fix!: remove deprecated terraform variables (#4945)

npalm · github-aws-runners-pr|bot · Copilot · web-flow · commit ce198bfba7fc · 2025-12-09T18:46:20.000+01:00
This pull request removes support for several deprecated AMI-related
variables across all modules, fully migrating the configuration to the
consolidated `ami` object. This change simplifies how AMI settings are
managed, improves consistency, and reduces confusion for users. All
references to the old variables (`ami_filter`, `ami_owners`,
`ami_id_ssm_parameter_name`, `ami_kms_key_arn`) have been removed from
module inputs, outputs, templates, documentation, and internal logic.

**Migration to consolidated AMI configuration:**

* Removed all deprecated AMI variables (`ami_filter`, `ami_owners`,
`ami_id_ssm_parameter_name`, `ami_kms_key_arn`) from module variable
definitions, outputs, and internal usage in `variables.tf`,
`outputs.tf`, and related files.
[[1]](diffhunk://#diff-05b5a57c136b6ff596500bcbfdcff145ef6cddea2a0e86d184d9daa9a65a288eL396-L424)
[[2]](diffhunk://#diff-23e8f44c0f21971190244acdb8a35eaa21af7578ed5f1b97bef83f1a566d979cL138-L165)
[[3]](diffhunk://#diff-de6c47c2496bd028a84d55ab12d8a4f90174ebfb6544b8b5c7b07a7ee4f27ec7L78-L90)
[[4]](diffhunk://#diff-2daea3e8167ce5d859f6f1bee08138dbe216003262325490e8b90477277c104aL70-L89)
[[5]](diffhunk://#diff-52d0673ff466b6445542e17038ea73a1cf41b8112f49ee57da4cebf8f0cb99c5L73-R73)
[[6]](diffhunk://#diff-52d0673ff466b6445542e17038ea73a1cf41b8112f49ee57da4cebf8f0cb99c5L186-L187)
[[7]](diffhunk://#diff-951f6bd1e32c3d27dd90e2dfb1f5232a704ef01fd925f3ee4323d6adc2dcdf5aL15-L20)
[[8]](diffhunk://#diff-3937b99021390c0192952207dd2e26a409e0c03446478fb09ac3cd360bb60ee5L9-L14)
* Updated example and documentation files to use the new `ami` object
structure, replacing previous usage of the deprecated variables.
[[1]](diffhunk://#diff-ef2038e9f8d807236d2acebe3c3a191039f8021cc4a0188f4778de908f0d453bL36-R40)
[[2]](diffhunk://#diff-ef2038e9f8d807236d2acebe3c3a191039f8021cc4a0188f4778de908f0d453bL52-R57)
[[3]](diffhunk://#diff-0a0d2ecd774e69a1397a913b6230f45692b49c0b17ccb103d318f6ab078353e2L48-R51)
[[4]](diffhunk://#diff-b2b9df08c45240d599f6260d246bad6e67129932174131db209341d8464247a8L18-R19)
[[5]](diffhunk://#diff-61032a0bb5f9d7ae65ba5155b2e58e12901f39bb7068f16b419d94c6f7a5b922L86-R89)
* Refactored module runner logic to only use the new `ami` object,
removing all fallback and compatibility code for the old variables.
[[1]](diffhunk://#diff-dc46acf24afd63ef8c556b77c126ccc6e578bc87e3aa09a931f33d9bf2532fbbL182-L185)
[[2]](diffhunk://#diff-57f00cdf57feef92ffcb35d6618e62e14ad652d5d520f331068332d5f3cade51L30-L32)
[[3]](diffhunk://#diff-e9624b388e62ca51cf1fe073eb0919588e8c36a1143ecdb49580996a89f13bebL40-R51)
* Updated internal references to AMI SSM parameter names and related
policies to use the new configuration, ensuring all resource and
environment variable logic is aligned with the consolidated approach.
[[1]](diffhunk://#diff-bc00c0efa92f360635d026350da2fb775718514e2b1ae718281400e661b7469bL13-R13)
[[2]](diffhunk://#diff-bc00c0efa92f360635d026350da2fb775718514e2b1ae718281400e661b7469bL28-R28)
[[3]](diffhunk://#diff-5921c9e3315946068538b290966e7e4e51b6e49d04c2466b0bdd4b298629b29dL56-R57)
[[4]](diffhunk://#diff-a598ba79d09e4770d55ed09e6b1d51e68c4a54562a3e3cbb46619d625a609d23L28-R28)
[[5]](diffhunk://#diff-a598ba79d09e4770d55ed09e6b1d51e68c4a54562a3e3cbb46619d625a609d23L151-R151)

With these updates, all AMI configuration is now handled through the
unified `ami` object, making runner setup more straightforward and
future-proof.


## Tested

- [x] default example
- [x] multi runner example

---------

Co-authored-by: github-aws-runners-pr|bot &lt;github-aws-runners-pr[bot]@users.noreply.github.com&gt;
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/README.md b/README.md
@@ -107,16 +107,12 @@ Join our discord community via [this invite link](https://discord.gg/bxgXW8jJGh)
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ami"></a> [ami](#input\_ami) | AMI configuration for the action runner instances. This object allows you to specify all AMI-related settings in one place.<br/><br/>Parameters:<br/>- `filter`: Map of lists to filter AMIs by various criteria (e.g., { name = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-*"], state = ["available"] })<br/>- `owners`: List of AMI owners to limit the search. Common values: ["amazon"], ["self"], or specific AWS account IDs<br/>- `id_ssm_parameter_arn`: ARN of an SSM parameter containing the AMI ID. If specified, this overrides both AMI filter and parameter name<br/>- `kms_key_arn`: Optional KMS key ARN if the AMI is encrypted with a customer managed key<br/><br/>Defaults to null, in which case the module falls back to individual AMI variables (deprecated). | <pre>object({<br/>    filter               = optional(map(list(string)), { state = ["available"] })<br/>    owners               = optional(list(string), ["amazon"])<br/>    id_ssm_parameter_arn = optional(string, null)<br/>    kms_key_arn          = optional(string, null)<br/>  })</pre> | `null` | no |
-| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | [DEPRECATED: Use ami.filter] Map of lists used to create the AMI filter for the action runner AMI. | `map(list(string))` | <pre>{<br/>  "state": [<br/>    "available"<br/>  ]<br/>}</pre> | no |
 | <a name="input_ami_housekeeper_cleanup_config"></a> [ami\_housekeeper\_cleanup\_config](#input\_ami\_housekeeper\_cleanup\_config) | Configuration for AMI cleanup.<br/><br/>    `amiFilters` - Filters to use when searching for AMIs to cleanup. Default filter for images owned by the account and that are available.<br/>    `dryRun` - If true, no AMIs will be deregistered. Default false.<br/>    `launchTemplateNames` - Launch template names to use when searching for AMIs to cleanup. Default no launch templates.<br/>    `maxItems` - The maximum number of AMIs that will be queried for cleanup. Default no maximum.<br/>    `minimumDaysOld` - Minimum number of days old an AMI must be to be considered for cleanup. Default 30.<br/>    `ssmParameterNames` - SSM parameter names to use when searching for AMIs to cleanup. This parameter should be set when using SSM to configure the AMI to use. Default no SSM parameters. | <pre>object({<br/>    amiFilters = optional(list(object({<br/>      Name   = string<br/>      Values = list(string)<br/>      })),<br/>      [{<br/>        Name : "state",<br/>        Values : ["available"],<br/>        },<br/>        {<br/>          Name : "image-type",<br/>          Values : ["machine"],<br/>      }]<br/>    )<br/>    dryRun              = optional(bool, false)<br/>    launchTemplateNames = optional(list(string))<br/>    maxItems            = optional(number)<br/>    minimumDaysOld      = optional(number, 30)<br/>    ssmParameterNames   = optional(list(string))<br/>  })</pre> | `{}` | no |
 | <a name="input_ami_housekeeper_lambda_s3_key"></a> [ami\_housekeeper\_lambda\_s3\_key](#input\_ami\_housekeeper\_lambda\_s3\_key) | S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. | `string` | `null` | no |
 | <a name="input_ami_housekeeper_lambda_s3_object_version"></a> [ami\_housekeeper\_lambda\_s3\_object\_version](#input\_ami\_housekeeper\_lambda\_s3\_object\_version) | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | `string` | `null` | no |
 | <a name="input_ami_housekeeper_lambda_schedule_expression"></a> [ami\_housekeeper\_lambda\_schedule\_expression](#input\_ami\_housekeeper\_lambda\_schedule\_expression) | Scheduler expression for action runner binary syncer. | `string` | `"rate(1 day)"` | no |
 | <a name="input_ami_housekeeper_lambda_timeout"></a> [ami\_housekeeper\_lambda\_timeout](#input\_ami\_housekeeper\_lambda\_timeout) | Time out of the lambda in seconds. | `number` | `300` | no |
 | <a name="input_ami_housekeeper_lambda_zip"></a> [ami\_housekeeper\_lambda\_zip](#input\_ami\_housekeeper\_lambda\_zip) | File location of the lambda zip file. | `string` | `null` | no |
-| <a name="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | [DEPRECATED: Use ami.id\_ssm\_parameter\_arn] String used to construct the SSM parameter name used to resolve the latest AMI ID for the runner instances. The SSM parameter should be of type String and contain a valid AMI ID. The default behavior is to use the latest Ubuntu 22.04 AMI. | `string` | `null` | no |
-| <a name="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn) | [DEPRECATED: Use ami.kms\_key\_arn] Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | `string` | `null` | no |
-| <a name="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners) | [DEPRECATED: Use ami.owners] The list of owners that should be used to find the AMI. | `list(string)` | <pre>[<br/>  "amazon"<br/>]</pre> | no |
 | <a name="input_associate_public_ipv4_address"></a> [associate\_public\_ipv4\_address](#input\_associate\_public\_ipv4\_address) | Associate public IPv4 with the runner. Only tested with IPv4 | `bool` | `false` | no |
 | <a name="input_aws_partition"></a> [aws\_partition](#input\_aws\_partition) | (optiona) partition in the arn namespace to use if not 'aws' | `string` | `"aws"` | no |
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes |
@@ -244,7 +240,6 @@ Join our discord community via [this invite link](https://discord.gg/bxgXW8jJGh)
 | Name | Description |
 |------|-------------|
 | <a name="output_binaries_syncer"></a> [binaries\_syncer](#output\_binaries\_syncer) | n/a |
-| <a name="output_deprecated_variables_warning"></a> [deprecated\_variables\_warning](#output\_deprecated\_variables\_warning) | Warning for deprecated variables usage. These variables will be removed in a future release. Please migrate to using the consolidated 'ami' object. |
 | <a name="output_instance_termination_handler"></a> [instance\_termination\_handler](#output\_instance\_termination\_handler) | n/a |
 | <a name="output_instance_termination_watcher"></a> [instance\_termination\_watcher](#output\_instance\_termination\_watcher) | n/a |
 | <a name="output_queues"></a> [queues](#output\_queues) | SQS queues. |
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -205,8 +205,6 @@ ami = {
 }
 ```
 
-> **Note:** The old way of configuring AMIs using individual variables (`ami_filter`, `ami_owners`, `ami_kms_key_arn`, `ami_id_ssm_parameter_arn`, `ami_id_ssm_parameter_name`) is deprecated and will be removed in a future version. It is recommended to migrate to the new consolidated `ami` object. Support for `ami_id_ssm_parameter_name` will be dropped, please specify an arn via `ami.id_ssm_parameter_arn` instead.
-
 ## Logging
 
 The module uses [AWS Lambda Powertools](https://awslabs.github.io/aws-lambda-powertools-typescript/latest/) for logging. By default the log level is set to `info`, by setting the log level to `debug` the incoming events of the Lambda are logged as well.
diff --git a/examples/default/README.md b/examples/default/README.md
@@ -70,7 +70,6 @@ terraform output -raw webhook_secret
 
 | Name | Description |
 |------|-------------|
-| <a name="output_deprecated_variables_warning"></a> [deprecated\_variables\_warning](#output\_deprecated\_variables\_warning) | n/a |
 | <a name="output_runners"></a> [runners](#output\_runners) | n/a |
 | <a name="output_webhook_endpoint"></a> [webhook\_endpoint](#output\_webhook\_endpoint) | n/a |
 | <a name="output_webhook_secret"></a> [webhook\_secret](#output\_webhook\_secret) | n/a |
diff --git a/examples/default/outputs.tf b/examples/default/outputs.tf
@@ -12,9 +12,3 @@ output "webhook_secret" {
   sensitive = true
   value     = random_id.random.hex
 }
-
-output "deprecated_variables_warning" {
-  value = join("", [
-    module.runners.deprecated_variables_warning,
-  ])
-}
diff --git a/examples/ephemeral/main.tf b/examples/ephemeral/main.tf
@@ -83,8 +83,10 @@ module "runners" {
 
   # configure your pre-built AMI
   # enable_userdata = false
-  # ami_filter      = { name = ["github-runner-al2023-x86_64-*"], state = ["available"] }
-  # ami_owners      = [data.aws_caller_identity.current.account_id]
+  # ami = {
+  #   filter = { name = ["github-runner-al2023-x86_64-*"], state = ["available"] }
+  #   owners = [data.aws_caller_identity.current.account_id]
+  # }
 
   # or use the default AMI
   # enable_userdata = true
diff --git a/examples/multi-runner/README.md b/examples/multi-runner/README.md
@@ -94,7 +94,6 @@ terraform output -raw webhook_secret
 
 | Name | Description |
 |------|-------------|
-| <a name="output_deprecated_variables_warning"></a> [deprecated\_variables\_warning](#output\_deprecated\_variables\_warning) | n/a |
 | <a name="output_webhook_endpoint"></a> [webhook\_endpoint](#output\_webhook\_endpoint) | n/a |
 | <a name="output_webhook_secret"></a> [webhook\_secret](#output\_webhook\_secret) | n/a |
 <!-- END_TF_DOCS -->
diff --git a/examples/multi-runner/outputs.tf b/examples/multi-runner/outputs.tf
@@ -6,9 +6,3 @@ output "webhook_secret" {
   sensitive = true
   value     = random_id.random.hex
 }
-
-output "deprecated_variables_warning" {
-  value = join("", [
-    module.runners.deprecated_variables_warning,
-  ])
-}
diff --git a/examples/multi-runner/templates/runner-configs/windows-x64.yaml b/examples/multi-runner/templates/runner-configs/windows-x64.yaml
@@ -15,8 +15,9 @@ runner_config:
   delay_webhook_event: 5
   scale_down_schedule_expression: cron(* * * * ? *)
   runner_boot_time_in_minutes: 20
-  ami_filter:
-    name:
-      - Windows_Server-2022-English-Full-ECS_Optimized-*
-    state:
-      - available
+  ami:
+    filter:
+      name:
+        - Windows_Server-2022-English-Full-ECS_Optimized-*
+      state:
+        - available
diff --git a/examples/prebuilt/README.md b/examples/prebuilt/README.md
@@ -33,9 +33,11 @@ Assuming you have built the `linux-al2023` image which has a pre-defined AMI nam
 module "runners" {
   ...
   # set the name of the ami to use
-  ami_filter        = { name = ["github-runner-al2023-x86_64-2023*"], state = ["available"] }
-  # provide the owner id of
-  ami_owners        = ["<your owner id>"]
+  ami = {
+    filter = { name = ["github-runner-al2023-x86_64-2023*"], state = ["available"] }
+    # provide the owner id of
+    owners = ["<your owner id>"]
+  }
 
   enable_userdata = false
   ...
@@ -49,7 +51,10 @@ data "aws_caller_identity" "current" {}
 
 module "runners" {
   ...
-  ami_owners       = [data.aws_caller_identity.current.account_id]
+  ami = {
+    filter = { name = ["github-runner-al2023-x86_64-2023*"], state = ["available"] }
+    owners = [data.aws_caller_identity.current.account_id]
+  }
   ...
 }
 ```
diff --git a/examples/prebuilt/main.tf b/examples/prebuilt/main.tf
@@ -45,8 +45,10 @@ module "runners" {
 
   # configure your pre-built AMI
   enable_userdata = false
-  ami_filter      = { name = [var.ami_name_filter], state = ["available"] }
-  ami_owners      = [data.aws_caller_identity.current.account_id]
+  ami = {
+    filter = { name = [var.ami_name_filter], state = ["available"] }
+    owners = [data.aws_caller_identity.current.account_id]
+  }
 
   # disable binary syncer since github agent is already installed in the AMI.
   enable_runner_binaries_syncer = false
diff --git a/main.tf b/main.tf
@@ -177,12 +177,8 @@ module "runners" {
   instance_max_spot_price       = var.instance_max_spot_price
   block_device_mappings         = var.block_device_mappings
 
-  runner_architecture       = var.runner_architecture
-  ami                       = var.ami
-  ami_filter                = var.ami_filter
-  ami_owners                = var.ami_owners
-  ami_id_ssm_parameter_name = var.ami_id_ssm_parameter_name
-  ami_kms_key_arn           = var.ami_kms_key_arn
+  runner_architecture = var.runner_architecture
+  ami                 = var.ami
 
   sqs_build_queue                      = aws_sqs_queue.queued_builds
   github_app_parameters                = local.github_app_parameters
diff --git a/modules/multi-runner/README.md b/modules/multi-runner/README.md
diff --git a/modules/multi-runner/outputs.tf b/modules/multi-runner/outputs.tf
@@ -67,23 +67,3 @@ output "instance_termination_handler" {
     lambda_role      = module.instance_termination_watcher[0].spot_termination_handler.lambda_role
   } : null
 }
-
-output "deprecated_variables_warning" {
-  description = "Warning for deprecated variables usage. These variables will be removed in a future release. Please migrate to using the consolidated 'ami' object in each runner configuration."
-  value = join("", [
-    for key, runner_config in var.multi_runner_config : (
-      join("", [
-        # Show object migration warning only when ami is null and old variables are used
-        try(runner_config.runner_config.ami, null) == null ? (
-          (try(runner_config.runner_config.ami_filter, { state = ["available"] }) != { state = ["available"] } ||
-            try(runner_config.runner_config.ami_owners, ["amazon"]) != ["amazon"] ||
-          try(runner_config.runner_config.ami_kms_key_arn, "") != "") ?
-          "DEPRECATION WARNING: Runner '${key}' is using deprecated AMI variables (ami_filter, ami_owners, ami_kms_key_arn). These variables will be removed in a future version. Please migrate to using the consolidated 'ami' object.\n" : ""
-        ) : "",
-        # Always show warning for ami_id_ssm_parameter_name to migrate to ami_id_ssm_parameter_arn
-        try(runner_config.runner_config.ami_id_ssm_parameter_name, null) != null ?
-        "DEPRECATION WARNING: Runner '${key}' is using deprecated variable 'ami_id_ssm_parameter_name'. Please use 'ami.id_ssm_parameter_arn' instead.\n" : ""
-      ])
-    )
-  ])
-}
diff --git a/modules/multi-runner/runners.tf b/modules/multi-runner/runners.tf
@@ -27,9 +27,6 @@ module "runners" {
 
   runner_architecture = each.value.runner_config.runner_architecture
   ami                 = each.value.runner_config.ami
-  ami_filter          = each.value.runner_config.ami_filter
-  ami_owners          = each.value.runner_config.ami_owners
-  ami_kms_key_arn     = each.value.runner_config.ami_kms_key_arn
 
   sqs_build_queue                      = { "arn" : each.value.arn, "url" : each.value.url }
   github_app_parameters                = local.github_app_parameters
diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf
@@ -70,12 +70,7 @@ variable "multi_runner_config" {
         owners               = optional(list(string), ["amazon"])
         id_ssm_parameter_arn = optional(string, null)
         kms_key_arn          = optional(string, null)
-      }), null) # Defaults to null, in which case the module falls back to individual AMI variables (deprecated)
-      # Deprecated: Use ami object instead
-      ami_filter                              = optional(map(list(string)), { state = ["available"] })
-      ami_owners                              = optional(list(string), ["amazon"])
-      ami_id_ssm_parameter_name               = optional(string, null)
-      ami_kms_key_arn                         = optional(string, "")
+      }), null)
       create_service_linked_role_spot         = optional(bool, false)
       credit_specification                    = optional(string, null)
       delay_webhook_event                     = optional(number, 30)
@@ -183,8 +178,6 @@ variable "multi_runner_config" {
         runner_architecture: "The platform architecture of the runner instance_type."
         runner_metadata_options: "(Optional) Metadata options for the ec2 runner instances."
         ami: "(Optional) AMI configuration for the action runner instances. This object allows you to specify all AMI-related settings in one place."
-        ami_filter: "(Optional) List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used."
-        ami_owners: "(Optional) The list of owners used to select the AMI of action runner instances."
         create_service_linked_role_spot: (Optional) create the serviced linked role for spot instances that is required by the scale-up lambda.
         credit_specification: "(Optional) The credit specification of the runner instance_type. Can be unset, `standard` or `unlimited`.
         delay_webhook_event: "The number of seconds the event accepted by the webhook is invisible on the queue before the scale up lambda will receive the event."
diff --git a/modules/runners/README.md b/modules/runners/README.md
@@ -137,10 +137,6 @@ yarn run dist
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ami"></a> [ami](#input\_ami) | AMI configuration for the action runner instances. This object allows you to specify all AMI-related settings in one place.<br/><br/>Parameters:<br/>- `filter`: Map of lists to filter AMIs by various criteria (e.g., { name = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-*"], state = ["available"] })<br/>- `owners`: List of AMI owners to limit the search. Common values: ["amazon"], ["self"], or specific AWS account IDs<br/>- `id_ssm_parameter_name`: Name of an SSM parameter containing the AMI ID. If specified, this overrides the AMI filter<br/>- `id_ssm_parameter_arn`: ARN of an SSM parameter containing the AMI ID. If specified, this overrides both AMI filter and parameter name<br/>- `kms_key_arn`: Optional KMS key ARN if the AMI is encrypted with a customer managed key<br/><br/>Defaults to null, in which case the module falls back to individual AMI variables (deprecated). | <pre>object({<br/>    filter               = optional(map(list(string)), { state = ["available"] })<br/>    owners               = optional(list(string), ["amazon"])<br/>    id_ssm_parameter_arn = optional(string, null)<br/>    kms_key_arn          = optional(string, null)<br/>  })</pre> | `null` | no |
-| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | [DEPRECATED: Use ami.filter] Map of lists used to create the AMI filter for the action runner AMI. | `map(list(string))` | <pre>{<br/>  "state": [<br/>    "available"<br/>  ]<br/>}</pre> | no |
-| <a name="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | [DEPRECATED: Use ami.id\_ssm\_parameter\_name] Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami\_filter | `string` | `null` | no |
-| <a name="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn) | [DEPRECATED: Use ami.kms\_key\_arn] Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | `string` | `null` | no |
-| <a name="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners) | [DEPRECATED: Use ami.owners] The list of owners used to select the AMI of action runner instances. | `list(string)` | <pre>[<br/>  "amazon"<br/>]</pre> | no |
 | <a name="input_associate_public_ipv4_address"></a> [associate\_public\_ipv4\_address](#input\_associate\_public\_ipv4\_address) | Associate public IPv4 with the runner. Only tested with IPv4 | `bool` | `false` | no |
 | <a name="input_aws_partition"></a> [aws\_partition](#input\_aws\_partition) | (optional) partition for the base arn if not 'aws' | `string` | `"aws"` | no |
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes |
diff --git a/modules/runners/main.tf b/modules/runners/main.tf
@@ -37,16 +37,18 @@ locals {
     "linux"   = "${path.module}/templates/start-runner.sh"
   }
 
-  # Handle AMI configuration from either the new object or old variables
+  # Handle AMI configuration
   ami_config = var.ami != null ? var.ami : {
-    filter               = var.ami_filter
-    owners               = var.ami_owners
+    filter               = local.default_ami[var.runner_os]
+    owners               = ["amazon"]
     id_ssm_parameter_arn = null
-    kms_key_arn          = var.ami_kms_key_arn
+    kms_key_arn          = null
   }
   ami_kms_key_arn           = local.ami_config.kms_key_arn != null ? local.ami_config.kms_key_arn : ""
   ami_filter                = merge(local.default_ami[var.runner_os], local.ami_config.filter)
   ami_id_ssm_module_managed = local.ami_config.id_ssm_parameter_arn == null
+  # Extract parameter name from ARN (format: arn:aws:ssm:region:account:parameter/path/to/param)
+  ami_id_ssm_parameter_name = local.ami_id_ssm_module_managed ? null : try(regex("parameter/(.+)$", local.ami_config.id_ssm_parameter_arn)[0], null)
 
   enable_job_queued_check = var.enable_job_queued_check == null ? !var.enable_ephemeral_runners : var.enable_job_queued_check
 
diff --git a/modules/runners/policies-lambda-common.tf b/modules/runners/policies-lambda-common.tf
diff --git a/modules/runners/pool.tf b/modules/runners/pool.tf
diff --git a/modules/runners/scale-up.tf b/modules/runners/scale-up.tf
diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf
diff --git a/outputs.tf b/outputs.tf
diff --git a/variables.tf b/variables.tf

Original file line number	Diff line number	Diff line change
`@@ -205,8 +205,6 @@ ami = {`
`205`	`205`	`}`
`206`	`206`	```
`207`	`207`
`208`		-> Note: The old way of configuring AMIs using individual variables (`ami_filter`, `ami_owners`, `ami_kms_key_arn`, `ami_id_ssm_parameter_arn`, `ami_id_ssm_parameter_name`) is deprecated and will be removed in a future version. It is recommended to migrate to the new consolidated `ami` object. Support for `ami_id_ssm_parameter_name` will be dropped, please specify an arn via `ami.id_ssm_parameter_arn` instead.
`209`		`-`
`210`	`208`	`## Logging`
`211`	`209`
`212`	`210`	The module uses [AWS Lambda Powertools](https://awslabs.github.io/aws-lambda-powertools-typescript/latest/) for logging. By default the log level is set to `info`, by setting the log level to `debug` the incoming events of the Lambda are logged as well.