Elastic build agents in Amazon Virtual Private Cloud

(Not quite sure why it says above this question is applied to installed version of Atlassian products -- I don't remember setting it and I can't change it now)

We want to use Bamboo OnDemand to run integration tests as part of the CI process. Unfortunately, it does require access to some resources available only in local network (e.g. specialist hardware). We can not open direct access to such resources due to security policy.

One of the options would be to have Elastic build agents running inside Amazon Virtual Private Cloud (VPC) that effectively creates instances within our network. Such instances wouldn't have direct access to the Internet, so it would work fine with regard to security. The question is whether Bamboo can be made working with such build agents.

I've looked at the documentation for Bamboo and it seems that agents are accessing main Bamboo service by establishing HTTP connections to it. It does mean that we can potentially have the instances running in VPC and getting access to main Bamboo service through a proxy. Unfortunately, I couldn't find any further information on the architecture of Elastic build agents to confirm that.

Could you help me understand if this scenario is viable?

Thank you

Update: one thing that is particularly concerning is that, seemingly, in order to launch an instance in VPC using the EC2 API one needs to pass extra parameters: VPC, subnet and security group. I've checked Elastic agent configuration in Bamboo OnDemand and it doesn't look like there's a way of configuring these.

1 answer

1 accepted

Apparently, VPCs will be natively supported in the next Bamboo version (4.3) which is due to be released this November. However, it is yet uncertain when Bamboo OnDemand will be upgraded to this version.

In the meantime, the there is a workaround, which is confirmed to be workable. One need to a customized AMI for elastic build agent that is spawned in the public cloud, but completely locks itself down via iptables once started and establishes a VPN tunnel to the on-premises network. Hence, the instance will be running effectively within VPC and accessing Bamboo OnDemand via corporate HTTP proxy (Internet gateway), but still can be started via EC2 API without any additional parameters.

I've attached a diagram that illustrates the solution.

A customised AMI will work, but you can also use an EBS or instance setup script. In this way, you will be able to use the stock image (stock images get bugfixes and minor version updates).

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Monday in Jira Software

How large do you think Jira Software can grow?

Hi Atlassian Community! My name is Shana, and I’m on the Jira Software team. One of the many reasons this Community exists is to connect you to others on similar product journeys or with comparabl...

394 views 5 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you