Docs
circleci.com
Start Building for Free

Manage virtual machines with VM Service

2 weeks ago1 min read
Server v4.x
Server Admin
On This Page
  • VM provider
  • AWS
  • Authentication
  • Default AWS AMI list
  • GCP
  • Authentication

VM service controls how machine executor and Remote Docker jobs are run.

This section describes the available configuration options for VM service. Refer to the default values.yaml file for details on how to pre-scale virtual machines.

VM provider

The following configuration options are for the VM provider: either AWS or GCP.

AWS

You will need to add a section to your values.yaml file to configure VM Service to work with AWS EC2.

Authentication

One of the following options is required:

  • Either, select "IAM Keys" and provide:

    • Access Key ID (required): Access Key ID for EC2 access.

    • Secret Key (required): Secret Key for EC2 access.

  • Or, select "IAM role" and provide:

vm_service:
  providers:
    ec2:
      enabled: true
      region: <region>
      # Subnets must be in the same availability zone
      subnets:
      - <subnet-id>
      securityGroupId: <security-group-id>

      # Authenticate with IAM access keys
      accessKey: <access-key>
      secretKey: <secret-key>
      # or IRSA (IAM roles for service accounts)
      irsaRole: <role-arn>

Default AWS AMI list

The default AMIs for server v4.x are based on Ubuntu 22.04.

RegionAMI

us-east-1

ami-03dc54f7559144972

ca-central-1

ami-0575d605472840942

ap-south-1

ami-047ef6196620f56ca

ap-southeast-2

ami-0521f8d70ef9dbd24

ap-southeast-1

ami-0ef0354f4eb3b7428

eu-central-1

ami-0a8286fff7b5ed33a

eu-west-1

ami-093618a1d0185f9e8

eu-west-2

ami-08f00d41b17d3ea0a

sa-east-1

ami-064b0bfe97e6ec04c

us-east-2

ami-068cb131f91632f12

us-west-1

ami-0a4b7cf088a798be3

us-west-2

ami-018e05f98628cf5e5

ap-northeast-1

ami-06f32ec6aeecbeaa6

ap-northeast-2

ami-084c1abb1e8dabffd

eu-west-3

ami-09b3e24bccae3252f

us-gov-east-1

ami-0de525cac9ac9bea8

us-gov-west-1

ami-02abf947586cae56b

GCP

You will need to add a section to your values.yaml file to configure VM Service to work with Google Cloud Platform (GCP).

Authentication

Choose one of the following options:

  • If you choose to use GCP IAM Workload Identity, use the VM service account email address (service-account-name@project-id.iam.gserviceaccount.com ) which you created here in point 2 and 3 for the workloadIdentity field below.

  • If you choose to use a GCP Service Account JSON file, use the contents of your service account JSON file for service-account below.

vm_service:
  enabled: true
  replicas: 1
  providers:
    gcp:
      enabled: false
      project_id: <project-id>
      network_tags:
      - circleci-vm
      - <your-network>
      zone: <zone>
      network: <network>
      subnetwork: <subnetwork>

      service_account: <service-account-json>
      # OR
      workloadIdentity: ""  # Leave blank if using JSON keys of service account else service account email address

Help make this document better

This guide, as well as the rest of our docs, are open source and available on GitHub. We welcome your contributions.

Need support?

Our support engineers are available to help with service issues, billing, or account related questions, and can help troubleshoot build configurations. Contact our support engineers by opening a ticket.

You can also visit our support site to find support articles, community forums, and training resources.