To install GitHub self-hosted runner on a Windows server running in private subnet

0

Hi AWS, I have installed a GitHub self-hosted runner on a Windows EC2 server which was having the internet access. Now moving forward the organization has decided that the internet access will be revoked and it makes it tedious for me to install a new GitHub self-hosted runner and also to trigger a job as under the hood GitHub Actions trigger a external REST API which makes a call to the internet.

The only way I figured out is to have a Bastion Host which then allows us to login into the private server where the GitHub self-hosted runner needs to be installed and the pipeline needs to be triggered. I am attaching the visual representation for the same.GitHub self-hosted runner running on a Windows server in private subnet

I want to know if there is any other option which avoids such overhead along with security resistance in place as with my current solution what if the bastion host itself goes down or what if the credentials for login into the server is lost.

profile picture
demandé il y a 3 mois332 vues
1 réponse
2

Here are alternative options to consider:

  1. AWS Systems Manager (SSM): Instead of using a Bastion host, you can use AWS Systems Manager to securely manage your EC2 instances in a private subnet. SSM allows you to execute commands, maintain patch levels, and access your servers without needing to expose them to the internet or manage SSH keys.

  2. If you're worried about Bastion host reliability, consider setting up a VPN or using AWS Direct Connect for a more stable and secure connection to your VPC.

  3. As an alternative to self-hosted runners, you could use AWS-native CI/CD tools like CodeBuild or CodePipeline that can integrate with GitHub and execute within your AWS environment.

  4. You can maintain a minimal Bastion host setup that is only used when necessary, while primarily relying on AWS Systems Manager for day-to-day operations.

  5. For specific AWS services, you can create VPC Endpoints which allow private connections between your VPC and AWS services without requiring internet access. Check if there is support for GitHub Actions or the specific APIs you are calling.

profile picture
EXPERT
répondu il y a 3 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions