By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

To install GitHub self-hosted runner on a Windows server running in private subnet

0

Hi AWS, I have installed a GitHub self-hosted runner on a Windows EC2 server which was having the internet access. Now moving forward the organization has decided that the internet access will be revoked and it makes it tedious for me to install a new GitHub self-hosted runner and also to trigger a job as under the hood GitHub Actions trigger a external REST API which makes a call to the internet.

The only way I figured out is to have a Bastion Host which then allows us to login into the private server where the GitHub self-hosted runner needs to be installed and the pipeline needs to be triggered. I am attaching the visual representation for the same.GitHub self-hosted runner running on a Windows server in private subnet

I want to know if there is any other option which avoids such overhead along with security resistance in place as with my current solution what if the bastion host itself goes down or what if the credentials for login into the server is lost.

Topics
ComputeDevOps
Tags
Amazon EC2DevOpsWindows
Language
English
profile picture
Arjun Goel
asked 2 months ago287 views
1 Answer
2

Here are alternative options to consider:

  1. AWS Systems Manager (SSM): Instead of using a Bastion host, you can use AWS Systems Manager to securely manage your EC2 instances in a private subnet. SSM allows you to execute commands, maintain patch levels, and access your servers without needing to expose them to the internet or manage SSH keys.

  2. If you're worried about Bastion host reliability, consider setting up a VPN or using AWS Direct Connect for a more stable and secure connection to your VPC.

  3. As an alternative to self-hosted runners, you could use AWS-native CI/CD tools like CodeBuild or CodePipeline that can integrate with GitHub and execute within your AWS environment.

  4. You can maintain a minimal Bastion host setup that is only used when necessary, while primarily relying on AWS Systems Manager for day-to-day operations.

  5. For specific AWS services, you can create VPC Endpoints which allow private connections between your VPC and AWS services without requiring internet access. Check if there is support for GitHub Actions or the specific APIs you are calling.

profile picture
EXPERT
Osvaldo Marte
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content