terraform-aws-gitlab-runner VS aws

i don't plan to do it often. I had a look at https://github.com/cattle-ops/terraform-aws-gitlab-runner and I found it massively over-engineered. third party terraform is always just "urgh" imo.

It can be easily installed using infra-as-code with a Terraform repo.

Spot Runners on EC2 via https://github.com/npalm/terraform-aws-gitlab-runner Pros: Terraform, set up cache aswell The main issues I see docker+machine seems to be generally deprecated, GL does minimal maintenance The TF module currently doesnt support provider V4 with the major S3 bucket refactor (granted this is just time)

You might want to consider using one of the easy-button templates in the GitLab HA Scaling Runner Vending Machine for AWS EC2 ASG project. Even for a single instance, it'll help you get the basics correct, including setting the concurrency to 1 if desired.

Please see https://gitlab.com/guided-explorations/aws/gitlab-runner-autoscaling-aws-asg/

AWS GL Vending machine https://gitlab.com/guided-explorations/aws/gitlab-runner-autoscaling-aws-asg/ Pros: each team deploying their own runner quickly helps with cost allocation Cons: doesnt seem to be updated, tested heavily I dont see runner caching solutions

- New Working Example: https://gitlab.com/guided-explorations/aws/configure-openid-connect-in-aws

Huge thanks go out to Joe Randazzo, Brad Downey, Viktor Nagy and Krasimir Angelov for working the following issues and MRs to get this done:

There are a couple approaches. GitLab's JWT token allows custom scripting to interface it to other systems. This demo shows custom integration with Vault (it also demonstrates our native integration - so you have to parse out which code you are looking at): https://gitlab.com/bdowney/vault-demo

Another approach is placing a GitLab runner within AWS and assigning it an IAM role directly. While this isn't as flexible, it is also not as complex to debug why a specific user can't build or deploy a job when another can.

In this scheme, there is potentially a runner per-dev team that has the same exact IAM profile as the dev team.

This can be done using KIAM for EKS runners, or if you are doing docker runners, you can use the "GitLab HA Scaling Runner Vending Machine for AWS EC2 ASG" here: https://gitlab.com/guided-explorations/aws/gitlab-runner-aut...

That last automation is designed to be self-service and can be setup in AWS Service Manager for teams to self-deploy their runners.

The many other benefits to this automation are enumerated here: https://gitlab.com/guided-explorations/aws/gitlab-runner-aut...