Skip to content
Runbooks

MacOS resources in AWS

This document outlines where most of the resources live in AWS, this can help you know where to look to debug issues.

Go to access.md for information on how to access the resources described in this document.

EC2

Section titled “EC2”

console.aws.amazon.com/ec2

Instances

Section titled “Instances”
  • All the VMs here are in the ‘us-east-1’ region.
  • All the VMs are considered ephemeral VMs.
    • These are short lived VMs, in the case of MacOS, they live for at least 24h.
    • The 24h rule is due to licensing limitations, see licensing.md for details.
  • There are firewall rules between AWS and GCP (gitlab-ci-155816 project) to allow ssh and other traffic from these VMs.
  • See architecture.md for more details about the connections established between AWS and GCP.

Dedicated Hosts

Section titled “Dedicated Hosts”
  • Perhaps the most important column in this view is the State of each of the Hosts.
  • When a host is missing vCPU utilization info, it could indicate the instance is deleted, but not yet deleted from the account’s pool.
  • Released state means the instance is no longer connected to our AWS account, it’s not clear how long it takes for these entries to be deleted.
  • Pending indicates the instance is currently being reprovisioned.

AMIs

Section titled “AMIs”

The images appearing in the AMI view are images that are used for provisioning the EC2 instances.

The AMIs generated here also contain the user facing images, which are pulled from ECR.

NOTE: To understand the difference between an EC2 AMI and user-facing AMI, you should have a basic understanding of the architecutre of these runners. In summary, each EC2 VM you see in the console, spins up two nested VMs within itself. These nested VMs use the user facing jobs images, while the parent VM, uses the EC2 instance images. For more details on the architecture of these runners, have a look at architecture.md.

Volumes and Snapshots

Section titled “Volumes and Snapshots”

Security Groups

Section titled “Security Groups”

Network Interfaces

Section titled “Network Interfaces”

Auto Scaling Groups

Section titled “Auto Scaling Groups”

Service Quotas

Section titled “Service Quotas”

console.aws.amazon.com/servicequotas

Quota limits for how many dedicated Mac VMs we can run at a time. To view these limits:

  • Go to Amazon Elastic Compute Cloud (Amazon EC2).
  • Filter for mac2.
  • Click Running Dedicated mac2 Hosts.

Elastic container registery

Section titled “Elastic container registery”

console.aws.amazon.com/repositories

  • This is where the images used by nesting are stored.
  • These are big images, about 50GBs each. Pulling that everytime a user requests a VM would take nearly 30 minutes, which is not an acceptable queuing time. Nesting was introduced to solve this problem; by pre-downloading two images (maxmimum disk capacity) in the Parent VM, which then become available for end users to use, and takes just under 15 seconds to pick a new job, and another 15 seconds to re-cycle before it’s ready for another job.

NOTE: These images live in the Staging environment only, but can be pulled from the Production environment.

S3

Section titled “S3”

console.aws.amazon.com/s3

VPC

Section titled “VPC”

console.aws.amazon.com/vpc

Route table

Section titled “Route table”

Security groups

Section titled “Security groups”

Subnets

Section titled “Subnets”

IAM

Section titled “IAM”

console.aws.amazon.com/iam