{"id":19084417,"url":"https://github.com/cloudandthings/terraform-aws-github-runners","last_synced_at":"2026-02-25T12:21:48.760Z","repository":{"id":62205392,"uuid":"526994480","full_name":"cloudandthings/terraform-aws-github-runners","owner":"cloudandthings","description":"Deploy GitHub Action runners in your AWS Account. Uses AWS CodeBuild to manage ephemeral runners, so you don't have to.","archived":false,"fork":false,"pushed_at":"2024-12-11T08:43:12.000Z","size":362,"stargazers_count":18,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-02T21:20:54.639Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudandthings.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-20T17:26:40.000Z","updated_at":"2024-12-11T08:43:01.000Z","dependencies_parsed_at":"2024-08-15T12:46:28.143Z","dependency_job_id":"215f5494-fc92-487a-b293-e350b26ff34e","html_url":"https://github.com/cloudandthings/terraform-aws-github-runners","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudandthings%2Fterraform-aws-github-runners","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudandthings%2Fterraform-aws-github-runners/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudandthings%2Fterraform-aws-github-runners/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudandthings%2Fterraform-aws-github-runners/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudandthings","download_url":"https://codeload.github.com/cloudandthings/terraform-aws-github-runners/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240136991,"owners_count":19753645,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T02:51:16.215Z","updated_at":"2026-02-25T12:21:48.748Z","avatar_url":"https://github.com/cloudandthings.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-github-runners\n\nDeploy GitHub Action runners in your AWS Account using serverless AWS CodeBuild.\n\n---\n\n[![Maintenance](https://img.shields.io/badge/Maintained-yes-green.svg)](https://github.com/cloudandthings/terraform-aws-github-runners/graphs/commit-activity)\n![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.13.0-blue)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white)](https://github.com/pre-commit/pre-commit)\n[![Pre-commit](https://github.com/cloudandthings/terraform-aws-github-runners/actions/workflows/pre-commit-and-tests.yml/badge.svg)](https://github.com/cloudandthings/terraform-aws-github-runners/actions/workflows/pre-commit-and-tests.yml)\n[![Trivy Security Scan](https://github.com/cloudandthings/terraform-aws-github-runners/actions/workflows/trivy-scan.yml/badge.svg)](https://github.com/cloudandthings/terraform-aws-github-runners/actions/workflows/trivy-scan.yml)\n\n## Overview\n\nThis Terraform module simplifies deployment of self-hosted GitHub Action runners using AWS CodeBuild. Unlike traditional approaches that require managing EC2 instances, this solution is serverless.\n\n### Key Benefits\n\n- **Simple** - Quick setup with minimal configuration (see examples)\n- **Serverless** - No EC2 instances to maintain; CodeBuild spins up ephemeral runners on-demand\n- **Cost-effective** - Pay only for build minutes when workflows run; zero cost when idle\n- **Scalable** - Automatically scales within [AWS CodeBuild quotas](https://docs.aws.amazon.com/codebuild/latest/userguide/limits.html)\n- **Secure** - No public inbound traffic required\n\n### Ideal Use Cases\n\nThis module is best for projects with infrequent CI/CD runs or long idle periods. For many projects, CI/CD runs sporadically, making the pay-per-minute model of CodeBuild more economical than continuously running EC2 instances.\n\n## How It Works\n\nWhen a GitHub Action is triggered in your repository:\n\n1. A webhook notifies the AWS CodeBuild project\n2. CodeBuild spins up an ephemeral runner environment (optionally, within your VPC)\n3. The runner self-configures and connects to GitHub\n4. Your workflow jobs execute in the CodeBuild environment\n5. The runner terminates after job completion\n\n## Getting Started\n\n### Prerequisites\n\n- AWS Account with appropriate permissions\n- GitHub repository with appropriate permissions\n- Terraform \u003e= 0.13.0\n\n\n### Step 1: Setup GitHub Authentication\n\nConfigure authentication between AWS and GitHub to enable secure communication.\n\nFollow the detailed setup guide: [GitHub Authentication Setup](https://github.com/cloudandthings/terraform-aws-github-runners/blob/main/docs/GITHUB-AUTH-SETUP.md)\n\n\n### Step 2: Deploy the Module\n\nConfigure and deploy this module using Terraform. Check the examples directory for quick-start templates.\n\n```hcl\nmodule \"github_runner\" {\n  source = \"cloudandthings/github-runners/aws\"\n\n  # Your configuration here\n}\n```\n\n### Step 3: Update Your Workflow\n\nModify your GitHub workflow file to use the CodeBuild runner:\n\n```yaml\njobs:\n  my-job:\n    # The runner label below will trigger CodeBuild to run this job\n    runs-on: codebuild-${{ RUNNER_NAME }}-${{ github.run_id }}-${{ github.run_attempt }}\n    steps:\n      - uses: actions/checkout@v3\n      - name: Run your commands\n        run: echo \"Running on CodeBuild!\"\n```\n\nReplace `RUNNER_NAME` with the name you configured for your runner.\n\nThe runner label is also added as a description on the CodeBuild project.\n\n## Docker Image Configuration\n\n### Default Images\n\nThe module automatically selects an appropriate default Docker image:\n\n- **Default**: `aws/codebuild/amazonlinux2-x86_64-standard:5.0` (when not using ECR)\n- **ECR**: Assumes an image tagged `latest` exists in your ECR repository\n\n### Using Custom Images\n\nSpecify a custom Docker image via the `environment_image` variable:\n\n**CodeBuild images:**\n```hcl\nenvironment_image = \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\"\n```\n\n**Docker Hub images:**\n```hcl\nenvironment_image = \"hashicorp/terraform:latest\"\n```\n\n**Amazon ECR images:**\n```hcl\nenvironment_image = \"137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest\"\n```\n\n\n### Amazon ECR Setup\n\nTo use Amazon ECR:\n\n1. Provide an existing ECR repository name, or let the module create one\n2. Ensure an image with the `latest` tag exists, or specify a different tag in `environment_image`\n3. The final image URI is available as an output variable for verification\n\n**Note**: If using a custom ECR image, you may need additional configuration in your Dockerfile since some GitHub `uses` actions may not work by default.\n\n## Known Limitations\n\n### 1. Custom ECR Images Require Additional Setup\n\nWhen using custom ECR images, some GitHub `uses` actions may not work out of the box. Additional installation and configuration steps may be needed in your Dockerfile to ensure compatibility with GitHub Actions.\n\n### 2. Cost Considerations for High-Volume Projects\n\nCodeBuild charges per build minute. While this module is highly cost-effective for projects with infrequent builds, it may not be economical for repositories with:\n- Frequent commits and builds\n- Very long-running workflows\n- Numerous parallel jobs\n\nUse the [AWS Pricing Calculator](https://calculator.aws.amazon.com/) to estimate costs for your specific use case.\n\n## Migration from EC2 Version\n\nThis module previously used EC2 spot instances with configurable AutoScaling. If you wish to continue using the EC2-based approach, the code has been moved to a separate repository:\n\n**[terraform-aws-github-runners-ec2](https://github.com/cloudandthings/terraform-aws-github-runners-ec2)**\n\n\n## Troubleshooting\n\nHaving issues? Check out our [Troubleshooting Guide](https://github.com/cloudandthings/terraform-aws-github-runners/blob/main/docs/TROUBLESHOOTING.md) for common problems and solutions.\n\n## Contributing\n\nFound an issue or want to contribute? See [CONTRIBUTING.md](https://github.com/cloudandthings/terraform-aws-github-runners/blob/main/CONTRIBUTING.md) for guidelines.\n\nPlease note that this project has a [Code of Conduct](https://github.com/cloudandthings/terraform-aws-github-runners/blob/main/CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code.\n\n## Security\n\nFor security concerns, please review our [Security Policy](https://github.com/cloudandthings/terraform-aws-github-runners/blob/main/SECURITY.md). To report a vulnerability, please use [GitHub Security Advisories](https://github.com/cloudandthings/terraform-aws-github-runners/security/advisories/new).\n\n## Resources\n\n- [GitHub Authentication Setup Guide](https://github.com/cloudandthings/terraform-aws-github-runners/blob/main/docs/GITHUB-AUTH-SETUP.md)\n- [Troubleshooting Guide](https://github.com/cloudandthings/terraform-aws-github-runners/blob/main/docs/TROUBLESHOOTING.md)\n- [AWS CodeBuild Documentation](https://docs.aws.amazon.com/codebuild/)\n- [GitHub Actions Documentation](https://docs.github.com/en/actions)\n\n---\n\n**License**: [View License](https://github.com/cloudandthings/terraform-aws-github-runners/blob/main/LICENSE)\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Module Docs\n\n### Basic Example\n```hcl\nmodule \"github_runner\" {\n  source = \"../../\"\n\n  # Required parameters\n  ############################\n  # Naming for all created resources\n  name            = \"github-runner-codebuild-test\"\n  source_location = \"https://github.com/my-org/my-repo.git\"\n\n  # Environment image is not specified so it will default to:\n  # \"aws/codebuild/amazonlinux2-x86_64-standard:5.0\"\n\n  # Optional parameters\n  ############################\n  description = \"Created by my-org/my-runner-repo.git\"\n\n  # testing purposes only\n  github_personal_access_token = \"example\"\n\n  vpc_id     = \"vpc-0ffaabbcc1122\"\n  subnet_ids = [\"subnet-0123\", \"subnet-0456\"]\n}\n```\n### Advanced Example\n```hcl\nlocals {\n  naming_prefix = \"test-github-runner\"\n  vpc_id        = \"vpc-0ffaabbcc1122\"\n  vpc_cidr      = \"10.0.0.0/16\"\n}\n\n# Create a custom security-group to allow SSH to all EC2 instances\nresource \"aws_security_group\" \"this\" {\n  name        = \"${local.naming_prefix}-sg\"\n  description = \"GitHub runner ${local.naming_prefix}-sg\"\n\n  # tfsec:ignore:aws-ec2-no-public-egress-sgr\n  egress {\n    description = \"egress\"\n    from_port   = 0\n    to_port     = 0\n    protocol    = \"-1\"\n    cidr_blocks = [\"0.0.0.0/0\"]\n  }\n\n  vpc_id = local.vpc_id\n  #checkov:skip=CKV2_AWS_5:The SG is attached by the module.\n  #checkov:skip=CKV_AWS_382:Egress to GitHub Actions is required for the runner to work.\n}\n\n# Create a baseline CodeBuild credential that all GitHub projects will use by default\nresource \"aws_codebuild_source_credential\" \"github\" {\n  auth_type   = \"SECRETS_MANAGER\"\n  server_type = \"GITHUB\"\n  token       = \"arn:aws:secretsmanager:region:account-id:secret:name\"\n}\n\nmodule \"github_runner\" {\n  source = \"../../\"\n\n  # Required parameters\n  ############################\n  source_location = \"https://github.com/my-org/my-repo.git\"\n\n  # Naming for all created resources\n  name = \"github-runner-codebuild-test\"\n\n  # Environment image is not specified so it will default to:\n  # \"${local.aws_account_id}.dkr.ecr.${local.aws_region}.amazonaws.com/${local.ecr_repository_name}:latest\"\n  # Because an ECR repo is used\n\n  vpc_id     = \"vpc-0ffaabbcc1122\"\n  subnet_ids = [\"subnet-0123\", \"subnet-0456\"]\n\n  # Optional parameters\n  ################################\n  description = \"Created by my-org/my-runner-repo.git\"\n\n  create_ecr_repository = true\n\n  # Override the baseline CodeBuild credential\n  source_auth = {\n    type     = \"SECRETS_MANAGER\"\n    resource = \"arn:aws:secretsmanager:af-south-1:123456789012:secret:my-github-oauth-token-secret-nwYBWW\"\n  }\n\n  security_group_ids         = [aws_security_group.this.id]\n  cloudwatch_logs_group_name = \"/some/log/group\"\n}\n\n# Example: Using the default security group with custom ingress rules for Packer\nmodule \"github_runner_with_packer\" {\n  source = \"../../\"\n\n  # Required parameters\n  source_location = \"https://github.com/my-org/my-repo.git\"\n  name            = \"github-runner-packer\"\n\n  # VPC configuration\n  vpc_id     = local.vpc_id\n  subnet_ids = [\"subnet-0123\", \"subnet-0456\"]\n\n  # Custom ingress rules added to the default security group\n  # This is useful when running Packer which requires ephemeral ports for WinRM/SSH\n  ingress_with_cidr_blocks = [\n    {\n      from_port   = 1024\n      to_port     = 65535\n      protocol    = \"tcp\"\n      description = \"Ephemeral ports required for Packer WinRM/SSH communication\"\n      cidr_blocks = [local.vpc_cidr]\n    },\n    {\n      from_port   = 5985\n      to_port     = 5986\n      protocol    = \"tcp\"\n      description = \"WinRM ports for Packer\"\n      cidr_blocks = [local.vpc_cidr]\n    }\n  ]\n}\n```\n\n----\n### Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_build_timeout\"\u003e\u003c/a\u003e [build\\_timeout](#input\\_build\\_timeout) | Number of minutes, from 5 to 2160 (36 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. | `number` | `5` | no |\n| \u003ca name=\"input_cloudwatch_log_group_retention_in_days\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_retention\\_in\\_days](#input\\_cloudwatch\\_log\\_group\\_retention\\_in\\_days) | Number of days to retain log events | `number` | `14` | no |\n| \u003ca name=\"input_cloudwatch_logs_group_name\"\u003e\u003c/a\u003e [cloudwatch\\_logs\\_group\\_name](#input\\_cloudwatch\\_logs\\_group\\_name) | Name of the log group used by the CodeBuild project. If not specified then a default is used. | `string` | `null` | no |\n| \u003ca name=\"input_cloudwatch_logs_stream_name\"\u003e\u003c/a\u003e [cloudwatch\\_logs\\_stream\\_name](#input\\_cloudwatch\\_logs\\_stream\\_name) | Name of the log stream used by the CodeBuild project. If not specified then a default is used. | `string` | `null` | no |\n| \u003ca name=\"input_create_cloudwatch_log_group\"\u003e\u003c/a\u003e [create\\_cloudwatch\\_log\\_group](#input\\_create\\_cloudwatch\\_log\\_group) | Determines whether a log group is created by this module. If not, AWS will automatically create one if logging is enabled | `bool` | `true` | no |\n| \u003ca name=\"input_create_ecr_repository\"\u003e\u003c/a\u003e [create\\_ecr\\_repository](#input\\_create\\_ecr\\_repository) | If set to true then an ECR repository will be created, and an image needs to be pushed to it before running the build project | `string` | `false` | no |\n| \u003ca name=\"input_description\"\u003e\u003c/a\u003e [description](#input\\_description) | Short description of the project. | `string` | `null` | no |\n| \u003ca name=\"input_ecr_repository_name\"\u003e\u003c/a\u003e [ecr\\_repository\\_name](#input\\_ecr\\_repository\\_name) | Name of the ECR repository to create or use. If not specified and `create_ecr_repository` is true, then a default is used. | `string` | `null` | no |\n| \u003ca name=\"input_environment_compute_type\"\u003e\u003c/a\u003e [environment\\_compute\\_type](#input\\_environment\\_compute\\_type) | Information about the compute resources the build project will use. Valid values: `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE`, `BUILD_GENERAL1_2XLARGE`, `BUILD_LAMBDA_1GB`, `BUILD_LAMBDA_2GB`, `BUILD_LAMBDA_4GB`, `BUILD_LAMBDA_8GB`, `BUILD_LAMBDA_10GB`. `BUILD_GENERAL1_SMALL` is only valid if type is set to `LINUX_CONTAINER`. When type is set to `LINUX_GPU_CONTAINER`, compute\\_type must be `BUILD_GENERAL1_LARGE`. When type is set to `LINUX_LAMBDA_CONTAINER` or `ARM_LAMBDA_CONTAINER`, compute\\_type must be `BUILD_LAMBDA_XGB` | `string` | `\"BUILD_GENERAL1_SMALL\"` | no |\n| \u003ca name=\"input_environment_image\"\u003e\u003c/a\u003e [environment\\_image](#input\\_environment\\_image) | Docker image to use for this build project. Valid values include Docker images provided by CodeBuild (e.g `aws/codebuild/amazonlinux2-x86_64-standard:4.0`), Docker Hub images (e.g., `hashicorp/terraform:latest`) and full Docker repository URIs such as those for ECR (e.g., `137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest`). If not specified and not using ECR, then a default CodeBuild image is used, or if using ECR then an ECR image with a `latest` tag is used. | `string` | `null` | no |\n| \u003ca name=\"input_environment_type\"\u003e\u003c/a\u003e [environment\\_type](#input\\_environment\\_type) | Type of build environment to use for related builds. Valid values: `LINUX_CONTAINER`, `LINUX_GPU_CONTAINER`, `WINDOWS_CONTAINER` (deprecated), `WINDOWS_SERVER_2019_CONTAINER`, `ARM_CONTAINER`, `LINUX_LAMBDA_CONTAINER`, `ARM_LAMBDA_CONTAINER` | `string` | `\"LINUX_CONTAINER\"` | no |\n| \u003ca name=\"input_github_codeconnection_arn\"\u003e\u003c/a\u003e [github\\_codeconnection\\_arn](#input\\_github\\_codeconnection\\_arn) | ARN of an active GitHub app CodeConnection to use for the region-wide CodeBuild Source Credential. See `docs/GITHUB-AUTH-SETUP.md` for more information. | `string` | `null` | no |\n| \u003ca name=\"input_github_personal_access_token\"\u003e\u003c/a\u003e [github\\_personal\\_access\\_token](#input\\_github\\_personal\\_access\\_token) | The GitHub personal access token for the region-wide CodeBuild Source Credential. See `docs/GITHUB-AUTH-SETUP.md` for more information. | `string` | `null` | no |\n| \u003ca name=\"input_github_personal_access_token_ssm_parameter\"\u003e\u003c/a\u003e [github\\_personal\\_access\\_token\\_ssm\\_parameter](#input\\_github\\_personal\\_access\\_token\\_ssm\\_parameter) | SSM parameter containing the GitHub personal access token to use for the region-wide CodeBuild Source Credential. See `docs/GITHUB-AUTH-SETUP.md` for more information. | `string` | `null` | no |\n| \u003ca name=\"input_github_secretsmanager_secret_arn\"\u003e\u003c/a\u003e [github\\_secretsmanager\\_secret\\_arn](#input\\_github\\_secretsmanager\\_secret\\_arn) | The Secret ARN containing the credentials to use for the region-wide CodeBuild Source Credential. See `docs/GITHUB-AUTH-SETUP.md` for more information. | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_assume_role_policy\"\u003e\u003c/a\u003e [iam\\_role\\_assume\\_role\\_policy](#input\\_iam\\_role\\_assume\\_role\\_policy) | The IAM role assume role policy document to use. If not specified then a default is used. | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_name\"\u003e\u003c/a\u003e [iam\\_role\\_name](#input\\_iam\\_role\\_name) | Name of the IAM role to be used. If not specified then a role will be created | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_path\"\u003e\u003c/a\u003e [iam\\_role\\_path](#input\\_iam\\_role\\_path) | Path of the IAM role. If not specified then the default of '/' is used. | `string` | `\"/\"` | no |\n| \u003ca name=\"input_iam_role_permissions_boundary\"\u003e\u003c/a\u003e [iam\\_role\\_permissions\\_boundary](#input\\_iam\\_role\\_permissions\\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM service role | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_policies\"\u003e\u003c/a\u003e [iam\\_role\\_policies](#input\\_iam\\_role\\_policies) | Map of IAM role policy ARNs to attach to the IAM role | `map(string)` | `{}` | no |\n| \u003ca name=\"input_iam_role_tags\"\u003e\u003c/a\u003e [iam\\_role\\_tags](#input\\_iam\\_role\\_tags) | A map of tags to assign specifically to the IAM role. These tags will be merged with the module-level tags. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_ingress_with_cidr_blocks\"\u003e\u003c/a\u003e [ingress\\_with\\_cidr\\_blocks](#input\\_ingress\\_with\\_cidr\\_blocks) | List of ingress rules to add to the default security group with CIDR blocks | \u003cpre\u003elist(object({\u003cbr/\u003e    from_port   = number\u003cbr/\u003e    to_port     = number\u003cbr/\u003e    protocol    = string\u003cbr/\u003e    description = string\u003cbr/\u003e    cidr_blocks = list(string)\u003cbr/\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_ingress_with_source_security_group_id\"\u003e\u003c/a\u003e [ingress\\_with\\_source\\_security\\_group\\_id](#input\\_ingress\\_with\\_source\\_security\\_group\\_id) | List of ingress rules to add to the default security group with source security group IDs | \u003cpre\u003elist(object({\u003cbr/\u003e    from_port                = number\u003cbr/\u003e    to_port                  = number\u003cbr/\u003e    protocol                 = string\u003cbr/\u003e    description              = string\u003cbr/\u003e    source_security_group_id = string\u003cbr/\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_kms_key_id\"\u003e\u003c/a\u003e [kms\\_key\\_id](#input\\_kms\\_key\\_id) | The AWS KMS key to be used | `string` | `null` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | Created resources will be named with this. | `string` | n/a | yes |\n| \u003ca name=\"input_privileged_mode\"\u003e\u003c/a\u003e [privileged\\_mode](#input\\_privileged\\_mode) | Whether to enable running the Docker daemon inside a Docker container. Set to true if the build project needs to build Docker images or run Docker containers (e.g., via docker-compose, Testcontainers, or LocalStack). | `bool` | `false` | no |\n| \u003ca name=\"input_s3_logs_bucket_name\"\u003e\u003c/a\u003e [s3\\_logs\\_bucket\\_name](#input\\_s3\\_logs\\_bucket\\_name) | Name of the S3 bucket to store logs in. If not specified then logging to S3 will be disabled. | `string` | `null` | no |\n| \u003ca name=\"input_s3_logs_bucket_prefix\"\u003e\u003c/a\u003e [s3\\_logs\\_bucket\\_prefix](#input\\_s3\\_logs\\_bucket\\_prefix) | Prefix to use for the logs in the S3 bucket | `string` | `\"\"` | no |\n| \u003ca name=\"input_security_group_ids\"\u003e\u003c/a\u003e [security\\_group\\_ids](#input\\_security\\_group\\_ids) | The list of Security Group IDs for AWS CodeBuild to launch ephemeral EC2 instances in. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_security_group_name\"\u003e\u003c/a\u003e [security\\_group\\_name](#input\\_security\\_group\\_name) | Name to use on created Security Group. Defaults to `name` | `string` | `null` | no |\n| \u003ca name=\"input_source_auth\"\u003e\u003c/a\u003e [source\\_auth](#input\\_source\\_auth) | Override the default CodeBuild source credential for this project. This allows using project-specific authentication instead of the account/region baseline credential. See docs/GITHUB-AUTH-SETUP.md for usage details. | \u003cpre\u003eobject({\u003cbr/\u003e    type     = string\u003cbr/\u003e    resource = string\u003cbr/\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_source_location\"\u003e\u003c/a\u003e [source\\_location](#input\\_source\\_location) | Your source code repo location, for example https://github.com/my/repo.git, or `CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION` for org-level webhooks. | `string` | n/a | yes |\n| \u003ca name=\"input_source_organization\"\u003e\u003c/a\u003e [source\\_organization](#input\\_source\\_organization) | Your GitHub organization name for organization-level webhook creation. | `string` | `null` | no |\n| \u003ca name=\"input_subnet_ids\"\u003e\u003c/a\u003e [subnet\\_ids](#input\\_subnet\\_ids) | The list of Subnet IDs for AWS CodeBuild to launch ephemeral EC2 instances in. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | A map of tags to assign to the resources created by this module. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | The VPC ID for AWS CodeBuild to launch ephemeral instances in. | `string` | `null` | no |\n\n----\n### Modules\n\nNo modules.\n\n----\n### Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_aws_security_group_id\"\u003e\u003c/a\u003e [aws\\_security\\_group\\_id](#output\\_aws\\_security\\_group\\_id) | ID of the security group created for the CodeBuild project |\n| \u003ca name=\"output_cloudwatch_log_group_name\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_name](#output\\_cloudwatch\\_log\\_group\\_name) | Name of the CloudWatch log group for the CodeBuild project |\n| \u003ca name=\"output_codebuild_project_arn\"\u003e\u003c/a\u003e [codebuild\\_project\\_arn](#output\\_codebuild\\_project\\_arn) | ARN of the CodeBuild project, to be used when running GitHub Actions |\n| \u003ca name=\"output_codebuild_project_name\"\u003e\u003c/a\u003e [codebuild\\_project\\_name](#output\\_codebuild\\_project\\_name) | Name of the CodeBuild project, to be used when running GitHub Actions |\n| \u003ca name=\"output_codebuild_role_name\"\u003e\u003c/a\u003e [codebuild\\_role\\_name](#output\\_codebuild\\_role\\_name) | Name of the CodeBuild role, to be used when running GitHub Actions |\n| \u003ca name=\"output_ecr_repository_name\"\u003e\u003c/a\u003e [ecr\\_repository\\_name](#output\\_ecr\\_repository\\_name) | Name of the ECR repository, to be used when to push custom docker images for the CodeBuild project |\n| \u003ca name=\"output_environment_image\"\u003e\u003c/a\u003e [environment\\_image](#output\\_environment\\_image) | Docker image used for this CodeBuild project |\n\n----\n### Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 5, \u003c 7 |\n\n----\n### Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 0.14.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 5, \u003c 7 |\n| \u003ca name=\"requirement_http\"\u003e\u003c/a\u003e [http](#requirement\\_http) | ~\u003e 3.0 |\n| \u003ca name=\"requirement_null\"\u003e\u003c/a\u003e [null](#requirement\\_null) | ~\u003e 3.2 |\n\n----\n### Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_log_group.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |\n| [aws_codebuild_project.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project) | resource |\n| [aws_codebuild_source_credential.codeconnection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_source_credential) | resource |\n| [aws_codebuild_source_credential.secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_source_credential) | resource |\n| [aws_codebuild_source_credential.ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_source_credential) | resource |\n| [aws_codebuild_source_credential.string](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_source_credential) | resource |\n| [aws_codebuild_webhook.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_webhook) | resource |\n| [aws_ecr_lifecycle_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource |\n| [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource |\n| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy.cloudwatch_required](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.codeconnection_required](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.ecr_required](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.networking_required](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.s3_required](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy_attachment.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_security_group.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_security_group_rule.ingress_with_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_security_group_rule.ingress_with_source_security_group_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_vpc_security_group_egress_rule.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |\n| [aws_vpc_security_group_ingress_rule.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_cloudwatch_log_group.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source |\n| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cloudwatch_required](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.codeconnection_required](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.ecr_required](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.networking_required](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.s3_required](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n| [aws_ssm_parameter.github_personal_access_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |\n\n----\n\n```\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudandthings%2Fterraform-aws-github-runners","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudandthings%2Fterraform-aws-github-runners","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudandthings%2Fterraform-aws-github-runners/lists"}