philips-labs · GuptaNavdeep1983 · Jul 18, 2023 · Apr 24, 2023 · Apr 24, 2023 · Apr 25, 2023
diff --git a/README.md b/README.md
@@ -486,7 +486,7 @@ We welcome any improvement to the standard module to make the default as secure
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used. | `map(list(string))` | `null` | no |
+| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | Map of lists used to create the AMI filter for the action runner AMI. | `map(list(string))` | <pre>{<br>  "state": [<br>    "available"<br>  ]<br>}</pre> | no |
 | <a name="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami\_filter | `string` | `null` | no |
 | <a name="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn) | Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | `string` | `null` | no |
 | <a name="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners) | The list of owners used to select the AMI of action runner instances. | `list(string)` | <pre>[<br>  "amazon"<br>]</pre> | no |

diff --git a/examples/ephemeral/main.tf b/examples/ephemeral/main.tf
@@ -71,7 +71,7 @@ module "runners" {
 
   # configure your pre-built AMI
   # enable_userdata = false
-  # ami_filter       = { name = ["github-runner-amzn2-x86_64-*"] }
+  # ami_filter       = { name = ["github-runner-amzn2-x86_64-*"], state = ["available"] }
   # data "aws_caller_identity" "current" {}
   # ami_owners       = [data.aws_caller_identity.current.account_id]
 

diff --git a/examples/multi-runner/templates/runner-configs/linux-x64-ubuntu.yaml b/examples/multi-runner/templates/runner-configs/linux-x64-ubuntu.yaml
@@ -1,8 +1,8 @@
 matcherConfig:
   exactMatch: true
   labelMatchers:
-    - [ self-hosted, linux, x64, ubuntu-latest ]
-    - [ self-hosted, linux, x64, ubuntu-2204 ]
+    - [self-hosted, linux, x64, ubuntu-latest]
+    - [self-hosted, linux, x64, ubuntu-2204]
 fifo: true
 delay_webhook_event: 0
 redrive_build_queue:
@@ -26,6 +26,8 @@ runner_config:
   ami_filter:
     name:
       - ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*
+    state:
+      - available
   block_device_mappings:
     - device_name: /dev/sda1
       delete_on_termination: true
@@ -48,4 +50,4 @@ runner_config:
     - log_group_name: runner
       prefix_log_group: true
       file_path: /opt/actions-runner/_diag/Runner_**.log
-      log_stream_name: "{instance_id}/runner"
+      log_stream_name: "{instance_id}/runner"
diff --git a/examples/multi-runner/templates/runner-configs/windows-x64.yaml b/examples/multi-runner/templates/runner-configs/windows-x64.yaml
@@ -18,4 +18,6 @@ runner_config:
   runner_boot_time_in_minutes: 20
   ami_filter:
     name:
-      - Windows_Server-2022-English-Core-ContainersLatest-*
+      - Windows_Server-2022-English-Core-ContainersLatest-*
+    state:
+      - available
diff --git a/examples/prebuilt/README.md b/examples/prebuilt/README.md
@@ -58,7 +58,7 @@ Assuming you have built the `linux-amzn2` image which has a pre-defined AMI name
 module "runners" {
   ...
   # set the name of the ami to use
-  ami_filter        = { name = ["github-runner-amzn2-x86_64-2021*"] }
+  ami_filter  = { name = ["github-runner-amzn2-x86_64-2021*"], state = ["available"] }
   # provide the owner id of
   ami_owners        = ["<your owner id>"]
 
@@ -139,4 +139,4 @@ Be-aware some shells will print some end of line character `%`.
 |------|-------------|
 | <a name="output_webhook_endpoint"></a> [webhook\_endpoint](#output\_webhook\_endpoint) | n/a |
 | <a name="output_webhook_secret"></a> [webhook\_secret](#output\_webhook\_secret) | n/a |
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/examples/prebuilt/main.tf b/examples/prebuilt/main.tf
@@ -42,7 +42,7 @@ module "runners" {
 
   # configure your pre-built AMI
   enable_userdata = false
-  ami_filter      = { name = [var.ami_name_filter] }
+  ami_filter      = { name = [var.ami_name_filter], state = ["available"] }
   ami_owners      = [data.aws_caller_identity.current.account_id]
 
   # Look up runner AMI ID from an AWS SSM parameter (overrides ami_filter at instance launch time)

diff --git a/examples/ubuntu/main.tf b/examples/ubuntu/main.tf
@@ -51,13 +51,14 @@ module "runners" {
   ami_owners        = ["099720109477"] # Canonical's Amazon account ID
 
   ami_filter = {
-    name = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
+    name  = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"],
+    state = ["available"]
   }
 
   # Custom build AMI, no custom userdata needed.
   # option 2: Build custom AMI see ../../images/ubuntu-focal
   #           disable lines above (option 1) and enable the ones below
-  # ami_filter = { name = ["github-runner-ubuntu-focal-amd64-*"] }
+  # ami_filter = { name = ["github-runner-ubuntu-focal-amd64-*"], state = ["available"] }
   # data "aws_caller_identity" "current" {}
   # ami_owners = [data.aws_caller_identity.current.account_id]
 

diff --git a/modules/runners/README.md b/modules/runners/README.md
@@ -123,7 +123,7 @@ yarn run dist
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | Map of lists used to create the AMI filter for the action runner AMI. | `map(list(string))` | `null` | no |
+| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | Map of lists used to create the AMI filter for the action runner AMI. | `map(list(string))` | <pre>{<br>  "state": [<br>    "available"<br>  ]<br>}</pre> | no |
 | <a name="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami\_filter | `string` | `null` | no |
 | <a name="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn) | Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | `string` | `null` | no |
 | <a name="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners) | The list of owners used to select the AMI of action runner instances. | `list(string)` | <pre>[<br>  "amazon"<br>]</pre> | no |

diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf
@@ -127,7 +127,12 @@ variable "instance_types" {
 variable "ami_filter" {
   description = "Map of lists used to create the AMI filter for the action runner AMI."
   type        = map(list(string))
-  default     = null
+  default     = { state = ["available"] }
+  validation {
+    // check the availability of the AMI
+    condition     = contains(keys(var.ami_filter), "state")
+    error_message = "The \"ami_filter\" variable must contain the \"state\" key with the value \"available\"."
+  }
 }
 
 variable "ami_owners" {

diff --git a/variables.tf b/variables.tf
@@ -296,9 +296,14 @@ variable "block_device_mappings" {
 }
 
 variable "ami_filter" {
-  description = "List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used."
+  description = "Map of lists used to create the AMI filter for the action runner AMI."
   type        = map(list(string))
-  default     = null
+  default     = { state = ["available"] }
+  validation {
+    // check the availability of the AMI
+    condition     = contains(keys(var.ami_filter), "state")
+    error_message = "The \"ami_filter\" variable must contain the \"state\" key with the value \"available\"."
+  }
 }
 
 variable "ami_owners" {