Skip to content

fix(runners): correct regex pattern for extracting AMI ID from SSM parameter ARN #4981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
npalm merged 2 commits into from
Jan 8, 2026
Merged

fix(runners): correct regex pattern for extracting AMI ID from SSM parameter ARN #4981

npalm merged 2 commits into from
Jan 8, 2026

Conversation

@stuartp44
Copy link
Contributor

@stuartp44 stuartp44 commented Jan 5, 2026
edited
Loading

This PR creates a small change to the regex group that ensures the correct ami_id_ssm_parameter_arn value is passed in its fullest to the env of the scale-up lambda. At the moment, this is missing the leading '/' and thus causes Error processing batch (size: 3): Failed to lookup runner AMI ID from SSM parameter: github-action-runners/staging-multi/<redacted>-ubuntu-x64/runners/config/ami_id,\n GetParameterError: User: arn:aws:sts::<redacted>:assumed-role/staging-multi-<redacted>-ubu-x64-med-scale-up-lambda-<redacted>/staging-multi-<redacted>-ubu-x64-med-scale-up is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:<redacted>:<redacted>:* because no identity-based policy allows the ssm:GetParameter action, ignoring batch",.

closes #4959

@stuartp44 stuartp44 requested a review from a team as a code owner January 5, 2026 13:53
@github-actions
Copy link
Contributor

github-actions bot commented Jan 5, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@npalm
Copy link
Member

npalm commented Jan 6, 2026

@stuartp44 thx, do you know if any example is covering this. Or what change in ane xample can test this case?

@stuartp44 stuartp44 added the bug Something isn't working label Jan 7, 2026
@stuartp44
Copy link
Contributor Author

stuartp44 commented Jan 7, 2026
edited
Loading

@npalm this issue has surfaced during the last major version release and is mentioned #4959. Without this PR, stating the "id_ssm_parameter_arn"

ami:
    id_ssm_parameter_arn: ${ami_ssm_arn_prefix}/github-action-runners/staging-multi/<redacted>-ubuntu-x64/runners/config/ami_id

Fails and wont work as the information that is passed into the scale-up lambdas env is missing the lead "/" and thus causes a IAM permission issue.

image

@npalm npalm merged commit 174293c into main Jan 8, 2026
45 checks passed
@npalm npalm deleted the stu/fix_ami_is_ssm_swollow branch January 8, 2026 09:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@npalm npalm npalm approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Extraction of parameter name from id_ssm_parameter_arn variable.

3 participants

@stuartp44 @npalm