>{<br> "state": [<br> "available"<br> ]<br>}</pre> | no |
495
+
| <a name="input_ami_housekeeper_cleanup_config"></a> [ami\_housekeeper\_cleanup\_config](#input\_ami\_housekeeper\_cleanup\_config) | Configuration for AMI cleanup.<br><br> `amiFilters` - Filters to use when searching for AMIs to cleanup. Default filter for images owned by the account and that are available.<br> `dryRun` - If true, no AMIs will be deregistered. Default false.<br> `launchTemplateNames` - Launch template names to use when searching for AMIs to cleanup. Default no launch templates.<br> `maxItems` - The maximum numer of AMI's tha will be queried for cleanup. Default no maximum.<br> `minimumDaysOld` - Minimum number of days old an AMI must be to be considered for cleanup. Default 30.<br> `ssmParameterNames` - SSM parameter names to use when searching for AMIs to cleanup. This parameter should be set when using SSM to configure the AMI to use. Default no SSM parameters. | <pre>object({<br> amiFilters = optional(list(object({<br> Name = string<br> Values = list(string)<br> })),<br> [{<br> Name : "state",<br> Values : ["available"],<br> },<br> {<br> Name : "image-type",<br> Values : ["machine"],<br> }]<br> )<br> dryRun = optional(bool, false)<br> launchTemplateNames = optional(list(string))<br> maxItems = optional(number)<br> minimumDaysOld = optional(number, 30)<br> ssmParameterNames = optional(list(string))<br> })</pre> | `{}` | no |
496
+
| <aname="input_ami_housekeeper_lambda_s3_key"></a> [ami\_housekeeper\_lambda\_s3\_key](#input\_ami\_housekeeper\_lambda\_s3\_key)| S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. |`string`|`null`| no |
497
+
| <aname="input_ami_housekeeper_lambda_s3_object_version"></a> [ami\_housekeeper\_lambda\_s3\_object\_version](#input\_ami\_housekeeper\_lambda\_s3\_object\_version)| S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. |`string`|`null`| no |
498
+
| <aname="input_ami_housekeeper_lambda_schedule_expression"></a> [ami\_housekeeper\_lambda\_schedule\_expression](#input\_ami\_housekeeper\_lambda\_schedule\_expression)| Scheduler expression for action runner binary syncer. |`string`|`"rate(1 day)"`| no |
499
+
| <aname="input_ami_housekeeper_lambda_timeout"></a> [ami\_housekeeper\_lambda\_timeout](#input\_ami\_housekeeper\_lambda\_timeout)| Time out of the lambda in seconds. |`number`|`300`| no |
500
+
| <aname="input_ami_housekeeper_lambda_zip"></a> [ami\_housekeeper\_lambda\_zip](#input\_ami\_housekeeper\_lambda\_zip)| File location of the lambda zip file. |`string`|`null`| no |
494
501
| <aname="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name)| Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami\_filter |`string`|`null`| no |
495
502
| <aname="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn)| Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI |`string`|`null`| no |
496
503
| <aname="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners)| The list of owners used to select the AMI of action runner instances. |`list(string)`| <pre>[<br> "amazon"<br>]</pre> | no |
@@ -501,6 +508,7 @@ We welcome any improvement to the standard module to make the default as secure
501
508
| <aname="input_create_service_linked_role_spot"></a> [create\_service\_linked\_role\_spot](#input\_create\_service\_linked\_role\_spot)| (optional) create the service linked role for spot instances that is required by the scale-up lambda. |`bool`|`false`| no |
502
509
| <aname="input_delay_webhook_event"></a> [delay\_webhook\_event](#input\_delay\_webhook\_event)| The number of seconds the event accepted by the webhook is invisible on the queue before the scale up lambda will receive the event. |`number`|`30`| no |
503
510
| <aname="input_disable_runner_autoupdate"></a> [disable\_runner\_autoupdate](#input\_disable\_runner\_autoupdate)| Disable the auto update of the github runner agent. Be aware there is a grace period of 30 days, see also the [GitHub article](https://github.blog/changelog/2022-02-01-github-actions-self-hosted-runners-can-now-disable-automatic-updates/)|`bool`|`false`| no |
511
+
| <aname="input_enable_ami_housekeeper"></a> [enable\_ami\_housekeeper](#input\_enable\_ami\_housekeeper)| Option to disable the lambda to clean up old AMIs. |`bool`|`false`| no |
504
512
| <aname="input_enable_cloudwatch_agent"></a> [enable\_cloudwatch\_agent](#input\_enable\_cloudwatch\_agent)| Enables the cloudwatch agent on the ec2 runner instances. The runner uses a default config that can be overridden via `cloudwatch_config`. |`bool`|`true`| no |
505
513
| <aname="input_enable_ephemeral_runners"></a> [enable\_ephemeral\_runners](#input\_enable\_ephemeral\_runners)| Enable ephemeral runners, runners will only be used once. |`bool`|`false`| no |
506
514
| <aname="input_enable_event_rule_binaries_syncer"></a> [enable\_event\_rule\_binaries\_syncer](#input\_enable\_event\_rule\_binaries\_syncer)| Option to disable EventBridge Lambda trigger for the binary syncer, useful to stop automatic updates of binary distribution. |`bool`|`true`| no |
Copy file name to clipboardExpand all lines: images/README.md
+2
Original file line number
Diff line number
Diff line change
@@ -6,6 +6,8 @@ These images share the same scripting as used in the user-data mechanism in `/mo
6
6
7
7
The examples in `linux-al2023` and `windows-core-2019` also upload a `start-runner` script that uses the exact same startup process as used in the user-data mechanism. This means that the image created here does not need any extra scripts injected or changes to boot up and connect to GH.
8
8
9
+
To remove old images the [AMI house keeper module](./modules/ami-housekeeper/README.md) can be used.
10
+
9
11
## Building your own
10
12
11
13
To build these images you first need to install packer.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments