Merge branch 'futurelearn-lm-configurable-security-groups' into develop

Author: npalm

README.md

@@ -74,16 +74,17 @@ module "runners" {
   ami_filter          = local.ami_filter
   ami_owners          = var.ami_owners
 
-  sqs_build_queue                 = aws_sqs_queue.queued_builds
-  github_app                      = var.github_app
-  enable_organization_runners     = var.enable_organization_runners
-  scale_down_schedule_expression  = var.scale_down_schedule_expression
-  minimum_running_time_in_minutes = var.minimum_running_time_in_minutes
-  runner_extra_labels             = var.runner_extra_labels
-  runner_as_root                  = var.runner_as_root
-  runners_maximum_count           = var.runners_maximum_count
-  idle_config                     = var.idle_config
-  enable_ssm_on_runners           = var.enable_ssm_on_runners
+  sqs_build_queue                      = aws_sqs_queue.queued_builds
+  github_app                           = var.github_app
+  enable_organization_runners          = var.enable_organization_runners
+  scale_down_schedule_expression       = var.scale_down_schedule_expression
+  minimum_running_time_in_minutes      = var.minimum_running_time_in_minutes
+  runner_extra_labels                  = var.runner_extra_labels
+  runner_as_root                       = var.runner_as_root
+  runners_maximum_count                = var.runners_maximum_count
+  idle_config                          = var.idle_config
+  enable_ssm_on_runners                = var.enable_ssm_on_runners
+  runner_additional_security_group_ids = var.runner_additional_security_group_ids
 
   lambda_s3_bucket                 = var.lambda_s3_bucket
   runners_lambda_s3_key            = var.runners_lambda_s3_key

main.tf

@@ -32,20 +32,20 @@ No requirements.
 ## Providers
 
 | Name | Version |
-| ---- | ------- |
-| null | n/a     |
+|------|---------|
+| null | n/a |
 
 ## Inputs
 
-| Name    | Description                           | Type                                                                        | Default | Required |
-| ------- | ------------------------------------- | --------------------------------------------------------------------------- | ------- | :------: |
-| lambdas | Name and tag for lambdas to download. | <pre>list(object({<br>    name = string<br>    tag  = string<br>  }))</pre> | n/a     |   yes    |
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| lambdas | Name and tag for lambdas to download. | <pre>list(object({<br>    name = string<br>    tag  = string<br>  }))</pre> | n/a | yes |
 
 ## Outputs
 
-| Name  | Description |
-| ----- | ----------- |
-| files | n/a         |
+| Name | Description |
+|------|-------------|
+| files | n/a |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

modules/download-lambda/README.md

@@ -87,6 +87,7 @@ No requirements.
 | overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` override the `Name` tag spot instances created by the runner agent. | `map(string)` | <pre>{<br>  "name_runner": "",<br>  "name_sg": ""<br>}</pre> | no |
 | role\_path | The path that will be added to the role, if not set the environment name will be used. | `string` | `null` | no |
 | role\_permissions\_boundary | Permissions boundary that will be added to the created role for the lambda. | `string` | `null` | no |
+| runner\_additional\_security\_group\_ids | (optional) List of additional security groups IDs to apply to the runner | `list(string)` | `[]` | no |
 | runner\_architecture | The platform architecture of the runner instance\_type. | `string` | `"x64"` | no |
 | runner\_as\_root | Run the action runner under the root user. | `bool` | `false` | no |
 | runner\_extra\_labels | Extra labels for the runners (GitHub). Separate each label by a comma | `string` | `""` | no |

modules/runners/README.md

@@ -62,7 +62,10 @@ resource "aws_launch_template" "runner" {
   image_id      = data.aws_ami.runner.id
   instance_type = var.instance_type
 
-  vpc_security_group_ids = [aws_security_group.runner_sg.id]
+  vpc_security_group_ids = compact(concat(
+    [aws_security_group.runner_sg.id],
+    var.runner_additional_security_group_ids,
+  ))
 
   tag_specifications {
     resource_type = "instance"

modules/runners/main.tf

@@ -278,3 +278,9 @@ variable "runner_log_files" {
     }
   ]
 }
+
+variable "runner_additional_security_group_ids" {
+  description = "(optional) List of additional security groups IDs to apply to the runner"
+  type        = list(string)
+  default     = []
+}

modules/runners/variables.tf

@@ -296,3 +296,9 @@ variable "runner_log_files" {
     }
   ]
 }
+
+variable "runner_additional_security_group_ids" {
+  description = "(optional) List of additional security groups IDs to apply to the runner"
+  type        = list(string)
+  default     = []
+}