To install GitHub self-hosted runner on a Windows server running in private subnet


Hi AWS, I have installed a GitHub self-hosted runner on a Windows EC2 server which was having the internet access. Now moving forward the organization has decided that the internet access will be revoked and it makes it tedious for me to install a new GitHub self-hosted runner and also to trigger a job as under the hood GitHub Actions trigger a external REST API which makes a call to the internet.

The only way I figured out is to have a Bastion Host which then allows us to login into the private server where the GitHub self-hosted runner needs to be installed and the pipeline needs to be triggered. I am attaching the visual representation for the same.GitHub self-hosted runner running on a Windows server in private subnet

I want to know if there is any other option which avoids such overhead along with security resistance in place as with my current solution what if the bastion host itself goes down or what if the credentials for login into the server is lost.

profile picture
질문됨 3달 전333회 조회
1개 답변

Here are alternative options to consider:

  1. AWS Systems Manager (SSM): Instead of using a Bastion host, you can use AWS Systems Manager to securely manage your EC2 instances in a private subnet. SSM allows you to execute commands, maintain patch levels, and access your servers without needing to expose them to the internet or manage SSH keys.

  2. If you're worried about Bastion host reliability, consider setting up a VPN or using AWS Direct Connect for a more stable and secure connection to your VPC.

  3. As an alternative to self-hosted runners, you could use AWS-native CI/CD tools like CodeBuild or CodePipeline that can integrate with GitHub and execute within your AWS environment.

  4. You can maintain a minimal Bastion host setup that is only used when necessary, while primarily relying on AWS Systems Manager for day-to-day operations.

  5. For specific AWS services, you can create VPC Endpoints which allow private connections between your VPC and AWS services without requiring internet access. Check if there is support for GitHub Actions or the specific APIs you are calling.

profile picture
답변함 3달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠