fix!: remove deprecated terraform variables

README.md

@@ -107,16 +107,12 @@ Join our discord community via [this invite link](https://discord.gg/bxgXW8jJGh)
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ami"></a> [ami](#input\_ami) | AMI configuration for the action runner instances. This object allows you to specify all AMI-related settings in one place.<br/><br/>Parameters:<br/>- `filter`: Map of lists to filter AMIs by various criteria (e.g., { name = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-*"], state = ["available"] })<br/>- `owners`: List of AMI owners to limit the search. Common values: ["amazon"], ["self"], or specific AWS account IDs<br/>- `id_ssm_parameter_arn`: ARN of an SSM parameter containing the AMI ID. If specified, this overrides both AMI filter and parameter name<br/>- `kms_key_arn`: Optional KMS key ARN if the AMI is encrypted with a customer managed key<br/><br/>Defaults to null, in which case the module falls back to individual AMI variables (deprecated). | <pre>object({<br/>    filter               = optional(map(list(string)), { state = ["available"] })<br/>    owners               = optional(list(string), ["amazon"])<br/>    id_ssm_parameter_arn = optional(string, null)<br/>    kms_key_arn          = optional(string, null)<br/>  })</pre> | `null` | no |
-| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | [DEPRECATED: Use ami.filter] Map of lists used to create the AMI filter for the action runner AMI. | `map(list(string))` | <pre>{<br/>  "state": [<br/>    "available"<br/>  ]<br/>}</pre> | no |
 | <a name="input_ami_housekeeper_cleanup_config"></a> [ami\_housekeeper\_cleanup\_config](#input\_ami\_housekeeper\_cleanup\_config) | Configuration for AMI cleanup.<br/><br/>    `amiFilters` - Filters to use when searching for AMIs to cleanup. Default filter for images owned by the account and that are available.<br/>    `dryRun` - If true, no AMIs will be deregistered. Default false.<br/>    `launchTemplateNames` - Launch template names to use when searching for AMIs to cleanup. Default no launch templates.<br/>    `maxItems` - The maximum number of AMIs that will be queried for cleanup. Default no maximum.<br/>    `minimumDaysOld` - Minimum number of days old an AMI must be to be considered for cleanup. Default 30.<br/>    `ssmParameterNames` - SSM parameter names to use when searching for AMIs to cleanup. This parameter should be set when using SSM to configure the AMI to use. Default no SSM parameters. | <pre>object({<br/>    amiFilters = optional(list(object({<br/>      Name   = string<br/>      Values = list(string)<br/>      })),<br/>      [{<br/>        Name : "state",<br/>        Values : ["available"],<br/>        },<br/>        {<br/>          Name : "image-type",<br/>          Values : ["machine"],<br/>      }]<br/>    )<br/>    dryRun              = optional(bool, false)<br/>    launchTemplateNames = optional(list(string))<br/>    maxItems            = optional(number)<br/>    minimumDaysOld      = optional(number, 30)<br/>    ssmParameterNames   = optional(list(string))<br/>  })</pre> | `{}` | no |
 | <a name="input_ami_housekeeper_lambda_s3_key"></a> [ami\_housekeeper\_lambda\_s3\_key](#input\_ami\_housekeeper\_lambda\_s3\_key) | S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. | `string` | `null` | no |
 | <a name="input_ami_housekeeper_lambda_s3_object_version"></a> [ami\_housekeeper\_lambda\_s3\_object\_version](#input\_ami\_housekeeper\_lambda\_s3\_object\_version) | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | `string` | `null` | no |
 | <a name="input_ami_housekeeper_lambda_schedule_expression"></a> [ami\_housekeeper\_lambda\_schedule\_expression](#input\_ami\_housekeeper\_lambda\_schedule\_expression) | Scheduler expression for action runner binary syncer. | `string` | `"rate(1 day)"` | no |
 | <a name="input_ami_housekeeper_lambda_timeout"></a> [ami\_housekeeper\_lambda\_timeout](#input\_ami\_housekeeper\_lambda\_timeout) | Time out of the lambda in seconds. | `number` | `300` | no |
 | <a name="input_ami_housekeeper_lambda_zip"></a> [ami\_housekeeper\_lambda\_zip](#input\_ami\_housekeeper\_lambda\_zip) | File location of the lambda zip file. | `string` | `null` | no |
-| <a name="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | [DEPRECATED: Use ami.id\_ssm\_parameter\_arn] String used to construct the SSM parameter name used to resolve the latest AMI ID for the runner instances. The SSM parameter should be of type String and contain a valid AMI ID. The default behavior is to use the latest Ubuntu 22.04 AMI. | `string` | `null` | no |
-| <a name="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn) | [DEPRECATED: Use ami.kms\_key\_arn] Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | `string` | `null` | no |
-| <a name="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners) | [DEPRECATED: Use ami.owners] The list of owners that should be used to find the AMI. | `list(string)` | <pre>[<br/>  "amazon"<br/>]</pre> | no |
 | <a name="input_associate_public_ipv4_address"></a> [associate\_public\_ipv4\_address](#input\_associate\_public\_ipv4\_address) | Associate public IPv4 with the runner. Only tested with IPv4 | `bool` | `false` | no |
 | <a name="input_aws_partition"></a> [aws\_partition](#input\_aws\_partition) | (optiona) partition in the arn namespace to use if not 'aws' | `string` | `"aws"` | no |
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes |
@@ -244,7 +240,6 @@ Join our discord community via [this invite link](https://discord.gg/bxgXW8jJGh)
 | Name | Description |
 |------|-------------|
 | <a name="output_binaries_syncer"></a> [binaries\_syncer](#output\_binaries\_syncer) | n/a |
-| <a name="output_deprecated_variables_warning"></a> [deprecated\_variables\_warning](#output\_deprecated\_variables\_warning) | Warning for deprecated variables usage. These variables will be removed in a future release. Please migrate to using the consolidated 'ami' object. |
 | <a name="output_instance_termination_handler"></a> [instance\_termination\_handler](#output\_instance\_termination\_handler) | n/a |
 | <a name="output_instance_termination_watcher"></a> [instance\_termination\_watcher](#output\_instance\_termination\_watcher) | n/a |
 | <a name="output_queues"></a> [queues](#output\_queues) | SQS queues. |

docs/configuration.md

@@ -205,8 +205,6 @@ ami = {
 }
 ```
 
-> **Note:** The old way of configuring AMIs using individual variables (`ami_filter`, `ami_owners`, `ami_kms_key_arn`, `ami_id_ssm_parameter_arn`, `ami_id_ssm_parameter_name`) is deprecated and will be removed in a future version. It is recommended to migrate to the new consolidated `ami` object. Support for `ami_id_ssm_parameter_name` will be dropped, please specify an arn via `ami.id_ssm_parameter_arn` instead.
-
 ## Logging
 
 The module uses [AWS Lambda Powertools](https://awslabs.github.io/aws-lambda-powertools-typescript/latest/) for logging. By default the log level is set to `info`, by setting the log level to `debug` the incoming events of the Lambda are logged as well.

examples/default/README.md

@@ -70,7 +70,6 @@ terraform output -raw webhook_secret
 
 | Name | Description |
 |------|-------------|
-| <a name="output_deprecated_variables_warning"></a> [deprecated\_variables\_warning](#output\_deprecated\_variables\_warning) | n/a |
 | <a name="output_runners"></a> [runners](#output\_runners) | n/a |
 | <a name="output_webhook_endpoint"></a> [webhook\_endpoint](#output\_webhook\_endpoint) | n/a |
 | <a name="output_webhook_secret"></a> [webhook\_secret](#output\_webhook\_secret) | n/a |

examples/default/outputs.tf

@@ -12,9 +12,3 @@ output "webhook_secret" {
   sensitive = true
   value     = random_id.random.hex
 }
-
-output "deprecated_variables_warning" {
-  value = join("", [
-    module.runners.deprecated_variables_warning,
-  ])
-}

examples/ephemeral/main.tf

@@ -83,8 +83,10 @@ module "runners" {
 
   # configure your pre-built AMI
   # enable_userdata = false
-  # ami_filter      = { name = ["github-runner-al2023-x86_64-*"], state = ["available"] }
-  # ami_owners      = [data.aws_caller_identity.current.account_id]
+  # ami = {
+  #   filter = { name = ["github-runner-al2023-x86_64-*"], state = ["available"] }
+  #   owners = [data.aws_caller_identity.current.account_id]
+  # }
 
   # or use the default AMI
   # enable_userdata = true

examples/multi-runner/README.md

@@ -94,7 +94,6 @@ terraform output -raw webhook_secret
 
 | Name | Description |
 |------|-------------|
-| <a name="output_deprecated_variables_warning"></a> [deprecated\_variables\_warning](#output\_deprecated\_variables\_warning) | n/a |
 | <a name="output_webhook_endpoint"></a> [webhook\_endpoint](#output\_webhook\_endpoint) | n/a |
 | <a name="output_webhook_secret"></a> [webhook\_secret](#output\_webhook\_secret) | n/a |
 <!-- END_TF_DOCS -->

examples/multi-runner/outputs.tf

@@ -6,9 +6,3 @@ output "webhook_secret" {
   sensitive = true
   value     = random_id.random.hex
 }
-
-output "deprecated_variables_warning" {
-  value = join("", [
-    module.runners.deprecated_variables_warning,
-  ])
-}

examples/multi-runner/templates/runner-configs/windows-x64.yaml

@@ -15,8 +15,9 @@ runner_config:
   delay_webhook_event: 5
   scale_down_schedule_expression: cron(* * * * ? *)
   runner_boot_time_in_minutes: 20
-  ami_filter:
-    name:
-      - Windows_Server-2022-English-Full-ECS_Optimized-*
-    state:
-      - available
+  ami:
+    filter:
+      name:
+        - Windows_Server-2022-English-Full-ECS_Optimized-*
+      state:
+        - available

examples/prebuilt/README.md

@@ -33,9 +33,11 @@ Assuming you have built the `linux-al2023` image which has a pre-defined AMI nam
 module "runners" {
   ...
   # set the name of the ami to use
-  ami_filter        = { name = ["github-runner-al2023-x86_64-2023*"], state = ["available"] }
-  # provide the owner id of
-  ami_owners        = ["<your owner id>"]
+  ami = {
+    filter = { name = ["github-runner-al2023-x86_64-2023*"], state = ["available"] }
+    # provide the owner id of
+    owners = ["<your owner id>"]
+  }
 
   enable_userdata = false
   ...
@@ -49,7 +51,10 @@ data "aws_caller_identity" "current" {}
 
 module "runners" {
   ...
-  ami_owners       = [data.aws_caller_identity.current.account_id]
+  ami = {
+    filter = { name = ["github-runner-al2023-x86_64-2023*"], state = ["available"] }
+    owners = [data.aws_caller_identity.current.account_id]
+  }
   ...
 }
 ```

examples/prebuilt/main.tf

@@ -45,8 +45,10 @@ module "runners" {
 
   # configure your pre-built AMI
   enable_userdata = false
-  ami_filter      = { name = [var.ami_name_filter], state = ["available"] }
-  ami_owners      = [data.aws_caller_identity.current.account_id]
+  ami = {
+    filter = { name = [var.ami_name_filter], state = ["available"] }
+    owners = [data.aws_caller_identity.current.account_id]
+  }
 
   # disable binary syncer since github agent is already installed in the AMI.
   enable_runner_binaries_syncer = false

main.tf

@@ -177,12 +177,8 @@ module "runners" {
   instance_max_spot_price       = var.instance_max_spot_price
   block_device_mappings         = var.block_device_mappings
 
-  runner_architecture       = var.runner_architecture
-  ami                       = var.ami
-  ami_filter                = var.ami_filter
-  ami_owners                = var.ami_owners
-  ami_id_ssm_parameter_name = var.ami_id_ssm_parameter_name
-  ami_kms_key_arn           = var.ami_kms_key_arn
+  runner_architecture = var.runner_architecture
+  ami                 = var.ami
 
   sqs_build_queue                      = aws_sqs_queue.queued_builds
   github_app_parameters                = local.github_app_parameters

modules/multi-runner/outputs.tf

@@ -67,23 +67,3 @@ output "instance_termination_handler" {
     lambda_role      = module.instance_termination_watcher[0].spot_termination_handler.lambda_role
   } : null
 }
-
-output "deprecated_variables_warning" {
-  description = "Warning for deprecated variables usage. These variables will be removed in a future release. Please migrate to using the consolidated 'ami' object in each runner configuration."
-  value = join("", [
-    for key, runner_config in var.multi_runner_config : (
-      join("", [
-        # Show object migration warning only when ami is null and old variables are used
-        try(runner_config.runner_config.ami, null) == null ? (
-          (try(runner_config.runner_config.ami_filter, { state = ["available"] }) != { state = ["available"] } ||
-            try(runner_config.runner_config.ami_owners, ["amazon"]) != ["amazon"] ||
-          try(runner_config.runner_config.ami_kms_key_arn, "") != "") ?
-          "DEPRECATION WARNING: Runner '${key}' is using deprecated AMI variables (ami_filter, ami_owners, ami_kms_key_arn). These variables will be removed in a future version. Please migrate to using the consolidated 'ami' object.\n" : ""
-        ) : "",
-        # Always show warning for ami_id_ssm_parameter_name to migrate to ami_id_ssm_parameter_arn
-        try(runner_config.runner_config.ami_id_ssm_parameter_name, null) != null ?
-        "DEPRECATION WARNING: Runner '${key}' is using deprecated variable 'ami_id_ssm_parameter_name'. Please use 'ami.id_ssm_parameter_arn' instead.\n" : ""
-      ])
-    )
-  ])
-}

modules/multi-runner/runners.tf

@@ -27,9 +27,6 @@ module "runners" {
 
   runner_architecture = each.value.runner_config.runner_architecture
   ami                 = each.value.runner_config.ami
-  ami_filter          = each.value.runner_config.ami_filter
-  ami_owners          = each.value.runner_config.ami_owners
-  ami_kms_key_arn     = each.value.runner_config.ami_kms_key_arn
 
   sqs_build_queue                      = { "arn" : each.value.arn, "url" : each.value.url }
   github_app_parameters                = local.github_app_parameters

modules/multi-runner/variables.tf

@@ -70,12 +70,7 @@ variable "multi_runner_config" {
         owners               = optional(list(string), ["amazon"])
         id_ssm_parameter_arn = optional(string, null)
         kms_key_arn          = optional(string, null)
-      }), null) # Defaults to null, in which case the module falls back to individual AMI variables (deprecated)
-      # Deprecated: Use ami object instead
-      ami_filter                              = optional(map(list(string)), { state = ["available"] })
-      ami_owners                              = optional(list(string), ["amazon"])
-      ami_id_ssm_parameter_name               = optional(string, null)
-      ami_kms_key_arn                         = optional(string, "")
+      }), null)
       create_service_linked_role_spot         = optional(bool, false)
       credit_specification                    = optional(string, null)
       delay_webhook_event                     = optional(number, 30)
@@ -183,8 +178,6 @@ variable "multi_runner_config" {
         runner_architecture: "The platform architecture of the runner instance_type."
         runner_metadata_options: "(Optional) Metadata options for the ec2 runner instances."
         ami: "(Optional) AMI configuration for the action runner instances. This object allows you to specify all AMI-related settings in one place."
-        ami_filter: "(Optional) List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used."
-        ami_owners: "(Optional) The list of owners used to select the AMI of action runner instances."
         create_service_linked_role_spot: (Optional) create the serviced linked role for spot instances that is required by the scale-up lambda.
         credit_specification: "(Optional) The credit specification of the runner instance_type. Can be unset, `standard` or `unlimited`.
         delay_webhook_event: "The number of seconds the event accepted by the webhook is invisible on the queue before the scale up lambda will receive the event."

modules/runners/README.md

@@ -137,10 +137,6 @@ yarn run dist
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ami"></a> [ami](#input\_ami) | AMI configuration for the action runner instances. This object allows you to specify all AMI-related settings in one place.<br/><br/>Parameters:<br/>- `filter`: Map of lists to filter AMIs by various criteria (e.g., { name = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-*"], state = ["available"] })<br/>- `owners`: List of AMI owners to limit the search. Common values: ["amazon"], ["self"], or specific AWS account IDs<br/>- `id_ssm_parameter_name`: Name of an SSM parameter containing the AMI ID. If specified, this overrides the AMI filter<br/>- `id_ssm_parameter_arn`: ARN of an SSM parameter containing the AMI ID. If specified, this overrides both AMI filter and parameter name<br/>- `kms_key_arn`: Optional KMS key ARN if the AMI is encrypted with a customer managed key<br/><br/>Defaults to null, in which case the module falls back to individual AMI variables (deprecated). | <pre>object({<br/>    filter               = optional(map(list(string)), { state = ["available"] })<br/>    owners               = optional(list(string), ["amazon"])<br/>    id_ssm_parameter_arn = optional(string, null)<br/>    kms_key_arn          = optional(string, null)<br/>  })</pre> | `null` | no |
-| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | [DEPRECATED: Use ami.filter] Map of lists used to create the AMI filter for the action runner AMI. | `map(list(string))` | <pre>{<br/>  "state": [<br/>    "available"<br/>  ]<br/>}</pre> | no |
-| <a name="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | [DEPRECATED: Use ami.id\_ssm\_parameter\_name] Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami\_filter | `string` | `null` | no |
-| <a name="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn) | [DEPRECATED: Use ami.kms\_key\_arn] Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | `string` | `null` | no |
-| <a name="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners) | [DEPRECATED: Use ami.owners] The list of owners used to select the AMI of action runner instances. | `list(string)` | <pre>[<br/>  "amazon"<br/>]</pre> | no |
 | <a name="input_associate_public_ipv4_address"></a> [associate\_public\_ipv4\_address](#input\_associate\_public\_ipv4\_address) | Associate public IPv4 with the runner. Only tested with IPv4 | `bool` | `false` | no |
 | <a name="input_aws_partition"></a> [aws\_partition](#input\_aws\_partition) | (optional) partition for the base arn if not 'aws' | `string` | `"aws"` | no |
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes |

modules/runners/main.tf

@@ -37,16 +37,18 @@ locals {
     "linux"   = "${path.module}/templates/start-runner.sh"
   }
 
-  # Handle AMI configuration from either the new object or old variables
+  # Handle AMI configuration
   ami_config = var.ami != null ? var.ami : {
-    filter               = var.ami_filter
-    owners               = var.ami_owners
+    filter               = local.default_ami[var.runner_os]
+    owners               = ["amazon"]
     id_ssm_parameter_arn = null
-    kms_key_arn          = var.ami_kms_key_arn
+    kms_key_arn          = null
   }
   ami_kms_key_arn           = local.ami_config.kms_key_arn != null ? local.ami_config.kms_key_arn : ""
   ami_filter                = merge(local.default_ami[var.runner_os], local.ami_config.filter)
   ami_id_ssm_module_managed = local.ami_config.id_ssm_parameter_arn == null
+  # Extract parameter name from ARN (format: arn:aws:ssm:region:account:parameter/path/to/param)
+  ami_id_ssm_parameter_name = local.ami_id_ssm_module_managed ? null : try(regex("parameter/(.+)$", local.ami_config.id_ssm_parameter_arn)[0], null)
 
   enable_job_queued_check = var.enable_job_queued_check == null ? !var.enable_ephemeral_runners : var.enable_job_queued_check