Docs
circleci.com
Start Building for Free

Manage virtual machines with VM Service

2 weeks ago1 min read
Server v4.x
Server Admin
On This Page
  • VM provider
  • AWS
  • Authentication
  • Default AWS AMI list
  • GCP
  • Authentication

VM service controls how machine executor and Remote Docker jobs are run.

This section describes the available configuration options for VM service. Refer to the default values.yaml file for details on how to pre-scale virtual machines.

VM provider

The following configuration options are for the VM provider: either AWS or GCP.

AWS

You will need to add a section to your values.yaml file to configure VM Service to work with AWS EC2.

Authentication

One of the following options is required:

  • Either, select "IAM Keys" and provide:

    • Access Key ID (required): Access Key ID for EC2 access.

    • Secret Key (required): Secret Key for EC2 access.

  • Or, select "IAM role" and provide:

vm_service:
  providers:
    ec2:
      enabled: true
      region: <region>
      # Subnets must be in the same availability zone
      subnets:
      - <subnet-id>
      securityGroupId: <security-group-id>

      # Authenticate with IAM access keys
      accessKey: <access-key>
      secretKey: <secret-key>
      # or IRSA (IAM roles for service accounts)
      irsaRole: <role-arn>

Default AWS AMI list

The default AMIs for server v4.x are based on Ubuntu 20.04.

"us-east-1" "ami-04f249339fa8afc90"
"ca-central-1" "ami-002f61fb4f6cd4f04"
"ap-south-1" "ami-0309e6438340ff3f5"
"ap-southeast-2" "ami-03ac956e1d298b76a"
"ap-southeast-1" "ami-0272b002478c96552"
"eu-central-1" "ami-07266a91e4ef7e3e8"
"eu-west-1" "ami-0bc8a965f9ae82e44"
"eu-west-2" "ami-0bcbed1cffe3866c2"
"sa-east-1" "ami-05291e231356c0387"
"us-east-2" "ami-08735066168c5c8e9"
"us-west-1" "ami-035e0e862838fcb21"
"us-west-2" "ami-0b4970c467d8baaef"
"ap-northeast-1" "ami-0b9233227f60abc2c"
"ap-northeast-2" "ami-08e7a9df6ab2f6b9d"
"eu-west-3" "ami-07f0d51c7621f0c39"
"us-gov-east-1" "ami-0f68718afd37587ae"
"us-gov-west-1" "ami-8e2106ef"

GCP

You will need to add a section to your values.yaml file to configure VM Service to work with Google Cloud Platform (GCP).

Authentication

Choose one of the following options:

  • If you choose to use GCP IAM Workload Identity, use the VM service account email address (service-account-name@project-id.iam.gserviceaccount.com ) which you created here in point 2 and 3 for the workloadIdentity field below.

  • If you choose to use a GCP Service Account JSON file, use the contents of your service account JSON file for service-account below.

vm_service:
  enabled: true
  replicas: 1
  providers:
    gcp:
      enabled: false
      project_id: <project-id>
      network_tags:
      - circleci-vm
      - <your-network>
      zone: <zone>
      network: <network>
      subnetwork: <subnetwork>

      service_account: <service-account-json>
      # OR
      workloadIdentity: ""  # Leave blank if using JSON keys of service account else service account email address

Help make this document better

This guide, as well as the rest of our docs, are open source and available on GitHub. We welcome your contributions.

Need support?

Our support engineers are available to help with service issues, billing, or account related questions, and can help troubleshoot build configurations. Contact our support engineers by opening a ticket.

You can also visit our support site to find support articles, community forums, and training resources.