diff --git a/README.md b/README.md
index 17889b9..310f679 100755
--- a/README.md
+++ b/README.md
@@ -49,7 +49,6 @@ other optional variables (e.g., `name`, `tags`, etc.) provided by the
 | `github_organization_runner_enabled` | Toggle to activate runners for all projects in the organization.                            | `bool`         | `true`                                |    no    |
 | `runner_binaries_path`               | Path to the GitHub Action runner binaries saved locally before pushed to S3.                | `string`       | `""`                                  |    no    |
 | `runner_ephemeral_mode_enabled`      | Toggle to activate ephemeral runners.                                                       | `bool`         | `false`                               |    no    |
-| `runner_version`                     | Version of the GitHub Action runner.                                                        | `string`       | n/a                                   |   yes    |
 | `runner_os`                          | Operating system for the GitHub Action runner.                                              | `string`       | `"linux"`                             |    no    |
 | `instance_ami_name`                  | Name of the Amazon Machine Image (AMI) for the GitHub Action runner.                        | `string`       | `"al2023-ami-2023.*-kernel-*-x86_64"` |    no    |
 | `instance_types`                     | Set of instance types for the action runner.                                                | `set(string)`  | `["m5ad.large", "m5d.large"]`         |    no    |
diff --git a/assets/instance/userdata.sh b/assets/instance/userdata.sh
index 47da83a..3c88453 100644
--- a/assets/instance/userdata.sh
+++ b/assets/instance/userdata.sh
@@ -82,7 +82,9 @@ AWS_EC2_METADATA_TOKEN=$(curl -f -X PUT "http://169.254.169.254/latest/api/token
 AWS_REGION=$(curl -f -H "X-aws-ec2-metadata-token: $AWS_EC2_METADATA_TOKEN" -v http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)
 AWS_INSTANCE_ID=$(curl -f -H "X-aws-ec2-metadata-token: $AWS_EC2_METADATA_TOKEN" -v http://169.254.169.254/latest/meta-data/instance-id)
 AWS_INSTANCE_AMI_ID=$(curl -f -H "X-aws-ec2-metadata-token: $AWS_EC2_METADATA_TOKEN" -v http://169.254.169.254/latest/meta-data/ami-id)
+AWS_INSTANCE_AZ=$(curl -f -H "X-aws-ec2-metadata-token: $AWS_EC2_METADATA_TOKEN" -v http://169.254.169.254/latest/meta-data/placement/availability-zone)
 AWS_INSTANCE_TAGS=$(aws ec2 describe-tags --region "$AWS_REGION" --filters "Name=resource-id,Values=$AWS_INSTANCE_ID")
+AWS_INSTANCE_TYPE=$(curl -f -H "X-aws-ec2-metadata-token: $AWS_EC2_METADATA_TOKEN" -v http://169.254.169.254/latest/meta-data/instance-type)
 
 # --- configure: docker ---------------------------
 
@@ -159,15 +161,14 @@ while [[ -z "$GHR_CONFIG" ]]; do
 done
 aws ssm delete-parameter --name "$GHR_CORE_CONFIG_TOKEN_PATH/$AWS_INSTANCE_ID" --region "$AWS_REGION"
 
+chown -R "$GHR_CORE_CONFIG_RUN_AS" .
+
 if [ -z "$GHR_CORE_CONFIG_RUN_AS" ]; then
   GHR_CORE_CONFIG_RUN_AS="ec2-user"
 elif [[ "$GHR_CORE_CONFIG_RUN_AS" == "root" ]]; then
   export RUNNER_ALLOW_RUNASROOT=1
 fi
 
-echo "configuring runner..."
-chown -R "$GHR_CORE_CONFIG_RUN_AS" .
-sudo --preserve-env=RUNNER_ALLOW_RUNASROOT -u "$GHR_CORE_CONFIG_RUN_AS" -- ./config.sh --unattended --name "$AWS_INSTANCE_ID" --work "$GHR_CORE_WORK_DIRECTORY" $${GHR_CONFIG}
 
 tee /opt/actions-runner/.setup_info <<EOL
 [{
@@ -175,13 +176,16 @@ tee /opt/actions-runner/.setup_info <<EOL
   "detail": "Distribution: $GHR_SYS_OS\nArchitecture: $GHR_SYS_ARCHITECTURE"
 }, {
   "group": "Runner Image",
-  "detail": "AMI id: $ami_id"
+  "detail": "AMI id: $AWS_INSTANCE_AMI_ID"
+},{
+  "group": "EC2",
+  "detail": "Instance type: $AWS_INSTANCE_TYPE\nAvailability zone: $AWS_INSTANCE_AZ"
 }]
 EOL
 
 echo "creating ephemeral script..."
 cat >/opt/start-runner-service.sh <<-EOF
-  sudo --preserve-env=RUNNER_ALLOW_RUNASROOT -u "$GHR_CORE_CONFIG_RUN_AS" -- ./run.sh
+  sudo --preserve-env=RUNNER_ALLOW_RUNASROOT -u "$GHR_CORE_CONFIG_RUN_AS" -- ./run.sh --jitconfig $${GHR_CONFIG}
   echo "runner is cleaning up..."
   echo "stopping cloudwatch service..."
   systemctl stop amazon-cloudwatch-agent.service
@@ -198,6 +202,7 @@ if [[ $GHR_CORE_CONFIG_AGENT_MODE == "ephemeral" ]]; then
   echo "starting runner as user $GHR_CORE_CONFIG_RUN_AS in ephemeral mode..."
   nohup /opt/start-runner-service.sh &
 else
+  sudo --preserve-env=RUNNER_ALLOW_RUNASROOT -u "$GHR_CORE_CONFIG_RUN_AS" -- ./config.sh --unattended --name "$AWS_INSTANCE_ID" --work "$GHR_CORE_WORK_DIRECTORY" $${GHR_CONFIG}
   echo "starting runner as user $GHR_CORE_CONFIG_RUN_AS..."
   ./svc.sh install "$GHR_CORE_CONFIG_RUN_AS"
   ./svc.sh start
diff --git a/main.tf b/main.tf
index fd37223..9f1bac1 100755
--- a/main.tf
+++ b/main.tf
@@ -2,6 +2,8 @@ locals {
   enabled = coalesce(var.enabled, module.this.enabled, true)
   name    = coalesce(var.name, module.this.name, "github-runner-${random_string.github_runner_random_suffix.result}")
 
+  runner_module_version = "v5.6.0"
+
   aws_account_id   = module.this.enabled && var.aws_account_id != "" ? var.aws_account_id : try(data.aws_caller_identity.current[0].account_id, "")
   aws_region_name  = module.this.enabled && var.aws_region_name != "" ? var.aws_region_name : try(data.aws_region.current[0].name, "")
   aws_kv_namespace = trim(coalesce(var.aws_kv_namespace, "github-runner/${module.github_runner_label.id}"), "/")
@@ -38,13 +40,13 @@ resource "random_string" "github_runner_random_suffix" {
 
 module "github_runner" {
   source  = "philips-labs/github-runner/aws"
-  version = "v3.6.1"
+  version = "v5.6.0" # should match local.runner_module_version
 
   prefix                                  = module.github_runner_label.id
   enable_ephemeral_runners                = var.runner_ephemeral_mode_enabled
   enable_organization_runners             = var.github_organization_runner_enabled
   minimum_running_time_in_minutes         = var.runner_min_running_time
-  runner_extra_labels                     = join(",", var.runner_labels)
+  runner_extra_labels                     = var.runner_labels
   runner_as_root                          = true # required for docker
   runner_iam_role_managed_policy_arns     = [aws_iam_policy.runner.arn]
   runner_binaries_s3_sse_configuration    = { rule = { apply_server_side_encryption_by_default = { sse_algorithm = "AES256" } } }
@@ -134,7 +136,7 @@ module "runner_binaries" {
   artifact_src_path      = "/tmp/runner-binaries"
   docker_build_context   = "${path.module}/assets/runner-binaries"
   docker_build_target    = "package"
-  docker_build_args      = { RUNNER_VERSION = trimprefix(var.runner_version, "v") }
+  docker_build_args      = { RUNNER_VERSION = trimprefix(local.runner_module_version, "v") }
 
   context = module.github_runner_label.context
 }
diff --git a/variables.tf b/variables.tf
index feb25ed..e2014b3 100755
--- a/variables.tf
+++ b/variables.tf
@@ -31,11 +31,6 @@ variable "runner_ephemeral_mode_enabled" {
   default     = false
 }
 
-variable "runner_version" {
-  type        = string
-  description = "Version of the GitHub Action runner."
-}
-
 variable "runner_binaries_path" {
   type        = string
   description = "Path to the GitHub Action runner binaries saved locally before pushed to S3."