Static IPs
RunsOn supports private networking on AWS, enabling the use of static IPs for egress traffic originating from GitHub Actions runners. This feature is especially useful for organizations that require strict network controls or need to whitelist IP addresses for accessing external resources.
How it Works
RunsOn automatically creates private subnets for your GitHub Action runners, and provisions a single NAT Gateway, costing about $60/month (not including bandwidth costs).
The NAT Gateway is assigned an Elastic IP (EIP) - a static IP address provided by AWS. This EIP becomes the source IP for all outbound traffic from your runners, ensuring that your egress traffic has a consistent and whitelistable IP address.
Then, whenever you want your runners to be launched in the private subnet and thus benefit from the static IP, you simply need to add the private=true label to your runs-on: definition:
jobs: build: runs-on: - runs-on - private=true - ...other labels...Configuration
To take advantage of private networking and static IPs in RunsOn, you need to enable this feature during the setup process, or reconfigure your stack to enable it. RunsOn handles the provisioning and configuration of the necessary AWS resources, including the assignment of the Elastic IPs to the NAT Gateways.
You can easily switch between Public or Private mode by changing the Private CloudFormation parameter to true (Private) or false (Public). By default, RunsOn creates the Stack in Public mode, because NAT gateways incur additional costs and are not needed in most cases.