The Enterprise Runner is exclusively available to customers on the Enterprise tier. If you’re an Enterprise customer, contact your Ona account manager for more information.
The Enterprise AWS Runner provides enhanced capabilities including Ona Agents support and direct connectivity options. Designed for enterprise customers who need advanced features and greater control over their infrastructure with custom networking configurations.

Key Features

  • Ona AI agent integration - Enhanced development workflows with AI-powered assistance
  • Direct connectivity - Bypasses central gateways by using your own Network Load Balancer, secured with your custom domain and SSL/TLS certificate
  • Private VPC endpoints - Connect to the management plane via AWS PrivateLink for enhanced security without public internet traversal
  • Enhanced security - Fine-grained IAM policies with permission boundaries for enterprise security requirements
  • HTTP proxy support - Custom HTTP proxy configuration for environments behind corporate firewalls
  • Custom CA certificate support - Support for enterprise certificate authorities and custom certificate chains
Enterprise Runner architecture Enterprise Runner architecture

Prerequisites

Before deploying your Enterprise AWS Runner, ensure you have:
  1. AWS Account with elevated permissions for enterprise features
  2. Capacity Planning - Follow our Capacity Planning guide to determine your infrastructure requirements
  3. AMI Access - If your organization restricts AMI usage, allowlist the AMIs runners and environments run on
    AMI NameOwner Account IDOwnerPurpose
    bottlerocket-aws-ecs-1-x86_64149721548608AmazonRunner service
    gitpod/images/gitpod-next/ec2-runner-ami-*995913728426GitpodDevelopment environments
    For more details, review our AMI Requirements guide
  4. Domain Name that you control with DNS modification capabilities
  5. SSL/TLS Certificate provisioned in AWS Certificate Manager (ACM). Your SSL certificate must include both Subject Alternative Names (SANs):
    • yourdomain.com (root domain)
    • *.yourdomain.com (wildcard subdomain)

Network Requirements

The Enterprise Runner requires a custom VPC with specific networking setup for enhanced security and direct connectivity. Network Configuration Diagram Network Configuration Diagram