WarpBuild LogoWarpBuild Docs
BYOC/AWS

Instance Profile

Attach IAM Instance Profile to EC2 runners

Prerequisites

Here's a checklist of things to have setup on AWS when getting started:

✅ AWS IAM Instance Profile

Create an IAM instance profile and role attached to the instance profile. Here's how:

✅ Warpbuild Integration IAM role name

Fetch the IAM role name from the WarpBuild connection page for the runner. WarpBuild Connections

WarpBuild Role Name Format: warpbuild-<UUID>

Setup Permissions

Execute the below command to grant the iam.PassRole permission to the warpbuild-<UUID> role.

aws iam put-role-policy \
    --role-name <Warpbuild Role Name> \
    --policy-name PassRolePolicy \
    --policy-document '{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": "iam:PassRole",
                "Resource": "<Role to be attached to BYOC EC2 runners and linked to the instance profile>",
                "Condition": {
                    "StringEquals": {
                        "iam:PassedToService": "ec2.amazonaws.com"
                    }
                }
            }
        ]
    }'

To verify the policy is attached, run the below command:

aws iam simulate-principal-policy \
    --policy-source-arn <Warpbuild Role Name> \
    --action-names iam:PassRole \
    --resource-arns <Role to be attached to BYOC EC2 runners and linked to the instance profile> \
    --context-entries ContextKeyName=iam:PassedToService,ContextKeyType=string,ContextKeyValues=ec2.amazonaws.com

Attach IAM roles to the runners

Use the Instance Profile ARN while configuring the stack for all the runners in stack. You can also override this at the Custom Runner configuration.

Last updated on

Config

Configuration and best practices for setting up AWS with WarpBuild

Azure

Github actions runners on your Azure Subscription, managed by WarpBuild

On this page