Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-26257

Introduce AWS VPC Endpoint Support for S3 and EC2 Connections

XMLWordPrintable

    • 1
    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Summary:

      In certain environments-especially those with strict financial or security requirements-it is desirable for Bamboo and its agents to connect to AWS services using AWS VPC Endpoints. This ensures traffic stays within the AWS private network, reduces data transfer costs, and improves compliance posture.

      Proposed Solution:

      The AWS SDK for Java 2.x supports the use of service-specific VPC endpoints. Bamboo could expose this configuration through the UI for services that directly integrate with AWS, such as:

      • Elastic Agents (EC2)
      • S3 Artifact Handlers (it should offer inheriting the configuration from EC2)

      Suggested UI Additions:

      For each relevant service configuration page, introduce a section such as:

      • Use a VPC Endpoint (checkbox)
      • VPC Endpoint URL (text input)
      • Force VPC Endpoint usage even when running on AWS (checkbox, disabled by default)

      Behavior

      When "Use a VPC Endpoint" is enabled, Bamboo should use the specified endpoint URL for requests made to AWS services (e.g., EC2 for Elastic Agents or S3 for artifact storage).

      By default, Bamboo should detect if it is running within AWS (as it does for IAM role detection):

      • Inside AWS: use the default AWS routing (Gateway Endpoint / internal network). – don't specify any VPC endpoint when using the SDK
      • Outside AWS: use the specified VPC endpoint by assigning it to the request

      When the user selects "Force VPC Endpoint usage even when running on AWS", Bamboo and its agents should always direct traffic to the configured VPC endpoint, regardless of environment detection.

      This behavior should apply both to the Bamboo server and all Bamboo agents, particularly for on-premises agents that need to reach AWS services securely through a VPC endpoint.

      Technical Context

      • AWS SDK for Java 2.28.1 introduced support for configuring per-service VPC endpoints via system properties, environment variables, and AWS config files.
      • However, this configuration currently needs to be applied per host (server or agent), which is cumbersome and error-prone.
      • Bamboo 12, which ships with AWS SDK for Java 2.33.13, already includes these capabilities.
      • With a Bamboo-native UI and configuration mechanism, administrators could centrally manage endpoint settings and eliminate the need for host-level customization.

      Reference

      https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/endpoint-config.html#jvm-system-properties-for-endpoints

              Unassigned Unassigned
              146a7ea35c2c Alex
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: