diff --git a/.github/.release-please-manifest.json b/.github/.release-please-manifest.json
index a6430595..076c9610 100644
--- a/.github/.release-please-manifest.json
+++ b/.github/.release-please-manifest.json
@@ -1,3 +1,3 @@
{
- ".": "9.2.4"
+ ".": "9.2.5"
}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 52e2c43e..4bd6c887 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
# Changelog
+## [9.2.5](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/9.2.4...9.2.5) (2025-09-21)
+
+
+### Bug Fixes
+
+* add missing policies for the autoscaler ([#1328](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/1328)) ([99b8605](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/99b8605c938ad8ad85701c3f5c4935ecb5d63e1c))
+
## [9.2.4](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/9.2.3...9.2.4) (2025-09-11)
diff --git a/README.md b/README.md
index 2806f809..ea92ef10 100644
--- a/README.md
+++ b/README.md
@@ -78,7 +78,7 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | >= 5.76 |
+| [aws](#requirement\_aws) | >= 6.0.0 |
| [local](#requirement\_local) | >= 2.4.0 |
| [tls](#requirement\_tls) | >= 3 |
@@ -86,7 +86,7 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 6.12.0 |
+| [aws](#provider\_aws) | 6.13.0 |
| [local](#provider\_local) | 2.5.3 |
| [tls](#provider\_tls) | 4.1.0 |
@@ -227,7 +227,7 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
| [runner\_worker\_docker\_autoscaler\_ami\_owners](#input\_runner\_worker\_docker\_autoscaler\_ami\_owners) | The list of owners used to select the AMI of the Runner Worker (autoscaler). | `list(string)` | [
"099720109477"
]
| no |
| [runner\_worker\_docker\_autoscaler\_asg](#input\_runner\_worker\_docker\_autoscaler\_asg) | enabled\_metrics = List of metrics to collect.
enable\_mixed\_instances\_policy = Make use of autoscaling-group mixed\_instances\_policy capacities to leverage pools and spot instances.
health\_check\_grace\_period = Time (in seconds) after instance comes into service before checking health.
health\_check\_type = Controls how health checking is done. Values are - EC2 and ELB.
instance\_refresh\_min\_healthy\_percentage = The amount of capacity in the Auto Scaling group that must remain healthy during an instance refresh to allow the operation to continue, as a percentage of the desired capacity of the Auto Scaling group.
instance\_refresh\_triggers = Set of additional property names that will trigger an Instance Refresh. A refresh will always be triggered by a change in any of launch\_configuration, launch\_template, or mixed\_instances\_policy.
on\_demand\_base\_capacity = Absolute minimum amount of desired capacity that must be fulfilled by on-demand instances.
on\_demand\_percentage\_above\_base\_capacity = Percentage split between on-demand and Spot instances above the base on-demand capacity.
spot\_allocation\_strategy = How to allocate capacity across the Spot pools. 'lowest-price' to optimize cost, 'capacity-optimized' to reduce interruptions.
spot\_instance\_pools = Number of Spot pools per availability zone to allocate capacity. EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify.
subnet\_ids = The list of subnet IDs to use for the Runner Worker when the fleet mode is enabled.
default\_instance\_type = Default instance type for the launch template
types = The type of instance to use for the Runner Worker. In case of fleet mode, multiple instance types are supported.
upgrade\_strategy = Auto deploy new instances when launch template changes. Can be either 'bluegreen', 'rolling' or 'off'.
instance\_requirements = Override the instance type in the Launch Template with instance types that satisfy the requirements. | object({
enabled_metrics = optional(list(string), [])
enable_mixed_instances_policy = optional(bool, false)
health_check_grace_period = optional(number, 300)
health_check_type = optional(string, "EC2")
instance_refresh_min_healthy_percentage = optional(number, 90)
instance_refresh_triggers = optional(list(string), [])
on_demand_base_capacity = optional(number, 0)
on_demand_percentage_above_base_capacity = optional(number, 100)
spot_allocation_strategy = optional(string, "lowest-price")
spot_instance_pools = optional(number, 2)
subnet_ids = optional(list(string), [])
default_instance_type = optional(string, "m5.large")
types = optional(list(string), [])
upgrade_strategy = optional(string, "rolling")
instance_requirements = optional(list(object({
allowed_instance_types = optional(list(string), [])
cpu_manufacturers = optional(list(string), [])
instance_generations = optional(list(string), [])
burstable_performance = optional(string)
memory_mib = optional(object({
min = optional(number, null)
max = optional(number, null) }), {})
vcpu_count = optional(object({
min = optional(number, null)
max = optional(number, null) }), {})
})), [])
}) | `{}` | no |
| [runner\_worker\_docker\_autoscaler\_autoscaling\_options](#input\_runner\_worker\_docker\_autoscaler\_autoscaling\_options) | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersautoscalerpolicy-sections | list(object({
periods = list(string)
timezone = optional(string, "UTC")
idle_count = optional(number)
idle_time = optional(string)
scale_factor = optional(number)
scale_factor_limit = optional(number, 0)
})) | `[]` | no |
-| [runner\_worker\_docker\_autoscaler\_instance](#input\_runner\_worker\_docker\_autoscaler\_instance) | ebs\_optimized = Enable EBS optimization for the Runner Worker.
http\_tokens = Whether or not the metadata service requires session tokens.
http\_put\_response\_hop\_limit = The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
monitoring = Enable detailed monitoring for the Runner Worker.
private\_address\_only = Restrict Runner Worker to the use of a private IP address. If `runner_instance.use_private_address_only` is set to `true` (default),
root\_device\_name = The name of the root volume for the Runner Worker.
root\_size = The size of the root volume for the Runner Worker.
start\_script = Cloud-init user data that will be passed to the Runner Worker. Should not be base64 encrypted.
volume\_type = The type of volume to use for the Runner Worker. `gp2`, `gp3`, `io1` or `io2` are supported.
volume\_iops = Guaranteed IOPS for the volume. Only supported when using `gp3`, `io1` or `io2` as `volume_type`.
volume\_throughput = Throughput in MB/s for the volume. Only supported when using `gp3` as `volume_type`. | object({
ebs_optimized = optional(bool, true)
http_tokens = optional(string, "required")
http_put_response_hop_limit = optional(number, 2)
monitoring = optional(bool, false)
private_address_only = optional(bool, true)
root_device_name = optional(string, "/dev/sda1")
root_size = optional(number, 8)
start_script = optional(string, "")
volume_type = optional(string, "gp2")
volume_throughput = optional(number, 125)
volume_iops = optional(number, 3000)
}) | `{}` | no |
+| [runner\_worker\_docker\_autoscaler\_instance](#input\_runner\_worker\_docker\_autoscaler\_instance) | ebs\_optimized = Enable EBS optimization for the Runner Worker.
http\_tokens = Whether or not the metadata service requires session tokens.
http\_put\_response\_hop\_limit = The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
monitoring = Enable detailed monitoring for the Runner Worker.
private\_address\_only = Restrict Runner Worker to the use of a private IP address. If `runner_instance.use_private_address_only` is set to `true` (default),
root\_device\_name = The name of the root volume for the Runner Worker.
root\_size = The size of the root volume for the Runner Worker.
start\_script = Cloud-init user data that will be passed to the Runner Worker. Should not be base64 encrypted.
volume\_type = The type of volume to use for the Runner Worker. `gp2`, `gp3`, `io1` or `io2` are supported.
volume\_iops = Guaranteed IOPS for the volume. Only supported when using `gp3`, `io1` or `io2` as `volume_type`.
volume\_throughput = Throughput in MB/s for the volume. Only supported when using `gp3` as `volume_type`. | object({
ebs_optimized = optional(bool, true)
# TODO should always be "required", right? https://aquasecurity.github.io/tfsec/v1.28.0/checks/aws/ec2/enforce-launch-config-http-token-imds/
http_tokens = optional(string, "required")
http_put_response_hop_limit = optional(number, 2)
monitoring = optional(bool, false)
private_address_only = optional(bool, true)
root_device_name = optional(string, "/dev/sda1")
root_size = optional(number, 8)
start_script = optional(string, "")
volume_type = optional(string, "gp2")
volume_throughput = optional(number, 125)
volume_iops = optional(number, 3000)
}) | `{}` | no |
| [runner\_worker\_docker\_autoscaler\_role](#input\_runner\_worker\_docker\_autoscaler\_role) | additional\_tags = Map of tags that will be added to the Runner Worker.
assume\_role\_policy\_json = Assume role policy for the Runner Worker.
policy\_arns = List of ARNs of IAM policies to attach to the Runner Workers.
profile\_name = Name of the IAM profile to attach to the Runner Workers. | object({
additional_tags = optional(map(string), {})
assume_role_policy_json = optional(string, "")
policy_arns = optional(list(string), [])
profile_name = optional(string, "")
}) | `{}` | no |
| [runner\_worker\_docker\_machine\_ami\_filter](#input\_runner\_worker\_docker\_machine\_ami\_filter) | List of maps used to create the AMI filter for the Runner Worker (docker-machine). | `map(list(string))` | {
"name": [
"ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"
]
} | no |
| [runner\_worker\_docker\_machine\_ami\_id](#input\_runner\_worker\_docker\_machine\_ami\_id) | The ID of the AMI to use for the Runner Worker (docker-machine). | `string` | `""` | no |