The Runner is a VM created in the customer’s cloud account, and is defined in the cloud provider’s Infrastructure as code (IaC) language. e.g., as an AWS CloudFormation stack.When you create an Install in the Dashboard, Nuon outputs a link to a AWS CloudFormation stack that you can use to create the Runner in the AWS Console or CLI using your cloud credentials. This template is generated by Nuon based on the App’s configuration, and includes the Runner configuration.
Each Runner works by listening for jobs from the Nuon managed data plane server it belongs too. This server dispatches
jobs, which the runner will pick up and then run tasks to perform.The Runner will use different IAM roles for different component jobs, to minimize the permissions available on each job.
These IAM roles are defined in each Sandbox, and Outputs are used to allow the Runner to use them.Since the Runner is deployed into the customer install, no long-lived permissions are required after the initial
Install. This creates a more secure operating environment, as the only thing that can dispatch work to the runner is
the data plane server it belongs to.