cirrus-ci-docs
cirrus-ci-docs copied to clipboard
cirruslabs
RFE: AWS EC2 instance name-tags
Description
When creating AWS EC2 instances, Cirrus-CI should set the Name tag using a format similar to GCE's 'cirrus-task-
Context
In GCE, VMs are conveniently named with cirrus-task-<blah> which is very helpful for overall observability. This would be a handy feature to have in AWS where instances are (otherwise) only identified by their utterly unreadable, generated IDs. Especially when VMs from other contexts are mixed in (for example, developer debug VMs). They're also handy on the off-chance something really horrible happens in CI and direct-access to the VM is required for debugging.
Anything Else
This isn't a high-priority for my team at the moment, but would be a "nice to have" feature.
The problem is that Cirrus will need see ec2:CreateTags permission (see 7551fd0). Otherwise it will break instance scheduling.
I've updated the documentation and will reach out to people using Cirrus CI on AWS so they can update permissions. In the meantime if you enabled the permission you can try taggin via experimental flag:
ec2_task:
experimental: true
ec2_instance:
image: ubuntu/images/*ubuntu-jammy-22.04-arm64-server-*
architecture: arm64
region: us-east-2
type: a1.metal
script: printenv
Oh okay, sure we can try this out. I have no problem granting the extra permissions. Thanks!
Actually, your (edited) suggestion of policy is a good one for those of us who like to lock things down a bit more from the default. I think I'll add that to ours. Thanks :smile:
"Condition": {
"StringEquals": {
"aws:ResourceTag/Name": "cirrus-task-*"
}
},
As of today it's the default behaviour now. Additionally instances are annotated with CIRRUS_REPO_FULL_NAME and CIRRUS_BUILD_ID to ease resource tracking.