Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

To install GitHub self-hosted runner on a Windows server running in private subnet

0

Hi AWS, I have installed a GitHub self-hosted runner on a Windows EC2 server which was having the internet access. Now moving forward the organization has decided that the internet access will be revoked and it makes it tedious for me to install a new GitHub self-hosted runner and also to trigger a job as under the hood GitHub Actions trigger a external REST API which makes a call to the internet.

The only way I figured out is to have a Bastion Host which then allows us to login into the private server where the GitHub self-hosted runner needs to be installed and the pipeline needs to be triggered. I am attaching the visual representation for the same.GitHub self-hosted runner running on a Windows server in private subnet

I want to know if there is any other option which avoids such overhead along with security resistance in place as with my current solution what if the bastion host itself goes down or what if the credentials for login into the server is lost.

Temas
CálculoDevOps
Etiquetas
Amazon EC2DevOpsWindows
Idioma
English
profile picture
Arjun Goel
preguntada hace 3 meses317 visualizaciones
1 Respuesta
2

Here are alternative options to consider:

  1. AWS Systems Manager (SSM): Instead of using a Bastion host, you can use AWS Systems Manager to securely manage your EC2 instances in a private subnet. SSM allows you to execute commands, maintain patch levels, and access your servers without needing to expose them to the internet or manage SSH keys.

  2. If you're worried about Bastion host reliability, consider setting up a VPN or using AWS Direct Connect for a more stable and secure connection to your VPC.

  3. As an alternative to self-hosted runners, you could use AWS-native CI/CD tools like CodeBuild or CodePipeline that can integrate with GitHub and execute within your AWS environment.

  4. You can maintain a minimal Bastion host setup that is only used when necessary, while primarily relying on AWS Systems Manager for day-to-day operations.

  5. For specific AWS services, you can create VPC Endpoints which allow private connections between your VPC and AWS services without requiring internet access. Check if there is support for GitHub Actions or the specific APIs you are calling.

profile picture
EXPERTO
Osvaldo Marte
respondido hace 3 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante