Azure VPC Setup
Guide for setting up Devin in your Azure VPC
Devin Azure VPC Deployment Guide
This guide outlines the process for deploying Devin in your Azure Virtual Private Cloud (VPC) environment, providing access to resources within your corporate firewall.
Terraform Deployment (Recommended)
Terraform deployment is our recommended approach for setting up Devin in your Azure VPC. This automated method ensures consistent, repeatable infrastructure provisioning with minimal manual configuration.
Prerequisites
Before beginning the Terraform deployment process, ensure you have:
- Setup VPC for Devin (either use an existing VPC or provision a new one)
- Ensure you have an Azure account with permissions to:
- create virtual machines
- create storage accounts in your region
- Ensure your Azure account can support instances with at least 70 virtual CPUs
- Terraform (version 1.0 or later) installed
Step-by-Step Deployment Process
Collect Azure Environment Information
Gather the following information which will be required for the Terraform configuration:
- Azure Subscription ID (GUID format)
- VPC ID (Virtual Network name)
- Two Subnet names:
- subnet-1
- subnet-2
Helpful Azure CLI commands:
Configure Firewall Access
Ensure your endpoint security systems (user devices that will access Devin) allow access to:
- app.devin.ai
- api.devin.ai
- *.devinapps.com
Ensure your endpoint security systems (user devices that will access Devin) allow access to:
- app.devin.ai
- api.devin.ai
- *.devinapps.com
Ensure your VPC security groups allow access to:
- frp-server-0.devin.ai
- static.devin.ai
- api.devin.ai
Obtain Terraform Configuration and Auth Token
Contact Cognition to receive:
- An authentication token for pulling the hypervisor image
- The Terraform configuration files customized for your environment
Once you share your environment information (from Step 1), we will provide these resources to you.
Execute Terraform Script
We can schedule a call to execute this step together. The process involves:
-
Extract the Terraform configuration files to a directory on your local machine:
-
Initialize the Terraform environment:
-
Review the planned infrastructure changes:
-
Apply the configuration to provision the infrastructure:
-
Confirm the changes when prompted.
The Terraform scripts will set up all necessary components including virtual machines, storage accounts, security groups, IAM roles, and the hypervisor registration.
Run First Devin Session
After the Terraform script completes successfully, we will work together to:
- Verify that the resources have been created in your Azure portal
- Run a first Devin session to ensure connectivity to the required services
- Debug any issues that arise with the support of Cognition team
Terraform Deployment (Recommended)
Terraform deployment is our recommended approach for setting up Devin in your Azure VPC. This automated method ensures consistent, repeatable infrastructure provisioning with minimal manual configuration.
Prerequisites
Before beginning the Terraform deployment process, ensure you have:
- Setup VPC for Devin (either use an existing VPC or provision a new one)
- Ensure you have an Azure account with permissions to:
- create virtual machines
- create storage accounts in your region
- Ensure your Azure account can support instances with at least 70 virtual CPUs
- Terraform (version 1.0 or later) installed
Step-by-Step Deployment Process
Collect Azure Environment Information
Gather the following information which will be required for the Terraform configuration:
- Azure Subscription ID (GUID format)
- VPC ID (Virtual Network name)
- Two Subnet names:
- subnet-1
- subnet-2
Helpful Azure CLI commands:
Configure Firewall Access
Ensure your endpoint security systems (user devices that will access Devin) allow access to:
- app.devin.ai
- api.devin.ai
- *.devinapps.com
Ensure your endpoint security systems (user devices that will access Devin) allow access to:
- app.devin.ai
- api.devin.ai
- *.devinapps.com
Ensure your VPC security groups allow access to:
- frp-server-0.devin.ai
- static.devin.ai
- api.devin.ai
Obtain Terraform Configuration and Auth Token
Contact Cognition to receive:
- An authentication token for pulling the hypervisor image
- The Terraform configuration files customized for your environment
Once you share your environment information (from Step 1), we will provide these resources to you.
Execute Terraform Script
We can schedule a call to execute this step together. The process involves:
-
Extract the Terraform configuration files to a directory on your local machine:
-
Initialize the Terraform environment:
-
Review the planned infrastructure changes:
-
Apply the configuration to provision the infrastructure:
-
Confirm the changes when prompted.
The Terraform scripts will set up all necessary components including virtual machines, storage accounts, security groups, IAM roles, and the hypervisor registration.
Run First Devin Session
After the Terraform script completes successfully, we will work together to:
- Verify that the resources have been created in your Azure portal
- Run a first Devin session to ensure connectivity to the required services
- Debug any issues that arise with the support of Cognition team
Manual Deployment
If Terraform deployment is not feasible in your environment, this section outlines the manual steps required to provision the infrastructure.
Networking Requirements
Note that manual configuration of the networking components is necessary. You may refer to our provided resources for guidance.
Deployment Steps
Grant Admin Consent to the Devin Enterprise App
Open the following URL in your browser:
If you receive, “Admin Required”, that means that your admin permissions are insufficient.
You can check the permissions with the following command:
Once consent is granted, proceed with the following steps. You can check this by viewing applications within your Azure tenant.
Setup Instances for Running VMs
Devin requires a host instance to run isolated virtual machines for each session.
Instance Requirements
| Requirement | Details |
|---|---|
| Instance Type | Instances that support Virtualization (Standard_L80as_v3) |
| Operating System | Ubuntu 24.04 |
| Instance Sizing | - 2 vCPUs, 8GB RAM, 128GB Storage - 8 vCPUs, 32GB RAM, 128GB Storage |
| Note | The instance size determines the maximum number of concurrent Devin sessions. |
| Recommendation | We recommend Standard_L80as_v3 as a baseline. |
You can horizontally scale by adding more host instances to increase Devin’s capacity.
Security Group Rules
| Configuration | Details |
|---|---|
| VPC Setup | Configure the VPC and Security Group rules |
| Required Firewall Rules | Outbound 443 Internet Access to: |
frp-server-0.devin.ai | |
static.devin.ai | |
api.devin.ai |
General internet access is highly recommended but not mandatory.
Setup Storage for VMs
When Devin sessions are suspended, their state is compressed and stored.
2.1 Create an Azure Storage Account
- In the Azure Portal, search for and select Storage Accounts.
- Click + Create.
- Set the following details:
-
Subscription: Choose your subscription
-
Resource Group: Select the resource group
-
Storage Account Name: Enter
(Replace
${CUSTOMER_NAME}and${REGION}with actual values) -
Region: Choose your preferred region
-
Performance: Standard
-
Redundancy: Zone-Redundant Storage (ZRS)
-
- Click Review + Create, then Create.
2.2 Configure Storage Account Access & CORS
- Once created, navigate to your Storage Account → Settings → Resource Sharing (CORS).
- Add a row with the following values:
- Allowed Origins:
* - Allowed Methods:
GET - Allowed Headers:
*
- Allowed Origins:
- Click Save.
- Navigate to the Access Control (IAM) section.
- Click + Add and select Add role assignment.
- Select the Storage Blob Data Contributor role.
- Assign access to User, group, or service principal.
- Select the Managed Identity created in the next step.
- Click Review + assign.
2.3 Create a Managed Identity
- Navigate to Managed Identities in the Azure Portal and click + Create.
- Set the following details:
- Subscription: Choose your subscription
- Resource Group: Select the resource group where the Devin VMs were created
- Region: Select the region containing the Devin VMs
- Name:
devin-vm-identity
- Click Review + Assign.
- Visit the resource page for the Devin VMs created above and click Security → Identity in the sidebar.
- Select the User Assigned tab and click Add User Assigned Managed Identity.
- Search for
devin-vm-identityand click Add. - Repeat steps 4-6 for any new VMs created.
Once these resources are created, please provide Cognition with:
- Your Azure Subscription ID
- Storage Account Name
- Virtual Network and Subnets for deployment
- Network Security Group Name
- Any tags for Devin-related resources
Register Host Runner
Run the following command:
We will share with you the AUTH_TOKEN separately. When the setup is complete, Devin should be ready to start sessions in your VPC environment.
Firewall: Requirements
If user devices have a firewall, whitelist the following URLs:
app.devin.aiapi.devin.ai*.devinapps.com
Sample Azure WAF Rule