Skip to content

feat(logging): add log_class parameter to runner log files configuration#5036

Merged
npalm merged 5 commits intomainfrom
feat/specify-log-classes
Mar 11, 2026
Merged

feat(logging): add log_class parameter to runner log files configuration#5036
npalm merged 5 commits intomainfrom
feat/specify-log-classes

Conversation

@Brend-Smits
Copy link
Contributor

@Brend-Smits Brend-Smits commented Feb 16, 2026

This pull request updates the logging configuration by introducing support for the log_class property, allowing log groups to be created with either the STANDARD or INFREQUENT_ACCESS class. The change is applied throughout the configuration to ensure log groups and log files can specify their class, defaulting to STANDARD if not set.

Logging configuration enhancements:

  • Added a log_class property (defaulting to "STANDARD") to the runner_log_files and multi_runner_config variables in variables.tf, modules/runners/variables.tf, and modules/multi-runner/variables.tf to allow specifying the log group class. [1] [2] [3]
  • Updated the local log file definitions in modules/runners/logging.tf to include the log_class property for each log file, defaulting to "STANDARD".
  • Modified the CloudWatch log group resource in modules/runners/logging.tf to use the specified log_class when creating log groups, and refactored the logic to group log files by both name and class.

Documentation improvements:

  • Enhanced the description of the runner_log_files variable to document the new log_class property and its valid values.

@Brend-Smits Brend-Smits requested review from a team as code owners February 16, 2026 10:44
@github-actions
Copy link
Contributor

github-actions bot commented Feb 16, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@npalm
Copy link
Member

npalm commented Mar 3, 2026
edited
Loading

@Brend-Smits did you run a quick check on the multi-runner as well default example?

Please can you also update all other log groups managed by the module? See https://github.com/github-aws-runners/terraform-aws-github-runner/search?q=repo%3Agithub-aws-runners%2Fterraform-aws-github-runner%20path%3A*.tf%20resource%20%22aws_cloudwatch_log_group%22&type=code

@Brend-Smits
Copy link
Contributor Author

Brend-Smits commented Mar 3, 2026

@Brend-Smits did you run a quick check on the multi-runner as well default example?

Please can you also update all other log groups managed by the module? See github-aws-runners/terraform-aws-github-runner/search?type=code (repo:github-aws-runners/terraform-aws-github-runner path:*.tf resource "aws_cloudwatch_log_group")

Yes I tested this with the multi runner example and it works as advertised. As expected, when you change the log class for existing log groups, it forces a replacement on the whole group.

I also updated it for all the other modules.

@Brend-Smits Brend-Smits force-pushed the feat/specify-log-classes branch 2 times, most recently from c70da8b to 5820b11 Compare March 6, 2026 12:52
@npalm npalm requested a review from Copilot March 9, 2026 20:17
Copilot AI reviewed Mar 9, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a log_class parameter throughout the Terraform module, enabling users to configure CloudWatch log groups to use either the STANDARD or INFREQUENT_ACCESS class (defaulting to STANDARD). This affects lambda function log groups, runner EC2 instance log groups, and per-log-file CloudWatch log groups configured via runner_log_files.

Changes:

  • New log_class variable added to all relevant modules (root, runners, multi-runner, webhook, ami-housekeeper, runner-binaries-syncer) with validation, and propagated through all module call chains
  • Runner EC2 instance log groups refactored from count-based to for_each-based resource indexing (to support per-log-group class configuration), and each default log file entry now hardcodes log_class = "STANDARD"
  • runner_log_files and multi_runner_config.runner_log_files type objects updated with an optional log_class field, and all CloudWatch log group resources updated with log_group_class = var.log_class (or equivalent)

Reviewed changes

Copilot reviewed 41 out of 41 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
variables.tf Adds root-level log_class variable with validation; adds log_class to runner_log_files object type
main.tf Propagates log_class to all child module calls
modules/runners/variables.tf Adds log_class variable with validation; updates runner_log_files description and type
modules/runners/logging.tf Adds log_class to default log files; refactors countfor_each for log groups; uses per-entry class
modules/runners/pool.tf / pool/main.tf / pool/variables.tf Passes log_class through to the pool lambda log group
modules/runners/scale-up.tf / scale-down.tf / ssm-housekeeper.tf Applies log_group_class = var.log_class to lambda log groups
modules/lambda/variables.tf / main.tf Adds optional log_class to lambda config object; applies to log group resource
modules/webhook/ (webhook, direct, eventbridge) Adds log_class to config objects and applies to CloudWatch log groups
modules/runner-binaries-syncer/ Adds log_class variable and applies to syncer log group
modules/ami-housekeeper/ Adds log_class variable and applies to housekeeper log group
modules/termination-watcher/variables.tf Adds log_class to the config object (flows to lambda module)
modules/multi-runner/ Adds log_class variable; propagates to all child modules including runner_log_files in multi_runner_config
README.md files Documentation updates reflecting new log_class variable in all modules

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

npalm
npalm requested changes Mar 9, 2026
View reviewed changes
@Brend-Smits Brend-Smits requested a review from npalm March 11, 2026 14:28
@Brend-Smits Brend-Smits force-pushed the feat/specify-log-classes branch from 75ddb43 to 4c57614 Compare March 11, 2026 14:31
Brend-Smits and others added 4 commits March 11, 2026 15:31
@Brend-Smits
feat(logging): add log_class parameter to runner log files configuration
17f3de3
@Brend-Smits
feat(logging): add log_class parameter to all CloudWatch log groups
e622a04 
Extends the log_class parameter to all CloudWatch log groups managed by
the module, allowing users to set INFREQUENT_ACCESS class to reduce costs.

Log groups updated:
- runner-binaries-syncer (syncer)
- ami-housekeeper
- runners (scale-down, scale-up, ssm-housekeeper)
- runners/pool
- webhook/direct
- webhook/eventbridge (webhook, dispatcher)
- lambda module (shared)
- termination-watcher
- multi-runner (passthrough to all submodules)

Defaults to STANDARD for backward compatibility.
@Brend-Smits
fix(logging): preserve count-based log groups to avoid breaking change
0326c6d 
BREAKING CHANGE AVOIDED: The previous implementation changed
aws_cloudwatch_log_group.gh_runners from count to for_each, which would
cause Terraform to destroy and recreate all existing CloudWatch log
groups on upgrade. This could result in loss of log data.

This commit reverts to the count-based approach using parallel
loggroups_names and loggroups_classes lists, preserving the existing
Terraform state addresses (e.g. aws_cloudwatch_log_group.gh_runners[0])
while still supporting the new log_class parameter.

Changes:
- logging.tf: Use loggroups_names + loggroups_classes parallel lists
  instead of a for_each on objects, keeping count-based resource indexing
- logging.tf: Remove redundant try() around l.log_class since the
  variable type already defaults it to "STANDARD"
- job-retry.tf: Add missing log_class propagation to job-retry config
- variables.tf: Update runner_log_files description to document log_class
- examples/multi-runner: Add log_class parameter to example

Signed-off-by: Brend Smits <brend.smits@philips.com>
@Brend-Smits
docs: auto update terraform docs
1571bdd
@Brend-Smits Brend-Smits force-pushed the feat/specify-log-classes branch from 4c57614 to 1571bdd Compare March 11, 2026 14:31
npalm
npalm approved these changes Mar 11, 2026
View reviewed changes
Copy link
Member

@npalm npalm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Brend-Smits thx LGTM. Problem with destroying log groups seems solved.

@npalm npalm merged commit 3509d4c into main Mar 11, 2026
42 checks passed
@npalm npalm deleted the feat/specify-log-classes branch March 11, 2026 15:24
@runners-releaser runners-releaser bot mentioned this pull request Mar 11, 2026
Merged
npalm pushed a commit that referenced this pull request Mar 11, 2026
@runners-releaser
chore(main): release 7.5.0 (#5063)
e4b12ae 
🤖 I have created a release *beep* *boop*
---


##
[7.5.0](v7.4.1...v7.5.0)
(2026-03-11)


### Features

* **lambdas:** add batch SSM parameter fetching to reduce API calls
([#5017](#5017))
([24857c2](24857c2))
* **logging:** add log_class parameter to runner log files configuration
([#5036](#5036))
([3509d4c](3509d4c))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: runners-releaser[bot] <194412594+runners-releaser[bot]@users.noreply.github.com>
@trevjonez trevjonez mentioned this pull request Mar 12, 2026
Open
@vytautaskubilius vytautaskubilius mentioned this pull request Mar 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@npalm npalm npalm approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Brend-Smits @npalm