After attempting to deploy a zero config Stack to GovCloud, I found that the runners were failing to be created due to an IAM issue. Here's a sanitized snippet from /var/log/gitlab-runner.log:
Jan 4 20:10:30 ip-REDACTED gitlab-runner: #033[31;1mERROR: Error creating machine: Error in driver during machine creation: Error request spot instance: UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws-us-gov:sts::REDACTED:assumed-role/GitLabRunnerStack-GitlabRunnerManagerRole2F9BC927-REDACTED/i-REDACTED is not authorized to perform: ec2:RequestSpotInstances on resource: arn:aws-us-gov:ec2:us-gov-west-1:REDACTED:subnet/subnet-REDACTED because no identity-based policy allows the ec2:RequestSpotInstances action.
After attempting to deploy a zero config Stack to GovCloud, I found that the runners were failing to be created due to an IAM issue. Here's a sanitized snippet from
/var/log/gitlab-runner.log:Deeper inspection found the culprit at https://github.com/pepperize/cdk-autoscaling-gitlab-runner/blob/cd20c1387c4ce6c656974768a2804202f417b3f0/src/runner/manager.ts#L162 Whereas the
arn:awsprefix is hard-coded, the actual GovCloud ARN prefix is going to bearn:aws-us-gov.