From aca7a37104bbd5c08eb9ed5b60ba30f1e7d71a70 Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Wed, 3 Nov 2021 10:19:27 -0500 Subject: [PATCH 1/9] Add new docs stubs, update links --- admin/organizations/index.md | 4 ++-- admin/workspace-providers/deployment/ec2.md | 4 ++++ admin/workspace-providers/deployment/index.md | 6 ++++++ .../{deployment.md => deployment/kubernetes.md} | 8 ++++---- admin/workspace-providers/index.md | 4 ++-- guides/hosted-beta/index.md | 2 +- manifest.json | 10 +++++++++- setup/kubernetes/aws.md | 2 +- setup/kubernetes/azure.md | 2 +- setup/kubernetes/google.md | 6 +++--- setup/kubernetes/k3s.md | 2 +- 11 files changed, 34 insertions(+), 16 deletions(-) create mode 100644 admin/workspace-providers/deployment/ec2.md create mode 100644 admin/workspace-providers/deployment/index.md rename admin/workspace-providers/{deployment.md => deployment/kubernetes.md} (95%) diff --git a/admin/organizations/index.md b/admin/organizations/index.md index eb1349554..41acc385b 100644 --- a/admin/organizations/index.md +++ b/admin/organizations/index.md @@ -41,8 +41,8 @@ namespaces. If you want to separate Coder workspaces by namespaces in a Kubernetes cluster, you can do so by -[deploying a new workspace provider](../workspace-providers/deployment.md) to -each additional namespace in the cluster. The workspace provider provisions +[deploying a new workspace provider](../workspace-providers/deployment/index.md) +to each additional namespace in the cluster. The workspace provider provisions workspaces to the namespace it has been deployed to, and you can control access to each workspace provider via an organization allowlist to replace the previous organization namespace behaviors. diff --git a/admin/workspace-providers/deployment/ec2.md b/admin/workspace-providers/deployment/ec2.md new file mode 100644 index 000000000..2419fe34f --- /dev/null +++ b/admin/workspace-providers/deployment/ec2.md @@ -0,0 +1,4 @@ +--- +title: EC2 +description: Learn how to deploy a workspace provider to an EC2 cluster. +--- diff --git a/admin/workspace-providers/deployment/index.md b/admin/workspace-providers/deployment/index.md new file mode 100644 index 000000000..bdcbd0803 --- /dev/null +++ b/admin/workspace-providers/deployment/index.md @@ -0,0 +1,6 @@ +--- +title: Deployment +description: Learn how to deploy a workspace provider to a cluster. +--- + + diff --git a/admin/workspace-providers/deployment.md b/admin/workspace-providers/deployment/kubernetes.md similarity index 95% rename from admin/workspace-providers/deployment.md rename to admin/workspace-providers/deployment/kubernetes.md index bb4850d31..90ac3958c 100644 --- a/admin/workspace-providers/deployment.md +++ b/admin/workspace-providers/deployment/kubernetes.md @@ -1,12 +1,12 @@ --- -title: Workspace provider deployment -description: Learn how to deploy a workspace provider. +title: Kubernetes +description: Learn how to deploy a workspace provider to a Kubernetes cluster. --- This article walks you through the process of deploying a workspace provider to a Kubernetes cluster. If you do not have one, you can use our -[cluster guides](../../setup/kubernetes/index.md) to create one compatible with -Coder. +[cluster guides](../../../setup/kubernetes/index.md) to create one compatible +with Coder. ## Dependencies diff --git a/admin/workspace-providers/index.md b/admin/workspace-providers/index.md index 1374d91da..0507f41e5 100644 --- a/admin/workspace-providers/index.md +++ b/admin/workspace-providers/index.md @@ -30,8 +30,8 @@ create workspaces. Remote workspace providers can lower developers' latency by locating their workspaces closer to them geographically or can be used for workload isolation -purposes. See [Deploying a workspace provider](deployment.md) to learn how to -expand your Coder deployment to additional Kubernetes clusters. +purposes. See [Deploying a workspace provider](deployment/index.md) to learn how +to expand your Coder deployment to additional Kubernetes clusters. ### Organization allowlists diff --git a/guides/hosted-beta/index.md b/guides/hosted-beta/index.md index da01e2f4b..aa679fc91 100644 --- a/guides/hosted-beta/index.md +++ b/guides/hosted-beta/index.md @@ -57,5 +57,5 @@ cluster, enabling you to create workspaces. You're in! At this point, you'll need to [create a Kubernetes cluster](../../setup/kubernetes/index.md) (if you don't already have one you'd like to use with Coder) and -[connect the cluster to Coder](../../admin/workspace-providers/deployment.md) +[connect the cluster to Coder](../../admin/workspace-providers/deployment/index.md) before you can create workspaces. diff --git a/manifest.json b/manifest.json index e98b0449c..c93def945 100644 --- a/manifest.json +++ b/manifest.json @@ -279,7 +279,15 @@ "path": "./admin/workspace-providers/index.md", "children": [ { - "path": "./admin/workspace-providers/deployment.md" + "path": "./admin/workspace-providers/deployment/index.md", + "children": [ + { + "path": "./admin/workspace-providers/deployment/ec2.md" + }, + { + "path": "./admin/workspace-providers/deployment/kubernetes.md" + } + ] }, { "path": "./admin/workspace-providers/management.md" diff --git a/setup/kubernetes/aws.md b/setup/kubernetes/aws.md index 73e2e7bf1..b32618402 100644 --- a/setup/kubernetes/aws.md +++ b/setup/kubernetes/aws.md @@ -237,7 +237,7 @@ For more information, see: If you have already installed Coder or are using our hosted beta, you can add this cluster as a -[workspace provider](../../admin/workspace-providers/deployment.md). +[workspace provider](../../admin/workspace-providers/deployment/index.md). To access Coder through a secure domain, review our guides on configuring and using [TLS certificates](../../guides/tls-certificates/index.md). diff --git a/setup/kubernetes/azure.md b/setup/kubernetes/azure.md index c0205aaf5..30d76a68d 100644 --- a/setup/kubernetes/azure.md +++ b/setup/kubernetes/azure.md @@ -141,7 +141,7 @@ For more information, see: If you have already installed Coder or are using our hosted beta, you can add this cluster as a -[workspace provider](../../admin/workspace-providers/deployment.md). +[workspace provider](../../admin/workspace-providers/deployment/index.md). To access Coder through a secure domain, review our guides on configuring and using [TLS certificates](../../guides/tls-certificates/index.md). diff --git a/setup/kubernetes/google.md b/setup/kubernetes/google.md index 23981c6f5..6078f9bb2 100644 --- a/setup/kubernetes/google.md +++ b/setup/kubernetes/google.md @@ -43,8 +43,8 @@ for more information on each parameter used. Regardless of which option you choose, be sure to replace the following parameters to reflect the needs of your workspace: `PROJECT_ID`, -`NEW_CLUSTER_NAME`, `ZONE`, and `REGION`. You can [choose the zone and -region](https://cloud.google.com/compute/docs/regions-zones#choosing_a_region_and_zone) +`NEW_CLUSTER_NAME`, `ZONE`, and `REGION`. You can +[choose the zone and region](https://cloud.google.com/compute/docs/regions-zones#choosing_a_region_and_zone) that makes the most sense for your location. > Both options include the use of the `enable-network-policy` flag, which @@ -154,7 +154,7 @@ For more information, see: If you have already installed Coder or are using our hosted beta, you can add this cluster as a -[workspace provider](../../admin/workspace-providers/deployment.md). +[workspace provider](../../admin/workspace-providers/deployment/index.md). To access Coder through a secure domain, review our guides on configuring and using [TLS certificates](../../guides/tls-certificates/index.md). diff --git a/setup/kubernetes/k3s.md b/setup/kubernetes/k3s.md index d319142d4..c21787ac1 100644 --- a/setup/kubernetes/k3s.md +++ b/setup/kubernetes/k3s.md @@ -118,7 +118,7 @@ cp /etc/rancher/k3s/k3s.yaml ~/.kube/config If you have already installed Coder or are using our hosted beta, you can add this cluster as a -[workspace provider](../../admin/workspace-providers/deployment.md). +[workspace provider](../../admin/workspace-providers/deployment/index.md). To access Coder through a secure domain, review our guides on configuring and using [TLS certificates](../../guides/tls-certificates/index.md). From 952b535884d21d99dcd38d6eecfa17a1b1c19b7c Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Fri, 5 Nov 2021 10:19:30 -0500 Subject: [PATCH 2/9] add setup details --- admin/workspace-providers/deployment/ec2.md | 62 +++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/admin/workspace-providers/deployment/ec2.md b/admin/workspace-providers/deployment/ec2.md index 2419fe34f..236c010aa 100644 --- a/admin/workspace-providers/deployment/ec2.md +++ b/admin/workspace-providers/deployment/ec2.md @@ -2,3 +2,65 @@ title: EC2 description: Learn how to deploy a workspace provider to an EC2 cluster. --- + +This article walks you through the process of deploying a workspace provider to +an EC2 instance. + +## Prerequisites + +You must have an +[**AWS access key ID** and **secret access key**](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). + +## Creating a workspace provider + +1. Log into Coder as a site manager, and go to **Manage** > **Workspace + providers**. + +1. In the top-right next to **Create Kubernetes Provider**, click on the **down + arrow** and select **Create Amazon EC2 Provider**. + +1. Provide a **name** to identify the provider. + +1. Provide the requested configuration details to connect Coder to your AWS + account: + + - **Access key ID**: the AWS access key associated with your account + - **Secret access key**: the AWS secret access key associated with your + account + - **AWS region ID**: The AWS region where the EC2 instances should be created + - **AWS availability zone**: The AWS availability zone associated with the + region where the EC2 instances are created. You can find an available zone + by running `aws ec2 describe-availability-zones --region region-name` + +1. Provide the networking options: + + - VPC ID: the VPC network to which instances should be attached. If you leave + this field empty, Coder uses the default VPC ID in the specified region for + your EC2 instances + - Subnet ID: the + [ID of the subnet](https://docs.aws.amazon.com/managedservices/latest/userguide/find-subnet.html) + associated with your VPC and availability zone + +1. Specify the Amazon Machine Image configuration you want to be used when + launching workspaces: + + - **Privileged mode**: check this box if you would like the workspace + container to have read/write access to the EC2 instance's host filesystem + - **AMI ID**: the Amazon machine image ID to be used when creating the EC2 + instances; the machine image used must contain and start a Docker daemon. + If blank, Coder defaults to an image that meets the requirements + - **Instance types**: the EC2 instance types that users can provision using + the workspace provider. Provide each instance type on a separate line; + wildcard characters are allowed + - **AMI SSH username**: the SSH login username used by Coder to connect to + EC2 instances. Must be set if you provide a custom AMI ID + - **Root volume size**: the storage capacity to be reserved for the copy of + the AMI + - **Docker volume size**: the storage capacity used for the Docker daemon + directory; stores the workspace image and any data outside of the home + directory + +1. Toggle **external connect** on if you would like to enable SSH connections to + your workspaces via the Coder CLI. + +Click **Create provider** to proceed. From 20988ccd5ca81f8909aa01f83227aab7ad562cf4 Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Fri, 5 Nov 2021 10:20:43 -0500 Subject: [PATCH 3/9] Add CLI tool mention --- admin/workspace-providers/deployment/ec2.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/admin/workspace-providers/deployment/ec2.md b/admin/workspace-providers/deployment/ec2.md index 236c010aa..432d9cfe0 100644 --- a/admin/workspace-providers/deployment/ec2.md +++ b/admin/workspace-providers/deployment/ec2.md @@ -11,6 +11,9 @@ an EC2 instance. You must have an [**AWS access key ID** and **secret access key**](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). +We recommend having the [AWS CLI](https://aws.amazon.com/cli/) installed and +configured as well. + ## Creating a workspace provider 1. Log into Coder as a site manager, and go to **Manage** > **Workspace From dae3a0bbcf6ce9b1e8e331c290a2cbd456b07c16 Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Wed, 10 Nov 2021 12:20:13 -0600 Subject: [PATCH 4/9] edit content --- admin/workspace-providers/deployment/ec2.md | 26 +++++++++++---------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/admin/workspace-providers/deployment/ec2.md b/admin/workspace-providers/deployment/ec2.md index 432d9cfe0..478927203 100644 --- a/admin/workspace-providers/deployment/ec2.md +++ b/admin/workspace-providers/deployment/ec2.md @@ -32,29 +32,31 @@ configured as well. account - **AWS region ID**: The AWS region where the EC2 instances should be created - **AWS availability zone**: The AWS availability zone associated with the - region where the EC2 instances are created. You can find an available zone - by running `aws ec2 describe-availability-zones --region region-name` + region where the EC2 instances are created 1. Provide the networking options: - - VPC ID: the VPC network to which instances should be attached. If you leave - this field empty, Coder uses the default VPC ID in the specified region for - your EC2 instances - - Subnet ID: the + - VPC ID: Optional. The VPC network to which instances should be attached. If + you leave this field empty, Coder uses the default VPC ID in the specified + region for your EC2 instances + - Subnet ID: Optional. The [ID of the subnet](https://docs.aws.amazon.com/managedservices/latest/userguide/find-subnet.html) - associated with your VPC and availability zone + associated with your VPC and availability zone. If you leave this field + empty, Coder uses the default subnet associated with the VPC (specified or + default) in your region and availability zone. 1. Specify the Amazon Machine Image configuration you want to be used when launching workspaces: - - **Privileged mode**: check this box if you would like the workspace - container to have read/write access to the EC2 instance's host filesystem + - **Privileged mode**: Optional. check this box if you would like the + workspace container to have read/write access to the EC2 instance's host + filesystem - **AMI ID**: the Amazon machine image ID to be used when creating the EC2 instances; the machine image used must contain and start a Docker daemon. If blank, Coder defaults to an image that meets the requirements - - **Instance types**: the EC2 instance types that users can provision using - the workspace provider. Provide each instance type on a separate line; - wildcard characters are allowed + - **Instance types**: Optional. The EC2 instance types that users can + provision using the workspace provider. Provide each instance type on a + separate line; wildcard characters are allowed - **AMI SSH username**: the SSH login username used by Coder to connect to EC2 instances. Must be set if you provide a custom AMI ID - **Root volume size**: the storage capacity to be reserved for the copy of From bdc7ccf1cd1ecb2f62c2e91b6c1cd1378c3cfe74 Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Wed, 10 Nov 2021 14:23:30 -0600 Subject: [PATCH 5/9] update content based on review --- admin/workspace-providers/deployment/ec2.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/admin/workspace-providers/deployment/ec2.md b/admin/workspace-providers/deployment/ec2.md index 478927203..6071f7aaa 100644 --- a/admin/workspace-providers/deployment/ec2.md +++ b/admin/workspace-providers/deployment/ec2.md @@ -1,6 +1,7 @@ --- title: EC2 description: Learn how to deploy a workspace provider to an EC2 cluster. +state: alpha --- This article walks you through the process of deploying a workspace provider to @@ -51,6 +52,11 @@ configured as well. - **Privileged mode**: Optional. check this box if you would like the workspace container to have read/write access to the EC2 instance's host filesystem + + > Privileged mode may pose a security risk to your organization. We + > recommend enabling this feature only if users need full access to the + > host (e.g., kernel driver development or running Docker-in-Docker). + - **AMI ID**: the Amazon machine image ID to be used when creating the EC2 instances; the machine image used must contain and start a Docker daemon. If blank, Coder defaults to an image that meets the requirements @@ -62,8 +68,8 @@ configured as well. - **Root volume size**: the storage capacity to be reserved for the copy of the AMI - **Docker volume size**: the storage capacity used for the Docker daemon - directory; stores the workspace image and any data outside of the home - directory + directory; stores the workspace image and any ephemeral data outside of the + home directory 1. Toggle **external connect** on if you would like to enable SSH connections to your workspaces via the Coder CLI. From 5e6a7d17e0ebee744802e57d157b6a8819318464 Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Mon, 15 Nov 2021 14:19:04 -0600 Subject: [PATCH 6/9] add feature preview info --- admin/workspace-providers/deployment/ec2.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/admin/workspace-providers/deployment/ec2.md b/admin/workspace-providers/deployment/ec2.md index 6071f7aaa..c313ed95a 100644 --- a/admin/workspace-providers/deployment/ec2.md +++ b/admin/workspace-providers/deployment/ec2.md @@ -7,6 +7,13 @@ state: alpha This article walks you through the process of deploying a workspace provider to an EC2 instance. +The use of EC2 providers is currently an **alpha** feature. Before using, please +enable this feature under **Feature Preview**: + +1. Log into Coder as a site manager or site admin. +1. In the top-right, click on your avatar and select **Feature Preview**. +1. Select **Amazon EC2 (Docker) providers** and click **Enable**. + ## Prerequisites You must have an From 671a7baffde54d47c27dbc30b34a0e226e0638a4 Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Mon, 15 Nov 2021 14:28:16 -0600 Subject: [PATCH 7/9] update kube options --- admin/workspace-providers/management.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/admin/workspace-providers/management.md b/admin/workspace-providers/management.md index 2f06b1f2e..9d3f3d1b7 100644 --- a/admin/workspace-providers/management.md +++ b/admin/workspace-providers/management.md @@ -60,13 +60,20 @@ At this point, you can: > If you enable **end-to-end encryption**, end-users using SSH need to rerun > `coder config-ssh`. -- Specify the Kubernetes `tolerations` and `nodeSelector` for the workspaces - deployed with this provider: +- Specify the Kubernetes `pod_tolerations`, `pod_node_selector`, and + `service_account_annotations` for the workspaces deployed with this provider: ```json { - "tolerations": [], - "nodeSelector": {} + "pod_tolerations": [ + { + "key": "com.coder.workspace", + "operator": "Exists", + "effect": "NoSchedule" + } + ], + "pod_node_selector": {}, + "service_account_annotations": {} } ``` From abba92fb1c156c0293941d2baca6d1ad5a7a2537 Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Tue, 16 Nov 2021 08:51:13 -0600 Subject: [PATCH 8/9] update EC2 docs --- admin/workspace-providers/deployment/ec2.md | 64 +++++++++++++++++++-- 1 file changed, 58 insertions(+), 6 deletions(-) diff --git a/admin/workspace-providers/deployment/ec2.md b/admin/workspace-providers/deployment/ec2.md index c313ed95a..c761978cd 100644 --- a/admin/workspace-providers/deployment/ec2.md +++ b/admin/workspace-providers/deployment/ec2.md @@ -22,6 +22,54 @@ You must have an We recommend having the [AWS CLI](https://aws.amazon.com/cli/) installed and configured as well. +### IAM permissions + +To manage EC2 providers for your Coder deployment, create an IAM policy and +attach it to the IAM identity (e.g., role) that will be managing your resources +(be sure to update or remove `aws:RequestedRegion` accordingly): + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Deny", + "Action": "ec2:*", + "Resource": "*", + "Condition": { + "StringNotEquals": { + "aws:RequestedRegion": "us-east-1" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeSubnets", + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + "ec2:ImportKeyPair", + "ec2:DescribeKeyPairs", + "ec2:CreateVolume", + "ec2:DescribeVolumes", + "ec2:AttachVolume", + "ec2:DeleteVolume", + "ec2:RunInstances", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:TerminateInstances", + "ec2:DescribeInstanceTypes", + "ec2:CreateTags" + ], + "Resource": "*" + } + ] +} +``` + ## Creating a workspace provider 1. Log into Coder as a site manager, and go to **Manage** > **Workspace @@ -38,8 +86,9 @@ configured as well. - **Access key ID**: the AWS access key associated with your account - **Secret access key**: the AWS secret access key associated with your account - - **AWS region ID**: The AWS region where the EC2 instances should be created - - **AWS availability zone**: The AWS availability zone associated with the + - **AWS region ID**: select the AWS region where the EC2 instances should be + created + - **AWS availability zone**: the AWS availability zone associated with the region where the EC2 instances are created 1. Provide the networking options: @@ -50,8 +99,8 @@ configured as well. - Subnet ID: Optional. The [ID of the subnet](https://docs.aws.amazon.com/managedservices/latest/userguide/find-subnet.html) associated with your VPC and availability zone. If you leave this field - empty, Coder uses the default subnet associated with the VPC (specified or - default) in your region and availability zone. + empty, Coder uses the default subnet associated with the VPC in your region + and availability zone. 1. Specify the Amazon Machine Image configuration you want to be used when launching workspaces: @@ -66,12 +115,15 @@ configured as well. - **AMI ID**: the Amazon machine image ID to be used when creating the EC2 instances; the machine image used must contain and start a Docker daemon. - If blank, Coder defaults to an image that meets the requirements + If blank, Coder defaults to an image that meets the requirements. If you + selected a supported AWS region, this will auto-populate with a supported + AMI (though you are welcome to change it) - **Instance types**: Optional. The EC2 instance types that users can provision using the workspace provider. Provide each instance type on a separate line; wildcard characters are allowed - **AMI SSH username**: the SSH login username used by Coder to connect to - EC2 instances. Must be set if you provide a custom AMI ID + EC2 instances. Must be set if you provide a custom AMI ID (this value may + be auto-populated depending on the AMI you choose)) - **Root volume size**: the storage capacity to be reserved for the copy of the AMI - **Docker volume size**: the storage capacity used for the Docker daemon From b767dbd30075001be8fcc42aea9fa8be017521cf Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Tue, 16 Nov 2021 16:16:51 -0600 Subject: [PATCH 9/9] fix formatting --- admin/workspace-providers/deployment/ec2.md | 114 +++++++++++--------- 1 file changed, 61 insertions(+), 53 deletions(-) diff --git a/admin/workspace-providers/deployment/ec2.md b/admin/workspace-providers/deployment/ec2.md index c761978cd..16749ea74 100644 --- a/admin/workspace-providers/deployment/ec2.md +++ b/admin/workspace-providers/deployment/ec2.md @@ -70,7 +70,7 @@ attach it to the IAM identity (e.g., role) that will be managing your resources } ``` -## Creating a workspace provider +## 1. Select the workspace provider type to create 1. Log into Coder as a site manager, and go to **Manage** > **Workspace providers**. @@ -80,57 +80,65 @@ attach it to the IAM identity (e.g., role) that will be managing your resources 1. Provide a **name** to identify the provider. -1. Provide the requested configuration details to connect Coder to your AWS - account: - - - **Access key ID**: the AWS access key associated with your account - - **Secret access key**: the AWS secret access key associated with your - account - - **AWS region ID**: select the AWS region where the EC2 instances should be - created - - **AWS availability zone**: the AWS availability zone associated with the - region where the EC2 instances are created - -1. Provide the networking options: - - - VPC ID: Optional. The VPC network to which instances should be attached. If - you leave this field empty, Coder uses the default VPC ID in the specified - region for your EC2 instances - - Subnet ID: Optional. The - [ID of the subnet](https://docs.aws.amazon.com/managedservices/latest/userguide/find-subnet.html) - associated with your VPC and availability zone. If you leave this field - empty, Coder uses the default subnet associated with the VPC in your region - and availability zone. - -1. Specify the Amazon Machine Image configuration you want to be used when - launching workspaces: - - - **Privileged mode**: Optional. check this box if you would like the - workspace container to have read/write access to the EC2 instance's host - filesystem - - > Privileged mode may pose a security risk to your organization. We - > recommend enabling this feature only if users need full access to the - > host (e.g., kernel driver development or running Docker-in-Docker). - - - **AMI ID**: the Amazon machine image ID to be used when creating the EC2 - instances; the machine image used must contain and start a Docker daemon. - If blank, Coder defaults to an image that meets the requirements. If you - selected a supported AWS region, this will auto-populate with a supported - AMI (though you are welcome to change it) - - **Instance types**: Optional. The EC2 instance types that users can - provision using the workspace provider. Provide each instance type on a - separate line; wildcard characters are allowed - - **AMI SSH username**: the SSH login username used by Coder to connect to - EC2 instances. Must be set if you provide a custom AMI ID (this value may - be auto-populated depending on the AMI you choose)) - - **Root volume size**: the storage capacity to be reserved for the copy of - the AMI - - **Docker volume size**: the storage capacity used for the Docker daemon - directory; stores the workspace image and any ephemeral data outside of the - home directory - -1. Toggle **external connect** on if you would like to enable SSH connections to - your workspaces via the Coder CLI. +## 2. Configure the connection to AWS + +Provide the requested configuration details to connect Coder to your AWS +account: + +- **Access key ID**: the AWS access key associated with your account +- **Secret access key**: the AWS secret access key associated with your account +- **AWS region ID**: select the AWS region where the EC2 instances should be + created +- **AWS availability zone**: the AWS availability zone associated with the + region where the EC2 instances are created + +## 3. Provide networking information (optional) + +Provide the following networking options if desired: + +- VPC ID: Optional. The VPC network to which instances should be attached. If + you leave this field empty, Coder uses the default VPC ID in the specified + region for your EC2 instances +- Subnet ID: Optional. The + [ID of the subnet](https://docs.aws.amazon.com/managedservices/latest/userguide/find-subnet.html) + associated with your VPC and availability zone. If you leave this field empty, + Coder uses the default subnet associated with the VPC in your region and + availability zone. + +## 4. Provide AMI configuration information + +Specify the Amazon Machine Image configuration you want to be used when +launching workspaces: + +- **Privileged mode**: Optional. check this box if you would like the workspace + container to have read/write access to the EC2 instance's host filesystem + +> Privileged mode may pose a security risk to your organization. We recommend +> enabling this feature only if users need full access to the host (e.g., kernel +> driver development or running Docker-in-Docker). + +- **AMI ID**: the Amazon machine image ID to be used when creating the EC2 + instances; the machine image used must contain and start a Docker daemon. If + blank, Coder defaults to an image that meets the requirements. If you selected + a supported AWS region, this will auto-populate with a supported AMI (though + you are welcome to change it) +- **Instance types**: Optional. The EC2 instance types that users can provision + using the workspace provider. Provide each instance type on a separate line; + wildcard characters are allowed +- **AMI SSH username**: the SSH login username used by Coder to connect to EC2 + instances. Must be set if you provide a custom AMI ID (this value may be + auto-populated depending on the AMI you choose)) +- **Root volume size**: the storage capacity to be reserved for the copy of the + AMI +- **Docker volume size**: the storage capacity used for the Docker daemon + directory; stores the workspace image and any ephemeral data outside of the + home directory + +## 5. Enable external connections (optional) + +Toggle **external connect** on if you would like to enable SSH connections to +your workspaces via the Coder CLI. + +## 6. Create the provider Click **Create provider** to proceed.