Allow custom runner agent IAM role #571
Labels
Comments
|
Sounds interesting. Could you post the role definition of your CI system? Or is it a "simple" allow everything? |
|
🎉 This issue has been resolved in version 5.5.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a use case where the role attached to the EC2 instance needs elevated privileges in my account.
This makes it very simple to run CI pipelines without needing to configure specific IAM policies for the pipeline requirements; instead the runner role can effectively perform any action (with some essential gaurdrails in place)
To enable this functionality, we require the ability to specify our own IAM role and to disable the creation of the runner agent role by this module.
Then, we can pass the name of our role to the module and it uses it as the instance-attached role, thus getting the elevated permissions.
The alternative was to allow our teams to attach the elevated permissions policy onto the runner role using the existing arguments to add policies to the role. However this would allow the teams to attach the elevated permissions onto any role rather than only the specific runner role. So instead, we create an elevated role with the elevated permissions, and only allow this role to be used by the runner when it is created.
The text was updated successfully, but these errors were encountered: