(Not quite sure why it says above this question is applied to installed version of Atlassian products -- I don't remember setting it and I can't change it now)
We want to use Bamboo OnDemand to run integration tests as part of the CI process. Unfortunately, it does require access to some resources available only in local network (e.g. specialist hardware). We can not open direct access to such resources due to security policy.
One of the options would be to have Elastic build agents running inside Amazon Virtual Private Cloud (VPC) that effectively creates instances within our network. Such instances wouldn't have direct access to the Internet, so it would work fine with regard to security. The question is whether Bamboo can be made working with such build agents.
I've looked at the documentation for Bamboo and it seems that agents are accessing main Bamboo service by establishing HTTP connections to it. It does mean that we can potentially have the instances running in VPC and getting access to main Bamboo service through a proxy. Unfortunately, I couldn't find any further information on the architecture of Elastic build agents to confirm that.
Could you help me understand if this scenario is viable?
Update: one thing that is particularly concerning is that, seemingly, in order to launch an instance in VPC using the EC2 API one needs to pass extra parameters: VPC, subnet and security group. I've checked Elastic agent configuration in Bamboo OnDemand and it doesn't look like there's a way of configuring these.
Apparently, VPCs will be natively supported in the next Bamboo version (4.3) which is due to be released this November. However, it is yet uncertain when Bamboo OnDemand will be upgraded to this version.
In the meantime, the there is a workaround, which is confirmed to be workable. One need to a customized AMI for elastic build agent that is spawned in the public cloud, but completely locks itself down via iptables once started and establishes a VPN tunnel to the on-premises network. Hence, the instance will be running effectively within VPC and accessing Bamboo OnDemand via corporate HTTP proxy (Internet gateway), but still can be started via EC2 API without any additional parameters.
I've attached a diagram that illustrates the solution.
As a Belgian, beer-lover and home brewer, beer is one of my great passions. I love the fact that with just a few ingredients (usually just water, hop and malt) you can create so many different tastes...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot