Introduction
In DevOps environments we strive for a high level of automation. Automation reduces human errors and introduces standardization across teams and employees. Typical automation tasks can be linting and compiling code or packaging and deploying software. In complex environments automation serves as the backbone of efficient DevOps teams.
We automate such tasks by using so-called runners. These programs listen to an orchestrator which is typically either provided by your Git platform (GitHub, GitLab or Bitbucket) or a third party tool like Jenkins or Travis CI. When a pipeline is triggered, the runner receives some instructions and then executes these commands either locally or inside a container.
As a popular Git provider, GitHub-Actions are among the most popular automation runners. GitHub provides a wide variety of different pre-written Pipelines and Actions or you yourself can write and - in case you want to - can share your scripts with other users. You can either use the runners GitHub is providing you or you can host your own runners. The differentiation is: Do you pay GitHub for compute or do you provide the compute resources yourself to run the pipelines.
AWS has announced a few weeks ago that CodeBuild pipelines now support organization enterprise level self hosted runners for GitHub-Actions. On this occasion I would like to show how AWS CodeBuild can be used to run GitHub actions and why you would want to do that.
Using GitHub‘s provided runners
GitHub is quite generous to hobbyists and open-source projects. There‘s a free tier that allows anybody to run up to 2‘000 minutes of build tasks on GitHub managed runners. The only catch: That‘s only for public repositories. As a company which is developing their own software or hosting their Infrastructure as Code repositories on GitHub, that‘s not an option. The risk of losing valuable intellectual property or even creating security issues is too high.
This means we need a paid subscription to GitHub Team or Enterprise. With each paid seat in your organization, the number of minutes increases by 3‘000 or 50‘000 minutes respectively.
Here’s a short overview of the different pricing models:
| GitHub Free | 500 MB | 2‘000 | 0 $ / user / month |
|---|---|---|---|
| GitHub Team | 2 GB | 3‘000 | 4 $ / user / month |
| GitHub Enterprise Cloud | 50 GB | 50‘000 | 21 $ / user / month |
While 50‘000 minutes per month are surely enough for most organizations to run their builds and pipelines, 21$ per user per month is a hefty price tag. And if you‘re a small team working on a Windows application, the multiplication factor hits and your included minutes divide by two. Every runner using the Windows operating system uses double the amount of minutes from your quota. With macOS even 10x.
But to be fair, this simplification makes it transparent and easy to understand how much the service costs. Here’s again an overview of the different multipliers.
| Operating System | Minute multiplier |
|---|---|
| Linux | 1x |
| Windows | 2x |
| macOS | 10x |
Since GitHub is part of Microsoft, you can expect the GitHub managed runners to run on Azure infrastructure. But there is no easy way of defining where exactly your builds run when using the GitHub provided runners.
AWS CodeBuild
Theoretically you could go and use any EC2 instance in AWS as runner hosts, but that’s cumbersome. Thankfully, AWS has its own managed solution for runners called AWS CodeBuild. CodeBuild is part of the Code… series of services like CodePipeline for orchestrating whole Pipelines, CodeDeploy which is self explanatory or CodeArtifact to store software artifacts. The Code… series of services also integrates with other AWS services like S3 to store artifacts or reports. You can also integrate with ECR as OCI compliant registry to host Images or HelmCharts.
CodeBuild offers a wide variety of options for software construction. You can choose between different instance types which run your pipelines and you maintain control over where instances run (which region) and even if they should be placed in a VPC for easy network connectivity. AWS CodeBuild lets you remain in control over your compute instances while retaining the flexibility of managed runners.
AWS CodeBuild lets you choose if you’d like to run your pipelines on reserved or on-demand compute capacity or even in Lambda Functions.
AWS Connector for GitHub
The easiest way to connect your AWS account to your GitHub account is by installing the AWS Connector for GitHub. In the AWS console, under "connections," you can install the Connector as an "application" on your GitHub account. This will enable AWS to read and write settings on the GitHub repositories you grant the application access to. When you create a new pipeline in AWS CodeBuild, the application will automatically add a webhook to the selected repository. This webhook is then triggered by GitHub to run a pipeline on AWS.
Pricing
Besides the flexibility, there’s also a financial incentive to use AWS hosted runners. Nothing beats a table for comparison, so here’s an overview of the prices that GitHub and AWS charge per minute in different regions.
Using Linux instances:
| CPU | GitHub | AWS (us-east-1) | AWS eu-central-1) | AWS (eu-central-2) |
|---|---|---|---|---|
| 2 vCPU (arm) | 0.005 | 0.0034 | 0.00385 | N/A |
| 2 vCPU (x64) | 0.008 | 0.005 | 0.005 | 0.005 |
| 4 vCPU (arm) | 0.01 | 0.007 | 0.008 | N/A |
| 4 vCPU (x64) | 0.016 | 0.01 | 0.01 | 0.01 |
| 8 vCPU (arm) | 0.02 | 0.015 | 0.0175 | N/A |
| 8 vCPU (x64) | 0.032 | 0.02 | 0.02 | 0.02 |
Windows Runners:
| CPU | GitHub | AWS (us-east-1) | AWS (eu-central-1) | AWS (eu-central-2) |
|---|---|---|---|---|
| 2 vCPU (x64) | 0.016 | N/A | N/A | N/A |
| 4 vCPU (x64) | 0.032 | 0.018 | 0.019 | N/A |
| 8 vCPU (x64) | 0.064 | 0.02 | 0.038 | N/A |
(eu-east-1 = North Virginia, eu-central-1 = Frankfurt, eu-central-2 = Zürich)
While AWS has some limitations in the variety of runners, especially in the Zürich region, the available runners are significantly cheaper than the GitHub ones. And these are only the on-demand prices. Using reserved capacity can lower the price per minute by half or more.
Automate and Deploy
Besides the price there’s another good argument for using CodeBuild with GitHub. You might spare yourself the need of gapping the bridge through authentication to your infrastructure.
In case you’re using Terraform or OpenTofu, the open source fork of terraform, you can plan changes, store those plans as artefacts in S3 and apply them later on. Another possibility is to execute system tests by placing the runner instance into the VPC where the testing Database runs. And last but not least, in case your application runs on AWS, e.g. ECS or EKS, deployment becomes a breeze since the build artifacts and containers are already within AWS and don‘t need to travel over the public internet from any third party provider. This brings you the best of both worlds.
Video
Demonstrating the power of CodeBuild with GitHub Actions, I've created a video illustrating how to apply Terraform code and trigger Lambda functions.
Conclusion
CodeBuild self hosted runners offer an easy, secure and affordable way of taking advantage of combining leading Git platforms and AWS computation power. Besides being more affordable than GitHub hosted runners, CodeBuild integrates with your AWS environment and brings your software construction, testing and deploy tasks closer to your infrastructure.
Sources
- https://aws.amazon.com/about-aws/whats-new/2025/03/aws-codebuild-organization-enterprise-level-github-self-hosted-runners/
- https://aws.amazon.com/codebuild/pricing/
- https://docs.github.com/en/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions
- https://docs.github.com/en/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners
Top comments (4)
Pretty cool seeing these options lined up - always makes me double check how I’m running my projects.
This will work great for a lot of teams -- they're already spending time in AWS, and Codebuild provides a reasonable alternative.
But at the end of the day is a change in compute, and struggles to elevate the experience beyond that.
Thinks become more interesting when beyond compute you have a set of infrastructure that works together to solve your problem: fast and cost effective CI. Compute, but also observability, docker builds, registry, previews, and more.
That's why we built namespace.so.
been looking at this exact thing lately and yeah, cost adds up way faster than people think - you reckon over time the control is worth more than saving a few cents on runner minutes?
Honestly, if your usage is below the free / included minutes on GitHub and you don't have the need to run your jobs on AWS, stick with GitHub. But in case you need more, AWS is the cheaper option.