Devin AWS VPC Deployment Guide

To enhance deployment efficiency, we recommend utilizing Terraform for automation. Please reach out to us with your GitHub details so that we can provide access to the relevant repository.

Alternatively, if Terraform deployment is not feasible, the following section outlines the prerequisites for the Devin VPC deployment along with the manual steps required to provision the infrastructure.


Networking Requirements

Note that manual configuration of the networking components is necessary. You may refer to our provided resources for guidance.

Deployment Steps

1

Setup Instances for Running VMs

Devin requires a host instance to run isolated virtual machines for each session.

Instance Requirements

RequirementDetails
Instance TypeMetal instances (i3.metal)
Operating SystemUbuntu 24.04
Instance Sizing- 2 vCPUs, 8GB RAM, 128GB Storage
- 8 vCPUs, 32GB RAM, 128GB Storage
NoteThe instance size determines the maximum number of concurrent Devin sessions.
RecommendationWe recommend i3.metal as a baseline.

You can horizontally scale by adding more host instances to increase Devin’s capacity.

Security Group Rules

ConfigurationDetails
VPC SetupConfigure the VPC and Security Group rules
Required Firewall RulesOutbound 443 Internet Access to:
frp-server-0.devin.ai
static.devin.ai
api.devin.ai

General internet access is highly recommended but not mandatory.

2

Setup Storage for VMs

When Devin sessions are suspended, their state is compressed and stored.

2.1 Create an S3 Bucket

  1. Navigate to S3 in the AWS Management Console

  2. Select the appropriate region

  3. Click Create bucket

  4. Set the Bucket name as:

    devin-${CUSTOMER_NAME}-${BUCKET_REGION}
    

    (Replace ${CUSTOMER_NAME} and ${BUCKET_REGION} with actual values)

  5. Click Create bucket

2.2 Apply S3 Bucket Policy & CORS

  1. Open the S3 Bucket you created
  2. Navigate to the Permissions tab
  3. Scroll to Bucket Policy and click Edit
  4. Add the following policy, replacing placeholders:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Principal": {"AWS": "arn:aws:iam::272506498303:role/customer-bucket-access-role"},
            "Effect": "Allow",
            "Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
            "Resource": "arn:aws:s3:::devin-${CUSTOMER_NAME}-${BUCKET_REGION}/*"
        },
        {
            "Principal": {"AWS": "arn:aws:iam::272506498303:role/customer-bucket-access-role"},
            "Effect": "Allow",
            "Action": ["s3:ListBucket"],
            "Resource": "arn:aws:s3:::devin-${CUSTOMER_NAME}-${BUCKET_REGION}"
        }
    ]
}
  1. Click Save
  2. Scroll down to Cross-Origin Resource Sharing (CORS) and click Edit
  3. Enter the following CORS policy:
[
    {
        "AllowedHeaders": ["*"],
        "AllowedMethods": ["GET"],
        "AllowedOrigins": ["*"],
        "ExposeHeaders": []
    }
]
  1. Click Save

Once these resources are created, please provide Cognition with:

  • Your AWS Account ID
  • S3 Bucket Name
  • VPC and Subnets for deployment
  • Security Group ID
  • Any tags for Devin-related resources
3

Register Host Runner

Run the following command:

curl -sSL https://api.devin.ai/hypervisor/setup?token=AUTH_TOKEN -o setup.sh && bash setup.sh

We will share with you the AUTH_TOKEN separately. When the setup is complete, Devin should be ready to start sessions in your VPC environment.

4

Firewall: Requirements

If user devices have a firewall, whitelist the following URLs:

  • app.devin.ai
  • api.devin.ai
  • *.devinapps.com

Sample AWS WAF Rule