cloudandthings · baolsen · Nov 6, 2025 · Nov 6, 2025
@@ -71,6 +71,7 @@ Modify your GitHub workflow file to use the CodeBuild runner:
 ```yaml
 jobs:
   my-job:
+    # The runner label below will trigger CodeBuild to run this job
     runs-on: codebuild-${{ RUNNER_NAME }}-${{ github.run_id }}-${{ github.run_attempt }}
     steps:
       - uses: actions/checkout@v3
@@ -80,6 +81,8 @@ jobs:
 
 Replace `RUNNER_NAME` with the name you configured for your runner.
 
+The runner label is also added as a description and a tag on the CodeBuild project.
+
 ## Docker Image Configuration
 
 ### Default Images
@@ -308,6 +311,7 @@ module "github_runner" {
 | <a name="input_source_auth"></a> [source\_auth](#input\_source\_auth) | Override the default CodeBuild source credential for this project. This allows using project-specific authentication instead of the account/region baseline credential. See docs/GITHUB-AUTH-SETUP.md for usage details. | <pre>object({<br/>    type     = string<br/>    resource = string<br/>  })</pre> | `null` | no |
 | <a name="input_source_location"></a> [source\_location](#input\_source\_location) | Your source code repo location, for example https://github.com/my/repo.git | `string` | n/a | yes |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | The list of Subnet IDs for AWS CodeBuild to launch ephemeral EC2 instances in. | `list(string)` | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resources created by this module. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC ID for AWS CodeBuild to launch ephemeral instances in. | `string` | `null` | no |
 
 ----

@@ -3,6 +3,18 @@ locals {
   aws_region     = data.aws_region.current.name
   aws_partition  = data.aws_partition.current.partition
 
+  github_runner_label = "codebuild-${var.name}-$${{ github.run_id }}-$${{ github.run_attempt }}"
+  description = (
+    var.description != null
+    ? var.description
+    : "GitHub runner label: ${local.github_runner_label}"
+  )
+  tags = merge(var.tags,
+    {
+      github-runner-label = local.github_runner_label
+    }
+  )
+
   has_s3_log_bucket = var.s3_logs_bucket_name != null
 
   has_vpc_config = var.vpc_id != null

@@ -18,9 +18,10 @@ locals {
 }
 
 resource "aws_codebuild_project" "this" {
-  depends_on    = [aws_iam_role_policy.codeconnection_required]
-  name          = var.name
-  description   = var.description
+  name        = var.name
+  description = local.description
+  tags        = local.tags
+
   build_timeout = var.build_timeout
   service_role = (
     local.create_iam_role
@@ -91,6 +92,8 @@ resource "aws_codebuild_project" "this" {
       security_group_ids = local.security_group_ids
     }
   }
+
+  depends_on = [aws_iam_role_policy.codeconnection_required]
 }
 
 resource "aws_codebuild_source_credential" "string" {

@@ -68,6 +68,12 @@ variable "source_auth" {
   default = null
 }
 
+variable "tags" {
+  description = "A map of tags to assign to the resources created by this module. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level."
+  type        = map(string)
+  default     = {}
+}
+
 # logs
 variable "create_cloudwatch_log_group" {
   description = "Determines whether a log group is created by this module. If not, AWS will automatically create one if logging is enabled"