Support for EC2 Instance Connect Private Endpoint in GitLab Runner AWS Fleeting Plugin
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Release notes
Problem to solve
Support for EC2 Instance Connect Private Endpoint to send Public SSH Keys in GitLab Runner AWS Fleeting Plugin
Proposal
The GitLab Runner AWS Fleeting Plugin currently uses EC2 Instance Connect to send SSH keys to instances. However, it only utilizes the public endpoint for EC2 Instance Connect. In environments where public IPs are completely restricted due to organizational policies, this approach fails, as the plugin cannot communicate with instances through the public endpoint.
We request the addition of support for EC2 Instance Connect endpoints using Private IPs. This would allow the plugin to send SSH keys using the private endpoint, ensuring compatibility with VPC-only environments where public IPs are not allowed. Due to this restriction, we are left with the option to use static credentials which is not a good security practice.
ERROR:
May 2 14:34:27 ip-10-78-126-174 gitlab-runner: #033[31;1mERROR: connection preparation failed #033[0;m #033[31;1merr#033[0;m=rpc error: code = DeadlineExceeded desc = sending ssh key: operation error EC2 Instance Connect: SendSSHPublicKey, exceeded maximum number of attempts, 3, https response error StatusCode: 0, RequestID: , request send failed, Post "https://ec2-instance-connect.ca-central-1.amazonaws.com/": dial tcp 15.156.213.134:443: i/o timeout #033[31;1minstance#033[0;m=i-00b4bfa96c38cb23e #033[31;1mrunner#033[0;m=c58EZ2Pyo #033[31;1msubsystem#033[0;m=taskscaler #033[31;1mtook#033[0;m=1m31.179239259s