> ## Documentation Index
> Fetch the complete documentation index at: https://docs.devin.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS VPC Setup

> Guide for setting up Devin in your AWS VPC

# **Devin AWS VPC Deployment Guide**

This guide outlines the process for deploying Devin in your AWS Virtual Private Cloud (VPC) environment, providing access to resources within your corporate firewall.

<Tabs>
  <Tab title="Simple Setup (Terraform)">
    ## Terraform Deployment (Recommended)

    Terraform deployment is our recommended approach for setting up Devin in your AWS VPC. This automated method ensures consistent, repeatable infrastructure provisioning with minimal manual configuration.

    <Frame>
      <img src="https://mintcdn.com/cognitionai/jlReMiXrsokGIcK7/images/terraform-workflow.png?fit=max&auto=format&n=jlReMiXrsokGIcK7&q=85&s=9a4846f3083d5cca7903a3982cb44552" alt="Terraform Deployment Workflow" width="2284" height="1282" data-path="images/terraform-workflow.png" />
    </Frame>

    ### Prerequisites

    Before beginning the Terraform deployment process, ensure you have:

    * Setup VPC for Devin (either use an existing VPC or provision a new one)
    * Ensure you have an IAM role or service account that has permission to:
      * create ec2 auto-scale instances
      * create s3 instances in your region
    * Ensure your AWS account can support instances with at least 70 virtual CPUs
    * Terraform (version 1.0 or later) installed

    ### Step-by-Step Deployment Process

    <Steps>
      <Step title="Collect AWS Environment Information">
        Gather the following information which will be required for the Terraform configuration:

        * AWS Account Number (12-digit number)
        * VPC ID (vpc-xxxxxxxxxxxxxxxxx)
        * Two Subnet IDs:
          * subnet-xxxxxxxxxxxxxxxxx
          * subnet-xxxxxxxxxxxxxxxxx

        **Helpful AWS CLI commands:**

        ```bash theme={null}
        # List your VPCs
        aws ec2 describe-vpcs

        # List subnets in a specific VPC
        aws ec2 describe-subnets --filters "Name=vpc-id,Values=<your-vpc-id>"
        ```
      </Step>

      <Step title="Configure Firewall Access">
        <Tabs>
          <Tab title="User Device Firewall">
            Ensure your endpoint security systems (user devices that will access Devin) allow access to:

            * \*.devin.ai
            * \*.devinenterprise.com
            * \*.devinapps.com
          </Tab>

          <Tab title="VPC Firewall">
            Ensure your VPC security groups allow access to:

            * frp-server-0.devin.ai
            * static.devin.ai
            * api.devin.ai
          </Tab>
        </Tabs>

        <Frame>
          <img src="https://mintcdn.com/cognitionai/SST7qBOGO28X2sVc/images/aws-firewall.png?fit=max&auto=format&n=SST7qBOGO28X2sVc&q=85&s=a687822a8153c6ca63ac981167388ac0" alt="AWS Firewall Configuration" width="1609" height="739" data-path="images/aws-firewall.png" />
        </Frame>
      </Step>

      <Step title="Obtain Terraform Configuration and Auth Token">
        Contact Cognition to receive:

        1. An authentication token for pulling the hypervisor image
        2. The Terraform configuration files customized for your environment

        Once you share your environment information (from Step 1), we will provide these resources to you.
      </Step>

      <Step title="Execute Terraform Script">
        We can schedule a call to execute this step together. The process involves:

        1. Extract the Terraform configuration files to a directory on your local machine:
           ```bash theme={null}
           mkdir -p ~/devin-terraform && cd ~/devin-terraform
           # Extract files received from Cognition
           ```

        2. Initialize the Terraform environment:
           ```bash theme={null}
           terraform init
           ```

        3. Review the planned infrastructure changes:
           ```bash theme={null}
           terraform plan
           ```

        4. Apply the configuration to provision the infrastructure:
           ```bash theme={null}
           terraform apply
           ```

        5. Confirm the changes when prompted.

        <Note>
          The Terraform scripts will set up all necessary components including EC2 instances, S3 buckets, security groups, IAM roles, and the hypervisor registration.
        </Note>
      </Step>

      <Step title="Run First Devin Session">
        After the Terraform script completes successfully, we will work together to:

        1. Verify that the resources have been created in your AWS console
        2. Run a first Devin session to ensure connectivity to the required services
        3. Debug any issues that arise with the support of Cognition team
      </Step>
    </Steps>
  </Tab>

  <Tab title="Advanced Setup (Manual)">
    ## Manual Deployment

    If Terraform deployment is not feasible in your environment, this section outlines the manual steps required to provision the infrastructure.

    ### Networking Requirements

    Note that manual configuration of the networking components is necessary. You may refer to our provided resources for guidance.

    ### Deployment Steps

    <Steps>
      <Step title="Setup Instances for Running VMs">
        Devin requires a host instance to run **isolated virtual machines** for each session.

        #### **Instance Requirements**

        | Requirement          | Details                                                                       |
        | :------------------- | :---------------------------------------------------------------------------- |
        | **Instance Type**    | Metal instances (`i3.metal`)                                                  |
        | **Operating System** | Ubuntu 24.04                                                                  |
        | **Instance Sizing**  | - 2 vCPUs, 8GB RAM, 128GB Storage  <br /> - 8 vCPUs, 32GB RAM, 128GB Storage  |
        | **Note**             | The instance size determines the maximum number of concurrent Devin sessions. |
        | **Recommendation**   | We recommend `i3.metal` as a baseline.                                        |

        <Tip>
          You can **horizontally scale** by adding more host instances to increase Devin's capacity.
        </Tip>

        #### **Security Group Rules**

        | **Configuration**           | **Details**                                |
        | :-------------------------- | :----------------------------------------- |
        | **VPC Setup**               | Configure the VPC and Security Group rules |
        | **Required Firewall Rules** | **Outbound 443 Internet Access to:**       |
        |                             | `frp-server-0.devin.ai`                    |
        |                             | `static.devin.ai`                          |
        |                             | `api.devin.ai`                             |

        <Warning>
          General internet access is **highly recommended** but not mandatory.
        </Warning>
      </Step>

      <Step title="Setup Storage for VMs">
        When **Devin sessions** are suspended, their state is **compressed and stored**.

        #### **2.1 Create an S3 Bucket**

        1. Navigate to **S3** in the **AWS Management Console**
        2. Select the appropriate region
        3. Click **Create bucket**
        4. Set the **Bucket name** as:

           ```
           devin-${YOUR_ORGANIZATION}-${BUCKET_REGION}
           ```

           *(Replace `${YOUR_ORGANIZATION}` and `${BUCKET_REGION}` with actual values)*
        5. Click **Create bucket**

        #### **2.2 Apply S3 Bucket Policy & CORS**

        1. Open the **S3 Bucket** you created
        2. Navigate to the **Permissions** tab
        3. Scroll to **Bucket Policy** and click **Edit**
        4. Add the following policy, replacing placeholders:

        ```json theme={null}
        {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Principal": {"AWS": "arn:aws:iam::272506498303:role/customer-bucket-access-role"},
                    "Effect": "Allow",
                    "Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
                    "Resource": "arn:aws:s3:::devin-${YOUR_ORGANIZATION}-${BUCKET_REGION}/*"
                },
                {
                    "Principal": {"AWS": "arn:aws:iam::272506498303:role/customer-bucket-access-role"},
                    "Effect": "Allow",
                    "Action": ["s3:ListBucket"],
                    "Resource": "arn:aws:s3:::devin-${YOUR_ORGANIZATION}-${BUCKET_REGION}"
                }
            ]
        }
        ```

        5. Click **Save**
        6. Scroll down to **Cross-Origin Resource Sharing (CORS)** and click **Edit**
        7. Enter the following CORS policy:

        ```json theme={null}
        [
            {
                "AllowedHeaders": ["*"],
                "AllowedMethods": ["GET"],
                "AllowedOrigins": ["*"],
                "ExposeHeaders": []
            }
        ]
        ```

        8. Click **Save**

        <Note>
          Once these resources are created, please provide Cognition with:

          * Your **AWS Account ID**
          * **S3 Bucket Name**
          * **VPC and Subnets** for deployment
          * **Security Group ID**
          * Any **tags** for Devin-related resources
        </Note>
      </Step>

      <Step title="Register Host Runner">
        Run the following command:

        ```bash theme={null}
        curl -sSL https://api.devin.ai/hypervisor/setup?token=AUTH_TOKEN -o setup.sh && bash setup.sh
        ```

        <Note>
          We will share with you the **AUTH\_TOKEN** separately. When the setup is complete, **Devin** should be ready to start sessions in your **VPC** environment.
        </Note>
      </Step>

      <Step title="Firewall: Requirements">
        If user devices have a firewall, allowlist the following URLs:

        * `*.devin.ai`
        * `*.devinenterprise.com`
        * `*.devinapps.com`
                  <br />

        **Sample AWS WAF Rule**

        <img src="https://mintcdn.com/cognitionai/SST7qBOGO28X2sVc/images/aws-firewall.png?fit=max&auto=format&n=SST7qBOGO28X2sVc&q=85&s=a687822a8153c6ca63ac981167388ac0" alt="AWS-Firewall" width="1609" height="739" data-path="images/aws-firewall.png" />
      </Step>
    </Steps>
  </Tab>
</Tabs>
