←  back to blog
Gitpod can do that? 5 AWS integrations from VPCs to Workspaces

Gitpod can do that? 5 AWS integrations from VPCs to Workspaces

Gitpod is a platform that automates, standardizes, and secures development environments. It’s available self-hosted in your cloud, or run locally on your desktop. Gitpod runs in your AWS account with full support for integrations like:

  • Networking - with VPCs, subnets and AWS PrivateLink
  • Identity and access - using your existing IAM structure and AWS SSO
  • Security - through ECR and AWS secrets manager

Whether you’re a platform engineer looking to standardize development environments and workflows, a security professional making compliance or audits simpler, or a machine learning or AI engineer who needs GPU instances, the following examples are solutions to real-world challenges that can be achieved when using Gitpod and AWS together:

Launch personal GPU supported EC2s for development

Are you the type of developer who likes to have their own sandboxed EC2 environment for exploring new projects and being able to swap devices? Or for running that slightly questionable looking script that someone sent you without borking your own machine?

Many developers like to spin up their own personal EC2 instances with an SSH tunnel to do their development work. If you’re one of those developers you likely have your own scripts to ensure that your environments are set up as you like with the tools you need.

Gitpod gives you exactly this private development environment setup with none of the hassle or operational overhead of trying to roll this infrastructure yourself. With Gitpod you get a private development environment, where all operational heavy lifting such as environment spin up and tear down, dependency installation, and environment timeouts for cost control are all handled for you through a simple interface or using a CLI.

AWS EC2 instance Gitpod integration

Caption: Replacing EC2 as a personal development environment

Develop against RDS or S3 securely from within your VPC

Your database port should not be available on the public internet. Data is one of our most sensitive assets and we need multiple layers of defense to ensure that bad actors or a simple configuration change doesn’t leave our entire database exposed. However, what happens when you now need to access that database? This often looks like a convoluted set of proxies, bastion hosts, VPNs or even VDI that allows you to connect to that database to double-check its migration was applied properly, to do some data analysis or to apply an update.

Not only are these scripts painful, but if you’re the platform team tasked with owning this infrastructure you also don’t want to spend all day doing support when a developer breaks their VPN on their laptop. It’d be a lot better if we could automate these workflows so that they “just work” so that developers are secure, while avoiding bottlenecking on any central team.

Because Gitpod deploys into your account, you can use all of the AWS networking primitives that you’re already using like your VPCs, subnets and transit gateway. You can then establish network-level trust between your development environments installation and your private databases. Once you have network access established to your data you can even automate your secrets management to retrieve database passwords from AWS secrets manager or third party services like Hashicorp Vault for very fine-grained database access.

AWS Secrets IAM integration Gitpod

Caption: Using Gitpod to securely access source code

Automate AWS access credentials for developers

We all know that feeling when your DELETE ROWS query says “removed 12,346 rows” instead of “removed 2 rows” all because you’ve connected to the wrong database instance. During an incident in the middle of the night, the last thing you want is to have to double-check whether you copied the name and credentials of the right production database account or production cloud account, ideally your environment and your access “just works” without configuration.

Automated development environments aren’t just for working on static codebases over longer periods of time, they’re also used when you need to launch a service you rarely use in the heat of the moment. Every repository has itsown project in Gitpod where its dependencies and access are scripted into a Dev Container file.

Additionally by using the OIDC integration with AWS you can automate the exchange of an identity token from within your development environment for access credentials in AWS Secrets Manager or external tools like Hashicorp Vault. All of the identity and access controls remain in your AWS IAM roles and policies. Now you can not only spin up your repositories easily but also manage who has access to different environments, reducing accidental mistakes that risk taking down your production instances or database.

Amazon RDS integration Gitpod

Caption: Connecting environments to AWS databases

Secure your source code without VDI or Amazon Workspaces

With Gitpod you can enforce and ensure that development work happens only inside your private network to mitigate against risks such as the loss of source code or leaking access to sensitive data. To meet these security controls, many organizations opt for virtual desktop solutions that not optimized for developer workflows such as Amazon Workspaces. With a cloud development environment you get much of the same security and control as a virtual desktop environment but with an experience that is optimized for developers.

Rather than delivering individual developers laptops that can sit idle or be over provisioned, Gitpod matches the specification of the environment to the project or workload ensuring only the right amount of resources (e.g. CPU, GPU and memory) are allocated to reduce cost. In addition administrators and developers can collaborate on environment images defined in Docker, improving management and control of versions and dependencies to meet standards.

Developers can use their regular editors such as VS Code or JetBrains on their desktop, and still keep all source code and data remaining in your private network and VPC. There’s no requirement developers have to swap to a browser-based editor or a clunky VDI to shift source code away from developer devices. When you preserve your developer experience while implementing security controls the chances for developer workarounds and shadow IT decrease, as does attrition as VDI is like asking developers to write software with chopsticks.

Amazon Workspaces integration Gitpod

Caption: Gitpod as an alternative to Amazon Workspaces.

AI development platform with Amazon Q and Gitpod

Strategic investment in AI-powered developer tools is becoming imperative for enterprise success, with Amazon Q emerging a compelling option for organizations invested in the AWS ecosystem. What sets Amazon Q apart is its enterprise-first approach to security and privacy.

Rather than seeing Amazon Q as another AI coding assistant, organizations should recognize it as a strategic platform for embedding AI capabilities throughout their organization. Similar to how AWS revolutionized cloud infrastructure, Amazon Q represents a foundational approach to enterprise AI, allowing organizations to build their own institutional knowledge graph that becomes more valuable over time. This platform transforms scattered documentation, codebase knowledge, and operational expertise into a cohesive, AI-powered knowledge system.

The potential of Amazon Q generative AI for developers is best realized when combined with automated and standardized development environments with Gitpod. Amazon Q provides the intelligence layer that gives contextual assistance. While your development environments are then the platform to make these AI tools such as code assistants and command line interfaces securely available to developer communities. This creates a foundation for AI innovation, accelerates onboarding and knowledge-sharing—all with enterprise-grade security and privacy.

Amazon Q AWS integration Gitpod

Caption: Amazon Q as a strategic AI knowledge graph

Author
@loujaybee's avatar on GitHub Lou Bichard Product Manager at Gitpod

Last updated

Nov 25, 2024

Helpful resource How to replace VDI whitepaper
Standardize and automate your development environments today