This was an experimental version of our main AWS stack that makes use of ECS and Spot Fleets. Due to low uptake, and new directions, we're now pursuing other ideas.
If you are using this stack and cannot use our main AWS stack, please reach out: support@buildkite.com
- Agents/Queues that each have their own IAM Role
- Docker-based isolation for Jobs
- Shared underlying compute infrastructure via Spotfleet
- Fast auto-scaling
Agents are running in docker containers on ECS instances, each with their own Task IAM Roles. The ECS Agent uses firewall rules to prevent containers from accessing the Instance Roles and also prevents usage of certain docker features like host networking.
- Agent session tokens (
BUILDKITE_AGENT_ACCESS_TOKEN) are exposed to builds and are valid for the duration of the agent uptime. Exposing this token to third-party pull requests would be disasterous.
The VPC Stack provides an underlying VPC that will handle as many subnets as you have available.
The Spotfleet Stack provides an ECS Cluster and an AWS Spotfleet that powers it. It auto-scales based on the needs of ECS Services in the Cluster.
The Agent Stack provides an ECS Service that runs a Buildkite Agent as an ECS Task. Each Agent has it's own Task IAM Roles, independent of the IAM permissions that the host that it's running on has.
Clone this repository and create each stack from the templates mentioned above.