Skip to content

Commit

Permalink
Merge branch 'release/v0.8.1' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
npalm committed Dec 8, 2020
2 parents 64ec531 + 5868af4 commit f68d65b
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 1 deletion.
12 changes: 11 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [0.8.1] - 2020-12-08
### Changed
- Policy is missing for streaming logs to cloudwatch #388

## [0.8.0] - 2020-12-08

### Changed

- Examples upgraded to Terraform 13 (#372)
### Added

- Streaming runner logs to cloudwatch #375

## [0.7.0] - 2020-12-04

### Changed

- Small clarifications in the README #368 @lrytz

### Added

- Allow operator to pass in a list of managed IAM policy ARNs for the runner role #361 @jpalomaki
- expand options for sourcing lambda to include S3 #292 @eky5006

Expand Down Expand Up @@ -96,7 +105,8 @@ terraform import module.runners.module.webhook.aws_cloudwatch_log_group.webhook

- First release.

[unreleased]: https://github.com/philips-labs/terraform-aws-github-runner/compare/v0.8.0..HEAD
[unreleased]: https://github.com/philips-labs/terraform-aws-github-runner/compare/v0.8.1..HEAD
[0.8.1]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.8.0..v0.8.1
[0.8.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.7.0..v0.8.0
[0.7.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.6.0..v0.7.0
[0.6.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.5.0..v0.6.0
Expand Down
11 changes: 11 additions & 0 deletions modules/runners/logging.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,14 @@ resource "aws_cloudwatch_log_group" "runners" {
retention_in_days = var.logging_retention_in_days
tags = local.tags
}

resource "aws_iam_role_policy" "cloudwatch" {
count = var.enable_ssm_on_runners ? 1 : 0
name = "CloudWatchLogginAndMetrics"
role = aws_iam_role.runner.name
policy = templatefile("${path.module}/policies/instance-cloudwatch-policy.json",
{
ssm_parameter_arn = aws_ssm_parameter.cloudwatch_agent_config_runner[0].arn
}
)
}
2 changes: 2 additions & 0 deletions modules/runners/policies-runner.tf
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,5 @@ resource "aws_iam_role_policy_attachment" "managed_policies" {
role = aws_iam_role.runner.name
policy_arn = element(var.runner_iam_role_managed_policy_arns, count.index)
}

// see also logging.tf for logging and metrics policies
25 changes: 25 additions & 0 deletions modules/runners/policies/instance-cloudwatch-policy.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"ec2:DescribeVolumes",
"ec2:DescribeTags",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameter"
],
"Resource": "${ssm_parameter_arn}/*"
}
]
}

0 comments on commit f68d65b

Please sign in to comment.