From 37651d6c04b1afa05ce16d6d4f0bd27a815ce3c7 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 19 Feb 2026 10:20:31 -0500 Subject: [PATCH] feat: relax cpu_options schema and add amd_sev_snp + nested_virtualization support Signed-off-by: Brian Long --- modules/multi-runner/variables.tf | 6 ++++-- modules/runners/main.tf | 2 ++ modules/runners/variables.tf | 14 ++++++++++++-- variables.tf | 14 ++++++++++++-- 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf index faf9c946c4..07fd9429d8 100644 --- a/modules/multi-runner/variables.tf +++ b/modules/multi-runner/variables.tf @@ -133,8 +133,10 @@ variable "multi_runner_config" { evictionStrategy = optional(string, "oldest_first") })), []) cpu_options = optional(object({ - core_count = number - threads_per_core = number + core_count = optional(number) + threads_per_core = optional(number) + amd_sev_snp = optional(string) + nested_virtualization = optional(string) }), null) placement = optional(object({ affinity = optional(string) diff --git a/modules/runners/main.tf b/modules/runners/main.tf index 9a85a2f2c3..de6f585628 100644 --- a/modules/runners/main.tf +++ b/modules/runners/main.tf @@ -168,6 +168,8 @@ resource "aws_launch_template" "runner" { content { core_count = try(cpu_options.value.core_count, null) threads_per_core = try(cpu_options.value.threads_per_core, null) + amd_sev_snp = try(cpu_options.value.amd_sev_snp, null) + nested_virtualization = try(cpu_options.value.nested_virtualization, null) } } diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index db58a86b42..dea1a0601a 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -637,10 +637,20 @@ variable "credit_specification" { variable "cpu_options" { description = "The CPU options for the instance. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#cpu-options for details. Note that not all instance types support CPU options, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#instance-cpu-options" type = object({ - core_count = number - threads_per_core = number + core_count = optional(number) + threads_per_core = optional(number) + amd_sev_snp = optional(string) + nested_virtualization = optional(string) }) default = null + + validation { + condition = var.cpu_options == null ? true : ( + (var.cpu_options.amd_sev_snp == null || contains(["enabled", "disabled"], var.cpu_options.amd_sev_snp)) && + (var.cpu_options.nested_virtualization == null || contains(["enabled", "disabled"], var.cpu_options.nested_virtualization)) + ) + error_message = "When set, cpu_options.amd_sev_snp and cpu_options.nested_virtualization must be one of: enabled, disabled." + } } variable "placement" { diff --git a/variables.tf b/variables.tf index 90769578c0..cf41d5cec6 100644 --- a/variables.tf +++ b/variables.tf @@ -868,10 +868,20 @@ variable "runner_credit_specification" { variable "runner_cpu_options" { description = "The CPU options for the instance. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#cpu-options for details. Note that not all instance types support CPU options, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#instance-cpu-options" type = object({ - core_count = number - threads_per_core = number + core_count = optional(number) + threads_per_core = optional(number) + amd_sev_snp = optional(string) + nested_virtualization = optional(string) }) default = null + + validation { + condition = var.runner_cpu_options == null ? true : ( + (var.runner_cpu_options.amd_sev_snp == null || contains(["enabled", "disabled"], var.runner_cpu_options.amd_sev_snp)) && + (var.runner_cpu_options.nested_virtualization == null || contains(["enabled", "disabled"], var.runner_cpu_options.nested_virtualization)) + ) + error_message = "When set, runner_cpu_options.amd_sev_snp and runner_cpu_options.nested_virtualization must be one of: enabled, disabled." + } } variable "runner_placement" {