From 4ec35e3d5ba989e8ac885d7dc610b9fcb81eaa1a Mon Sep 17 00:00:00 2001 From: kayma Date: Sun, 9 Jan 2022 20:07:01 +0100 Subject: [PATCH 1/3] Add remarks to explain traps in the code --- main.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/main.tf b/main.tf index 91a8e5656..cb5306090 100644 --- a/main.tf +++ b/main.tf @@ -28,6 +28,7 @@ data "aws_ssm_parameter" "current_runner_registration_token" { name = local.secure_parameter_store_runner_token_key } +# be careful changing this resource. If Terraform decides to destroy it, the Runner will be removed from Gitlab and can't connect any longer resource "null_resource" "remove_runner" { depends_on = [aws_ssm_parameter.runner_registration_token] @@ -404,6 +405,9 @@ resource "aws_iam_role_policy_attachment" "user_defined_policies" { ################################################################################ resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" { count = var.cache_bucket["create"] || lookup(var.cache_bucket, "policy", "") != "" ? 1 : 0 + /* If the S3 cache adapter is configured to use an IAM instance profile, the + adapter uses the profile attached to the GitLab Runner machine. So do not + use aws_iam_role.docker_machine.name here! See https://docs.gitlab.com/runner/configuration/advanced-configuration.html */ role = aws_iam_role.instance.name policy_arn = local.bucket_policy } From 1b3b2a09c38b02335899b6eb500dd53becb37a6c Mon Sep 17 00:00:00 2001 From: kayma Date: Sun, 9 Jan 2022 20:16:11 +0100 Subject: [PATCH 2/3] Format code --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index cb5306090..e25a2e425 100644 --- a/main.tf +++ b/main.tf @@ -404,7 +404,7 @@ resource "aws_iam_role_policy_attachment" "user_defined_policies" { ### Policy for the docker machine instance to access cache ################################################################################ resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" { - count = var.cache_bucket["create"] || lookup(var.cache_bucket, "policy", "") != "" ? 1 : 0 + count = var.cache_bucket["create"] || lookup(var.cache_bucket, "policy", "") != "" ? 1 : 0 /* If the S3 cache adapter is configured to use an IAM instance profile, the adapter uses the profile attached to the GitLab Runner machine. So do not use aws_iam_role.docker_machine.name here! See https://docs.gitlab.com/runner/configuration/advanced-configuration.html */ From a113b8a70b6bd1e03a9d0a8c6772c3c0f1320481 Mon Sep 17 00:00:00 2001 From: kayma Date: Tue, 23 Aug 2022 23:19:24 +0200 Subject: [PATCH 3/3] leave the comment, no code changes --- main.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/main.tf b/main.tf index e5e5dfbfa..ed8c6ba08 100644 --- a/main.tf +++ b/main.tf @@ -390,8 +390,6 @@ resource "aws_iam_role_policy_attachment" "user_defined_policies" { ### Policy for the docker machine instance to access cache ################################################################################ resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" { - count = var.cache_bucket["create"] || lookup(var.cache_bucket, "policy", "") != "" ? 1 : 0 - /* If the S3 cache adapter is configured to use an IAM instance profile, the adapter uses the profile attached to the GitLab Runner machine. So do not use aws_iam_role.docker_machine.name here! See https://docs.gitlab.com/runner/configuration/advanced-configuration.html */