I have and AWS ec-2 machine that runs the gitlab-runner. In gitlab I have enabled the private runner that I deployed on AWS ec2 instance and disabled all the shared runners. I don't have a privately hosted gitlab. I am just using their free version. I wanted to only enable gitlab's ip to access the gitlab-runner on aws so I first removed all the inbound rules to deny all inbound connections and removed the elastic ip from that instance just to check if it fails but I was surprised to find out that it still builds the image. Am I missing something here ? because gitlab cannot talk to the gitlab-runner without a public ip. I am really baffled here. Any help would be appreciated.
The GitLab runner does not require any inbound ports to be opened. The runner connects to the GitLab instance, not the other way around.