AWS VPC Setup
Guide for setting up Devin in your AWS VPC
Devin AWS VPC Deployment Guide
This guide outlines the process for deploying Devin in your AWS Virtual Private Cloud (VPC) environment, providing access to resources within your corporate firewall.
Terraform Deployment (Recommended)
Terraform deployment is our recommended approach for setting up Devin in your AWS VPC. This automated method ensures consistent, repeatable infrastructure provisioning with minimal manual configuration.
Prerequisites
Before beginning the Terraform deployment process, ensure you have:
- Setup VPC for Devin (either use an existing VPC or provision a new one)
- Ensure you have an IAM role or service account that has permission to:
- create ec2 auto-scale instances
- create s3 instances in your region
- Ensure your AWS account can support instances with at least 70 virtual CPUs
- Terraform (version 1.0 or later) installed
Step-by-Step Deployment Process
Collect AWS Environment Information
Gather the following information which will be required for the Terraform configuration:
- AWS Account Number (12-digit number)
- VPC ID (vpc-xxxxxxxxxxxxxxxxx)
- Two Subnet IDs:
- subnet-xxxxxxxxxxxxxxxxx
- subnet-xxxxxxxxxxxxxxxxx
Helpful AWS CLI commands:
Configure Firewall Access
Ensure your endpoint security systems (user devices that will access Devin) allow access to:
- app.devin.ai
- api.devin.ai
- *.devinapps.com
Ensure your endpoint security systems (user devices that will access Devin) allow access to:
- app.devin.ai
- api.devin.ai
- *.devinapps.com
Ensure your VPC security groups allow access to:
- frp-server-0.devin.ai
- static.devin.ai
- api.devin.ai
Obtain Terraform Configuration and Auth Token
Contact Cognition to receive:
- An authentication token for pulling the hypervisor image
- The Terraform configuration files customized for your environment
Once you share your environment information (from Step 1), we will provide these resources to you.
Execute Terraform Script
We can schedule a call to execute this step together. The process involves:
-
Extract the Terraform configuration files to a directory on your local machine:
-
Initialize the Terraform environment:
-
Review the planned infrastructure changes:
-
Apply the configuration to provision the infrastructure:
-
Confirm the changes when prompted.
The Terraform scripts will set up all necessary components including EC2 instances, S3 buckets, security groups, IAM roles, and the hypervisor registration.
Run First Devin Session
After the Terraform script completes successfully, we will work together to:
- Verify that the resources have been created in your AWS console
- Run a first Devin session to ensure connectivity to the required services
- Debug any issues that arise with the support of Cognition team
Terraform Deployment (Recommended)
Terraform deployment is our recommended approach for setting up Devin in your AWS VPC. This automated method ensures consistent, repeatable infrastructure provisioning with minimal manual configuration.
Prerequisites
Before beginning the Terraform deployment process, ensure you have:
- Setup VPC for Devin (either use an existing VPC or provision a new one)
- Ensure you have an IAM role or service account that has permission to:
- create ec2 auto-scale instances
- create s3 instances in your region
- Ensure your AWS account can support instances with at least 70 virtual CPUs
- Terraform (version 1.0 or later) installed
Step-by-Step Deployment Process
Collect AWS Environment Information
Gather the following information which will be required for the Terraform configuration:
- AWS Account Number (12-digit number)
- VPC ID (vpc-xxxxxxxxxxxxxxxxx)
- Two Subnet IDs:
- subnet-xxxxxxxxxxxxxxxxx
- subnet-xxxxxxxxxxxxxxxxx
Helpful AWS CLI commands:
Configure Firewall Access
Ensure your endpoint security systems (user devices that will access Devin) allow access to:
- app.devin.ai
- api.devin.ai
- *.devinapps.com
Ensure your endpoint security systems (user devices that will access Devin) allow access to:
- app.devin.ai
- api.devin.ai
- *.devinapps.com
Ensure your VPC security groups allow access to:
- frp-server-0.devin.ai
- static.devin.ai
- api.devin.ai
Obtain Terraform Configuration and Auth Token
Contact Cognition to receive:
- An authentication token for pulling the hypervisor image
- The Terraform configuration files customized for your environment
Once you share your environment information (from Step 1), we will provide these resources to you.
Execute Terraform Script
We can schedule a call to execute this step together. The process involves:
-
Extract the Terraform configuration files to a directory on your local machine:
-
Initialize the Terraform environment:
-
Review the planned infrastructure changes:
-
Apply the configuration to provision the infrastructure:
-
Confirm the changes when prompted.
The Terraform scripts will set up all necessary components including EC2 instances, S3 buckets, security groups, IAM roles, and the hypervisor registration.
Run First Devin Session
After the Terraform script completes successfully, we will work together to:
- Verify that the resources have been created in your AWS console
- Run a first Devin session to ensure connectivity to the required services
- Debug any issues that arise with the support of Cognition team
Manual Deployment
If Terraform deployment is not feasible in your environment, this section outlines the manual steps required to provision the infrastructure.
Networking Requirements
Note that manual configuration of the networking components is necessary. You may refer to our provided resources for guidance.
Deployment Steps
Setup Instances for Running VMs
Devin requires a host instance to run isolated virtual machines for each session.
Instance Requirements
| Requirement | Details |
|---|---|
| Instance Type | Metal instances (i3.metal) |
| Operating System | Ubuntu 24.04 |
| Instance Sizing | - 2 vCPUs, 8GB RAM, 128GB Storage - 8 vCPUs, 32GB RAM, 128GB Storage |
| Note | The instance size determines the maximum number of concurrent Devin sessions. |
| Recommendation | We recommend i3.metal as a baseline. |
You can horizontally scale by adding more host instances to increase Devin’s capacity.
Security Group Rules
| Configuration | Details |
|---|---|
| VPC Setup | Configure the VPC and Security Group rules |
| Required Firewall Rules | Outbound 443 Internet Access to: |
frp-server-0.devin.ai | |
static.devin.ai | |
api.devin.ai |
General internet access is highly recommended but not mandatory.
Setup Storage for VMs
When Devin sessions are suspended, their state is compressed and stored.
2.1 Create an S3 Bucket
-
Navigate to S3 in the AWS Management Console
-
Select the appropriate region
-
Click Create bucket
-
Set the Bucket name as:
(Replace
${YOUR_ORGANIZATION}and${BUCKET_REGION}with actual values) -
Click Create bucket
2.2 Apply S3 Bucket Policy & CORS
- Open the S3 Bucket you created
- Navigate to the Permissions tab
- Scroll to Bucket Policy and click Edit
- Add the following policy, replacing placeholders:
- Click Save
- Scroll down to Cross-Origin Resource Sharing (CORS) and click Edit
- Enter the following CORS policy:
- Click Save
Once these resources are created, please provide Cognition with:
- Your AWS Account ID
- S3 Bucket Name
- VPC and Subnets for deployment
- Security Group ID
- Any tags for Devin-related resources
Register Host Runner
Run the following command:
We will share with you the AUTH_TOKEN separately. When the setup is complete, Devin should be ready to start sessions in your VPC environment.
Firewall: Requirements
If user devices have a firewall, whitelist the following URLs:
app.devin.aiapi.devin.ai*.devinapps.com
Sample AWS WAF Rule