fix(runners): correct regex pattern for extracting AMI ID from SSM parameter ARN#4981
Merged
fix(runners): correct regex pattern for extracting AMI ID from SSM parameter ARN#4981
Conversation
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
Member
|
@stuartp44 thx, do you know if any example is covering this. Or what change in ane xample can test this case? |
Contributor
Author
|
@npalm this issue has surfaced during the last major version release and is mentioned #4959. Without this PR, stating the "id_ssm_parameter_arn" Fails and wont work as the information that is passed into the scale-up lambdas env is missing the lead "/" and thus causes a IAM permission issue. 
|
npalm
approved these changes
Jan 8, 2026
npalm
pushed a commit
that referenced
this pull request
Jan 13, 2026
🤖 I have created a release *beep* *boop* --- ## [7.3.0](v7.2.0...v7.3.0) (2026-01-13) ### Features * add bypass-removal tag to prevent runner scale-down ([#4995](#4995)) ([c0a9766](c0a9766)) ### Bug Fixes * cache GitHub App ID to reduce SSM calls ([#4994](#4994)) ([0fb6f4a](0fb6f4a)) * change runner_placement host_resource_group_arn type to be a string instead of a number ([#4979](#4979)) ([5405a04](5405a04)) * **lambda:** bump the aws group in /lambdas with 7 updates ([#4985](#4985)) ([5eacb0f](5eacb0f)) * **runners:** correct regex pattern for extracting AMI ID from SSM parameter ARN ([#4981](#4981)) ([174293c](174293c)), closes [#4959](#4959) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: runners-releaser[bot] <194412594+runners-releaser[bot]@users.noreply.github.com> Co-authored-by: github-aws-runners-pr|bot <github-aws-runners-pr[bot]@users.noreply.github.com>
Brend-Smits
pushed a commit
that referenced
this pull request
Mar 6, 2026
…rameter ARN (#4981) This PR creates a small change to the regex group that ensures the correct ami_id_ssm_parameter_arn value is passed in its fullest to the env of the scale-up lambda. At the moment, this is missing the leading '/' and thus causes ```Error processing batch (size: 3): Failed to lookup runner AMI ID from SSM parameter: github-action-runners/staging-multi/<redacted>-ubuntu-x64/runners/config/ami_id,\n GetParameterError: User: arn:aws:sts::<redacted>:assumed-role/staging-multi-<redacted>-ubu-x64-med-scale-up-lambda-<redacted>/staging-multi-<redacted>-ubu-x64-med-scale-up is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:<redacted>:<redacted>:* because no identity-based policy allows the ssm:GetParameter action, ignoring batch",```. closes #4959 Co-authored-by: Niek Palm <npalm@users.noreply.github.com>
Brend-Smits
pushed a commit
that referenced
this pull request
Mar 6, 2026
🤖 I have created a release *beep* *boop* --- ## [7.3.0](v7.2.0...v7.3.0) (2026-01-13) ### Features * add bypass-removal tag to prevent runner scale-down ([#4995](#4995)) ([c0a9766](c0a9766)) ### Bug Fixes * cache GitHub App ID to reduce SSM calls ([#4994](#4994)) ([0fb6f4a](0fb6f4a)) * change runner_placement host_resource_group_arn type to be a string instead of a number ([#4979](#4979)) ([5405a04](5405a04)) * **lambda:** bump the aws group in /lambdas with 7 updates ([#4985](#4985)) ([5eacb0f](5eacb0f)) * **runners:** correct regex pattern for extracting AMI ID from SSM parameter ARN ([#4981](#4981)) ([174293c](174293c)), closes [#4959](#4959) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: runners-releaser[bot] <194412594+runners-releaser[bot]@users.noreply.github.com> Co-authored-by: github-aws-runners-pr|bot <github-aws-runners-pr[bot]@users.noreply.github.com>
LudovicTOURMAN
pushed a commit
to doctolib-lab/terraform-aws-github-runner
that referenced
this pull request
Apr 7, 2026
…rameter ARN (github-aws-runners#4981) This PR creates a small change to the regex group that ensures the correct ami_id_ssm_parameter_arn value is passed in its fullest to the env of the scale-up lambda. At the moment, this is missing the leading '/' and thus causes ```Error processing batch (size: 3): Failed to lookup runner AMI ID from SSM parameter: github-action-runners/staging-multi/<redacted>-ubuntu-x64/runners/config/ami_id,\n GetParameterError: User: arn:aws:sts::<redacted>:assumed-role/staging-multi-<redacted>-ubu-x64-med-scale-up-lambda-<redacted>/staging-multi-<redacted>-ubu-x64-med-scale-up is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:<redacted>:<redacted>:* because no identity-based policy allows the ssm:GetParameter action, ignoring batch",```. closes github-aws-runners#4959 Co-authored-by: Niek Palm <npalm@users.noreply.github.com>
LudovicTOURMAN
pushed a commit
to doctolib-lab/terraform-aws-github-runner
that referenced
this pull request
Apr 7, 2026
🤖 I have created a release *beep* *boop* --- ## [7.3.0](github-aws-runners/terraform-aws-github-runner@v7.2.0...v7.3.0) (2026-01-13) ### Features * add bypass-removal tag to prevent runner scale-down ([github-aws-runners#4995](github-aws-runners#4995)) ([c0a9766](github-aws-runners@c0a9766)) ### Bug Fixes * cache GitHub App ID to reduce SSM calls ([github-aws-runners#4994](github-aws-runners#4994)) ([0fb6f4a](github-aws-runners@0fb6f4a)) * change runner_placement host_resource_group_arn type to be a string instead of a number ([github-aws-runners#4979](github-aws-runners#4979)) ([5405a04](github-aws-runners@5405a04)) * **lambda:** bump the aws group in /lambdas with 7 updates ([github-aws-runners#4985](github-aws-runners#4985)) ([5eacb0f](github-aws-runners@5eacb0f)) * **runners:** correct regex pattern for extracting AMI ID from SSM parameter ARN ([github-aws-runners#4981](github-aws-runners#4981)) ([174293c](github-aws-runners@174293c)), closes [github-aws-runners#4959](github-aws-runners#4959) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: runners-releaser[bot] <194412594+runners-releaser[bot]@users.noreply.github.com> Co-authored-by: github-aws-runners-pr|bot <github-aws-runners-pr[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR creates a small change to the regex group that ensures the correct ami_id_ssm_parameter_arn value is passed in its fullest to the env of the scale-up lambda. At the moment, this is missing the leading '/' and thus causes
Error processing batch (size: 3): Failed to lookup runner AMI ID from SSM parameter: github-action-runners/staging-multi/<redacted>-ubuntu-x64/runners/config/ami_id,\n GetParameterError: User: arn:aws:sts::<redacted>:assumed-role/staging-multi-<redacted>-ubu-x64-med-scale-up-lambda-<redacted>/staging-multi-<redacted>-ubu-x64-med-scale-up is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:<redacted>:<redacted>:* because no identity-based policy allows the ssm:GetParameter action, ignoring batch",.closes #4959