Instance Profile

Prerequisites

Here's a checklist of things to have setup on AWS when getting started:

✅ AWS IAM Instance Profile

Create an IAM instance profile and role attached to the instance profile. Here's how:

✅ Warpbuild Integration IAM role name

Fetch the IAM role name from the WarpBuild connection page for the runner. WarpBuild Connections

WarpBuild Role Name Format: warpbuild-<UUID>

Setup Permissions

Execute the below command to grant the iam.PassRole permission to the warpbuild-<UUID> role.

aws iam put-role-policy \
    --role-name <Warpbuild Role Name> \
    --policy-name PassRolePolicy \
    --policy-document '{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": "iam:PassRole",
                "Resource": "<Role to be attached to BYOC EC2 runners and linked to the instance profile>",
                "Condition": {
                    "StringEquals": {
                        "iam:PassedToService": "ec2.amazonaws.com"
                    }
                }
            }
        ]
    }'

To verify the policy is attached, run the below command:

aws iam simulate-principal-policy \
    --policy-source-arn <Warpbuild Role Name> \
    --action-names iam:PassRole \
    --resource-arns <Role to be attached to BYOC EC2 runners and linked to the instance profile> \
    --context-entries ContextKeyName=iam:PassedToService,ContextKeyType=string,ContextKeyValues=ec2.amazonaws.com

Attach IAM roles to the runners

Use the Instance Profile ARN while configuring the stack for all the runners in stack. You can also override this at the Custom Runner configuration.

Prerequisites​

✅ AWS IAM Instance Profile​

✅ Warpbuild Integration IAM role name​

Setup Permissions​

Attach IAM roles to the runners​

Prerequisites

✅ AWS IAM Instance Profile

✅ Warpbuild Integration IAM role name

Setup Permissions

Attach IAM roles to the runners