chore(main): release 9.1.0 (#1254)

🤖 I have created a release *beep* *boop*
---


##
[9.1.0](9.0.2...9.1.0)
(2025-02-27)


### Features

* allow instrumentation of Termination lambda
([#1255](#1255))
([55af1d1](55af1d1))


### Bug Fixes

* allow terminate Lambda to access kms key
([#1253](#1253))
([48c5a37](48c5a37))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: cattle-ops-releaser-2[bot] <134548870+cattle-ops-releaser-2[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Author: cattle-ops-releaser-2[bot]

.github/.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "9.0.2"
+  ".": "9.1.0"
 }

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## [9.1.0](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/9.0.2...9.1.0) (2025-02-27)
+
+
+### Features
+
+* allow instrumentation of Termination lambda ([#1255](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/1255)) ([55af1d1](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/55af1d16bdf83b9f252113780772f6239234db7b))
+
+
+### Bug Fixes
+
+* allow terminate Lambda to access kms key ([#1253](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/1253)) ([48c5a37](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/48c5a37e86c602ac7bb86e40b769e20cb2485fca))
+
 ## [9.0.2](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/9.0.1...9.0.2) (2025-02-20)
 
 

README.md

@@ -86,7 +86,7 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.87.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.88.0 |
 | <a name="provider_local"></a> [local](#provider\_local) | 2.5.2 |
 | <a name="provider_tls"></a> [tls](#provider\_tls) | 4.0.6 |
 
@@ -210,6 +210,10 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
 | <a name="input_runner_schedule_config"></a> [runner\_schedule\_config](#input\_runner\_schedule\_config) | Map containing the configuration of the ASG scale-out and scale-in for the Runner. Will only be used if `runner_schedule_enable` is set to `true`. | `map(any)` | <pre>{<br/>  "scale_in_count": 0,<br/>  "scale_in_recurrence": "0 18 * * 1-5",<br/>  "scale_in_time_zone": "Etc/UTC",<br/>  "scale_out_count": 1,<br/>  "scale_out_recurrence": "0 8 * * 1-5",<br/>  "scale_out_time_zone": "Etc/UTC"<br/>}</pre> | no |
 | <a name="input_runner_schedule_enable"></a> [runner\_schedule\_enable](#input\_runner\_schedule\_enable) | Set to `true` to enable the auto scaling group schedule for the Runner. | `bool` | `false` | no |
 | <a name="input_runner_sentry_secure_parameter_store_name"></a> [runner\_sentry\_secure\_parameter\_store\_name](#input\_runner\_sentry\_secure\_parameter\_store\_name) | The Sentry DSN name used to store the Sentry DSN in Secure Parameter Store | `string` | `"sentry-dsn"` | no |
+| <a name="input_runner_terminate_ec2_environment_variables"></a> [runner\_terminate\_ec2\_environment\_variables](#input\_runner\_terminate\_ec2\_environment\_variables) | Environment variables to set for the Lambda function. A value of `{HANDLER} is replaced with the handler value of the Lambda function.` | `map(string)` | `{}` | no |
+| <a name="input_runner_terminate_ec2_lambda_egress_rules"></a> [runner\_terminate\_ec2\_lambda\_egress\_rules](#input\_runner\_terminate\_ec2\_lambda\_egress\_rules) | Map of egress rules for the Lambda function. | <pre>map(object({<br/>    from_port       = optional(number, null)<br/>    to_port         = optional(number, null)<br/>    protocol        = string<br/>    description     = string<br/>    cidr_block      = optional(string, null)<br/>    ipv6_cidr_block = optional(string, null)<br/>    prefix_list_id  = optional(string, null)<br/>    security_group  = optional(string, null)<br/>  }))</pre> | <pre>{<br/>  "allow_https_ipv4": {<br/>    "cidr_block": "0.0.0.0/0",<br/>    "description": "Allow HTTPS egress traffic to all destinations (IPv4)",<br/>    "from_port": 443,<br/>    "protocol": "tcp",<br/>    "to_port": 443<br/>  },<br/>  "allow_https_ipv6": {<br/>    "description": "Allow HTTPS egress traffic to all destinations (IPv6)",<br/>    "from_port": 443,<br/>    "ipv6_cidr_block": "::/0",<br/>    "protocol": "tcp",<br/>    "to_port": 443<br/>  }<br/>}</pre> | no |
+| <a name="input_runner_terminate_ec2_lambda_handler"></a> [runner\_terminate\_ec2\_lambda\_handler](#input\_runner\_terminate\_ec2\_lambda\_handler) | The handler for the terminate Lambda function. | `string` | `null` | no |
+| <a name="input_runner_terminate_ec2_lambda_layer_arns"></a> [runner\_terminate\_ec2\_lambda\_layer\_arns](#input\_runner\_terminate\_ec2\_lambda\_layer\_arns) | A list of ARNs of Lambda layers to attach to the Lambda function. | `list(string)` | `[]` | no |
 | <a name="input_runner_terminate_ec2_lifecycle_hook_name"></a> [runner\_terminate\_ec2\_lifecycle\_hook\_name](#input\_runner\_terminate\_ec2\_lifecycle\_hook\_name) | Specifies a custom name for the ASG terminate lifecycle hook and related resources. | `string` | `null` | no |
 | <a name="input_runner_terminate_ec2_lifecycle_timeout_duration"></a> [runner\_terminate\_ec2\_lifecycle\_timeout\_duration](#input\_runner\_terminate\_ec2\_lifecycle\_timeout\_duration) | Amount of time in seconds to wait for GitLab Runner to finish picked up jobs. Defaults to the `maximum_timeout` configured + `5m`. Maximum allowed is `7200` (2 hours) | `number` | `null` | no |
 | <a name="input_runner_terminate_ec2_timeout_duration"></a> [runner\_terminate\_ec2\_timeout\_duration](#input\_runner\_terminate\_ec2\_timeout\_duration) | Timeout in seconds for the graceful terminate worker Lambda function. | `number` | `90` | no |

modules/terminate-agent-hook/README.md

@@ -144,11 +144,14 @@ No modules.
 | [aws_iam_policy.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.spot_request_housekeeping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.aws_lambda_vpc_access_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.spot_request_housekeeping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_lambda_function.terminate_runner_instances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
 | [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
+| [aws_security_group.terminate_runner_instances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_vpc_security_group_egress_rule.docker_autoscaler_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |
 | [archive_file.terminate_runner_instances_lambda](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
 | [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -165,15 +168,21 @@ No modules.
 | <a name="input_asg_hook_terminating_heartbeat_timeout"></a> [asg\_hook\_terminating\_heartbeat\_timeout](#input\_asg\_hook\_terminating\_heartbeat\_timeout) | Duration in seconds the ASG should stay in the Terminating:Wait state. | `number` | `30` | no |
 | <a name="input_asg_name"></a> [asg\_name](#input\_asg\_name) | The name of the Auto Scaling Group to attach to. The 'environment' will be prefixed to this. | `string` | n/a | yes |
 | <a name="input_cloudwatch_logging_retention_in_days"></a> [cloudwatch\_logging\_retention\_in\_days](#input\_cloudwatch\_logging\_retention\_in\_days) | The number of days to retain logs in CloudWatch. | `number` | `30` | no |
+| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | Map of egress rules for the Lambda function. | <pre>map(object({<br/>    from_port       = optional(number, null)<br/>    to_port         = optional(number, null)<br/>    protocol        = string<br/>    description     = string<br/>    cidr_block      = optional(string, null)<br/>    ipv6_cidr_block = optional(string, null)<br/>    prefix_list_id  = optional(string, null)<br/>    security_group  = optional(string, null)<br/>  }))</pre> | n/a | yes |
 | <a name="input_enable_xray_tracing"></a> [enable\_xray\_tracing](#input\_enable\_xray\_tracing) | Enables X-Ray for debugging and analysis | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | A name that identifies the environment, used as a name prefix and for tagging. | `string` | n/a | yes |
+| <a name="input_environment_variables"></a> [environment\_variables](#input\_environment\_variables) | Environment variables to set for the Lambda function. A value of `{HANDLER} is replaced with the handler value of the Lambda function.` | `map(string)` | `{}` | no |
 | <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | KMS key id to encrypt the resources, e.g. logs, lambda environment variables, ... | `string` | n/a | yes |
+| <a name="input_lambda_handler"></a> [lambda\_handler](#input\_lambda\_handler) | The entry point for the Lambda function. | `string` | `null` | no |
+| <a name="input_layer_arns"></a> [layer\_arns](#input\_layer\_arns) | A list of ARNs of Lambda layers to attach to the Lambda function. | `list(string)` | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the Lambda function to create. The 'environment' will be prefixed to this. | `string` | n/a | yes |
 | <a name="input_name_docker_machine_runners"></a> [name\_docker\_machine\_runners](#input\_name\_docker\_machine\_runners) | The `Name` tag of EC2 instances created by the runner agent. | `string` | n/a | yes |
 | <a name="input_name_iam_objects"></a> [name\_iam\_objects](#input\_name\_iam\_objects) | The name to use for IAM resources - roles and policies. | `string` | `""` | no |
 | <a name="input_role_permissions_boundary"></a> [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | An optional IAM permissions boundary to use when creating IAM roles. | `string` | `null` | no |
+| <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | The subnet for the lambda function. | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags to apply to resources. | `map(any)` | `{}` | no |
 | <a name="input_timeout"></a> [timeout](#input\_timeout) | Timeout in seconds for the Lambda function. | `number` | `90` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC used for the runner and runner workers. | `string` | n/a | yes |
 
 ## Outputs