Devin Azure VPC Deployment Guide

To enhance deployment efficiency, we recommend utilizing Terraform for automation. Please reach out to us with your GitHub details so that we can provide access to the relevant repository.

Alternatively, if Terraform deployment is not feasible, the following section outlines the prerequisites for the Devin VPC deployment along with the manual steps required to provision the infrastructure.


Networking Requirements

Note that manual configuration of the networking components is necessary. You may refer to our provided resources for guidance.

Deployment Steps

1

Setup Instances for Running VMs

Devin requires a host instance to run isolated virtual machines for each session.

Instance Requirements

RequirementDetails
Instance TypeMetal instances (Lasv3)
Operating SystemUbuntu 24.04
Instance Sizing- 2 vCPUs, 8GB RAM, 128GB Storage
- 8 vCPUs, 32GB RAM, 128GB Storage
NoteThe instance size determines the maximum number of concurrent Devin sessions.
RecommendationWe recommend Standard_L80as_v3 as a baseline.

You can horizontally scale by adding more host instances to increase Devin’s capacity.

Security Group Rules

ConfigurationDetails
VPC SetupConfigure the VPC and Security Group rules
Required Firewall RulesOutbound 443 Internet Access to:
frp-server-0.devin.ai
static.devin.ai
api.devin.ai

General internet access is highly recommended but not mandatory.

2

Setup Storage for VMs

When Devin sessions are suspended, their state is compressed and stored in Azure Blob Storage.

Step 2.1: Grant Admin Consent

  1. Open the following URL in your browser:

    https://login.microsoftonline.com/organizations/adminconsent?client_id=854d72e1-0257-44f3-9df1-4ed0cc8b89a7
    
  2. Log in as an Entra ID (Azure AD) Admin and grant consent to the Devin Enterprise App.


Step 2.2: Create a Storage Account

  1. In the Azure Portal, search for and select Storage Accounts.
  2. Click + Create.
  3. Set the following details:
    • Subscription: Choose your subscription

    • Resource Group: Select the resource group

    • Storage Account Name: Enter

      devin${CUSTOMER_NAME}${REGION}
      

      (Replace ${CUSTOMER_NAME} and ${REGION} with actual values)

    • Region: Choose your preferred region

    • Performance: Standard

    • Redundancy: Zone-Redundant Storage (ZRS)

  4. Click Review + Create, then Create.
  5. Once created, navigate to your Storage AccountSettingsResource Sharing (CORS).
  6. Add a row with the following values:
    • Allowed Origins: *
    • Allowed Methods: GET
    • Allowed Headers: *
  7. Click Save.

Step 2.3: Create a Managed Identity

  1. Navigate to Managed Identities in the Azure Portal and click + Create.
  2. Set the following details:
    • Subscription: Choose your subscription
    • Resource Group: Select the resource group where the Devin VMs were created
    • Region: Select the region containing the Devin VMs
    • Name: devin-vm-identity
  3. Click Review + Assign.
  4. Visit the resource page for the Devin VMs created above and click SecurityIdentity in the sidebar.
  5. Select the User Assigned tab and click Add User Assigned Managed Identity.
  6. Search for devin-vm-identity and click Add.
  7. Repeat steps 4-6 for any new VMs created.

3

Register Host Runner

Run the following command to register the host runner:

curl -sSL https://api.devin.ai/hypervisor/setup?token=AUTH_TOKEN -o setup.sh && bash setup.sh

Cognition will share your AUTH_TOKEN separately. Once setup is complete, Devin will be ready to start sessions in your VPC environment.

If user devices have a firewall, whitelist the following URLs:

  • app.devin.ai
  • api.devin.ai
  • *.devinapps.com

4

Firewall: Requirements

If your organization has a firewall, whitelist the following URLs to allow Devin to function properly:

  • app.devin.ai
  • api.devin.ai
  • *.devinapps.com

Sample Azure WAF Rules: