Commit 5a3746d
feat: relax cpu_options schema and add amd_sev_snp + nested_virtualization support (#5039)
### Summary
This PR updates the module’s CPU options plumbing to support newer EC2
Launch Template `cpu_options` fields (notably `nested_virtualization`
and `amd_sev_snp`) while also making CPU topology settings optional so
users aren’t forced to specify `core_count`/`threads_per_core` just to
enable other CPU options.
### Motivation / Problem
When configuring runners via `multi-runner`, the `cpu_options` object
currently requires `core_count` and `threads_per_core`. This blocks
use-cases where users want to set only newly-supported provider fields
like `nested_virtualization` without also pinning CPU topology. AWS
itself treats these settings as optional and instance-type-dependent.
### What changed
- **Relaxed the `cpu_options` object type** so these fields are
optional:
- `core_count`
- `threads_per_core`
- **Added optional support for:**
- `nested_virtualization` (valid: `enabled` / `disabled`)
- `amd_sev_snp` (valid: `enabled` / `disabled`)
- **Added validation** on `amd_sev_snp` and `nested_virtualization` to
restrict values to `enabled|disabled` when set.
- **Launch template wiring:** updated the `aws_launch_template`
`cpu_options` block to pass through `amd_sev_snp` and
`nested_virtualization` (using `try(..., null)` so unset values remain
unset).
- **Multi-runner schema updated** so per-runner `cpu_options` can
include the new fields and no longer forces
`core_count`/`threads_per_core`.
### Compatibility / Notes
- Existing configurations that set `core_count` and `threads_per_core`
continue to work.
- Users can now set `nested_virtualization` or `amd_sev_snp` without
specifying CPU topology.
- AWS will still enforce instance-type support at API time (e.g., nested
virt only on supported 8th-gen Intel families; SEV-SNP only on supported
AMD families).
### Testing
- `terraform init`
- `terraform validate`
- `terraform plan` with `cpu_options.nested_virtualization = "enabled"`
on supported instance families
```
instance_types:
- c8i.xlarge
- m8i.xlarge
- r8i.xlarge
cpu_options:
nested_virtualization: enabled
```
Fixes #5040
---------
Signed-off-by: Brian Long <brilong@cisco.com>
Co-authored-by: Brend Smits <brend.smits@philips.com>1 parent c68445d commit 5a3746d
18 files changed
Lines changed: 255 additions & 231 deletions
File tree
- examples
- default
- ephemeral
- external-managed-ssm-secrets
- multi-runner
- permissions-boundary
- prebuilt
- modules
- multi-runner
- runners
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2 | 2 | | |
3 | 3 | | |
4 | 4 | | |
5 | | - | |
| 5 | + | |
6 | 6 | | |
7 | 7 | | |
8 | 8 | | |
| |||
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2 | 2 | | |
3 | 3 | | |
4 | 4 | | |
5 | | - | |
| 5 | + | |
6 | 6 | | |
7 | 7 | | |
8 | 8 | | |
| |||
0 commit comments