AWS Integration
Connect your Amazon Web Services account to Devpilot to provision EC2 instances and deploy applications to AWS.
AWS Integration
The AWS integration connects your Amazon Web Services account to a Devpilot workspace using IAM access keys. Once connected, Devpilot can provision EC2 instances on your behalf, install the Devpilot agent on new servers, and manage their lifecycle.
Prerequisites
- An AWS account with billing enabled
- Access to the AWS IAM console to create users and policies
- An active Devpilot workspace
Required Credentials
Devpilot stores the following fields for an AWS integration:
| Field | Description |
|---|---|
| Access Key ID | The IAM access key identifier (typically starting with AKIA). |
| Secret Access Key | The secret value paired with the access key. Shown only once when the key is created. |
| Region | The default AWS region (for example us-east-1). Can be overridden per deployment. |
| Account ID | Optional. Your 12-digit AWS account ID, used for auditing and policy scoping. |
Creating an IAM User for Devpilot
Do not use AWS root account credentials. Create a dedicated IAM user and attach the minimum policy Devpilot needs.
Create a New IAM User
In the AWS IAM Console, go to Users > Create user. Give it a name such as devpilot-integration and select programmatic access.
Attach an IAM Policy
Attach a policy granting the EC2 permissions Devpilot needs. Either use the recommended custom policy below or the AWS managed AmazonEC2FullAccess policy for a quicker start.
Generate Access Keys
Under the user's Security credentials tab, select Create access key and choose Third-party service. Copy the Access Key ID and Secret Access Key — AWS displays the secret only once.
Connect AWS in Devpilot
Go to Workspace Settings > Integrations and select Connect on the AWS card. Paste the Access Key ID, Secret Access Key, default region, and optional Account ID.
Validate and Save
Devpilot validates the credentials by making a read-only AWS API call before saving. If validation fails, double-check the key pair and the IAM policy attached to the user.
Recommended IAM Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DevpilotEC2Access",
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstanceTypes",
"ec2:DescribeKeyPairs",
"ec2:CreateKeyPair",
"ec2:DeleteKeyPair",
"ec2:DescribeSecurityGroups",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupIngress",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:CreateTags"
],
"Resource": "*"
}
]
}What Devpilot Does on AWS
When you provision a server, Devpilot:
- Launches an EC2 instance in the selected region using your chosen size and image
- Creates an SSH key pair for the instance
- Configures a security group for the ports the deployment needs (SSH, HTTP, HTTPS)
- Tags the instance with the workspace and provisioning identifiers
- Installs the Devpilot agent so you can monitor and deploy to the new server
Testing and Rotating Credentials
Open the AWS integration and select Test Credentials at any time to re-run Devpilot's validation call. To rotate keys, create a new access key in AWS, update the integration in Devpilot (Devpilot re-validates before saving), then deactivate the old key in IAM.
AWS recommends rotating access keys every 90 days. Schedule a reminder so your Devpilot integration keys stay current.
Troubleshooting
Credential Validation Fails
- Verify the Access Key ID and Secret Access Key are correct and active.
- Confirm the IAM user still has the required EC2 permissions.
- Ensure the region you entered is valid and enabled on your AWS account.
Instance Provisioning Fails
- Check your EC2 service quotas for the chosen instance type in the target region.
- Make sure the IAM policy allows
ec2:RunInstancesand related actions.
Disconnecting AWS
Open the AWS integration and select Remove. Stored credentials are deleted from Devpilot. EC2 instances already provisioned through Devpilot are not terminated — manage them in the AWS console if you no longer need them.