I have the following setup
- AWS EC2 Autoscaling group for my CI runners
- One gitlab runner registered
- AWS Launch template has user data so that on first boot it installs gitlab runner and reads from an AWS Secret the token from the previous step
- (Other configuration exists so that before termination of an instance the runner is deregistered from gitlab).
This works fine until after a couple of weeks the autoscaling group needs an increase or for another reason goes through a refresh of one or more items.
Because at this time the token in the vault will be expired (I think running runners would have rotated the token correctly).
So I am wondering if there is a best practices for this setup, as I have now set the token expiry to be 12 months.
I guess I need to configure in the AWS manager token rotation with a script, but I don’t find any documentation on how to do so.