Instance Profile

Prerequisites

Here's a checklist of things to have setup on AWS when getting started:

✅ AWS IAM Instance Profile

Create an IAM instance profile and role attached to the instance profile. Here's how:

✅ Warpbuild Integration IAM role name

Fetch the IAM role name from the WarpBuild connection page for the runner. WarpBuild Connections

WarpBuild Role Name Format: warpbuild-<UUID>

Setup Permissions

Execute the below command to grant the iam.PassRole permission to the warpbuild-<UUID> role.

aws iam put-role-policy \
    --role-name <Warpbuild Role Name> \
    --policy-name PassRolePolicy \
    --policy-document '{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": "iam:PassRole",
                "Resource": "<Role to be attached to BYOC EC2 runners and linked to the instance profile>",
                "Condition": {
                    "StringEquals": {
                        "iam:PassedToService": "ec2.amazonaws.com"
                    }
                }
            }
        ]
    }'

To verify the policy is attached, run the below command:

aws iam simulate-principal-policy \
    --policy-source-arn <Warpbuild Role Name> \
    --action-names iam:PassRole \
    --resource-arns <Role to be attached to BYOC EC2 runners and linked to the instance profile> \
    --context-entries ContextKeyName=iam:PassedToService,ContextKeyType=string,ContextKeyValues=ec2.amazonaws.com

Attach IAM roles to the runners

Use the Instance Profile ARN in the Custom Runner configuration to attach the profile to your runners. Each runner can have its own instance profile, allowing you to scope permissions per workload type.