create tags on creation of ec2 instance (!68) · Merge requests · GitLab.org / Ops Sub-Department / docker-machine

Nathan Hüsken requested to merge wintercloud/public/docker-machine:main into main Dec 02, 2021

⚠ ️NOTE THAT THIS FORK IS MAINTAINED FOR CRITICAL BUG FIXES AFFECTING RUNNING COSTS ONLY. NO OTHER CONTRIBUTIONS WILL BE ACCEPTED. ⚠️

What critical bug this MR is fixing?

When following ABAC rules for given resource level permissions (https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html) it is necessary, that the tags of the EC2 instances are created with RunInstances and not with CreateTags after the instance has been run.

This merge Requests moves the creation of tags into the call to RunInstances itself and removes the call to CreateTags.

How does this change help reduce cost of usage? What scale of cost reduction is it?

For some companies having strict (least Privilege) IAM polices is a (compliance) requirement. This merge requests makes it possible to use gitlab-runner + docker-machine while without needing IAM polices to create/run EC2 Instances without tags.

In what scenarios is this change usable with GitLab Runner's docker+machine executor?

When one needs the tags of the EC2 Instance/EBS Volume/ENI to be created by the call the RunInstances.

create tags on creation of ec2 instance

What critical bug this MR is fixing?

How does this change help reduce cost of usage? What scale of cost reduction is it?

In what scenarios is this change usable with GitLab Runner's docker+machine executor?

Merge request reports