1

I am following this gitlab article on autoscaling gitlab runner on AWS spot instances.

I have a terraform code I need to execute and since these spot instances don't have an IAM role attached to them (since they are automatically spinning up by the runner) it gives me this pretty obvious error:

 Error creating VPC: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message

And this is my gitlab-runner config.toml, In here, where I can define the IAM role to be attached when the spot instance is spinning up ?

  [runners.machine]
    IdleCount = 1
    IdleTime = 1800
    MaxBuilds = 3
    MachineDriver = "amazonec2"
    MachineName = "shared-gitlab-runner-%s"
    MachineOptions = [
      "amazonec2-access-key=<ommited>",
      "amazonec2-secret-key=<ommited>",
      "amazonec2-region=us-east-2",
      "amazonec2-vpc-id=vpc-b76528dc",
      "amazonec2-subnet-id=subnet-d274q29e",
      "amazonec2-zone=c",
      "amazonec2-use-private-address=true",
      "amazonec2-tags=gitlab-aws-autoscaler,gitlab,true,gitlab-runner-autoscale,true",
      "amazonec2-security-group=ssh",
      "amazonec2-instance-type=t2.medium",
      "amazonec2-request-spot-instance=true",
      "amazonec2-spot-price=0.07",
      "amazonec2-block-duration-minutes=60"
    ]
Jananath Banuka
  • 2,951
  • 8
  • 57
  • 105
  • If the spot instances use the permissions associated to the user of the access and secret key, then there is no need for an IAM role. – junkangli Jan 25 '21 at 07:07
  • Eventhough the spot instance uses access and secret keys, it should have permissions to carry out certain tasks right? for that, don't we use the IAM ROLE? – Jananath Banuka Jan 25 '21 at 07:12
  • You attach IAM policy with the required permissions on the IAM User associated with the access and secret keys. You may refer to the AWS documentation at https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html#add-policies-console – junkangli Jan 25 '21 at 09:32

0 Answers0