Currently, the GitHub private key is stored in ~/.ssh/ on the EBS volume that attaches to EC2. This is used for communicating back to GitHub (ie: posting results of benchmarks).
This should instead be stored in AWS Secrets Manager. This would allow the key to be rotated more easily, but would also allow the key to be accessed securely from AWS Lambda. This would allow Lambda to let GitHub know that the job has been enqueued as soon as it is received, rather than waiting for EC2 to actually start that build job.
This would add less than a dollar per month to the cost. ($0.40/month per secret + $0.05 per 10,000 API calls)
pathawks
commented
6 years ago
Currently, the GitHub private key is stored in
~/.ssh/on the EBS volume that attaches to EC2. This is used for communicating back to GitHub (ie: posting results of benchmarks).This should instead be stored in AWS Secrets Manager. This would allow the key to be rotated more easily, but would also allow the key to be accessed securely from AWS Lambda. This would allow Lambda to let GitHub know that the job has been enqueued as soon as it is received, rather than waiting for EC2 to actually start that build job.
This would add less than a dollar per month to the cost. ($0.40/month per secret + $0.05 per 10,000 API calls)