Running Spacelift Worker Pools Across Multiple AWS Accounts

Last updated: September 9, 2025

Yes, you can run multiple Spacelift worker pools with workers distributed across different AWS accounts, including AWS GovCloud accounts. This setup is fully supported when using Spacelift SaaS.

How It Works

Each worker pool has a unique worker-pool-id that you specify when launching workers using Terraform. When deploying workers to different AWS accounts, simply ensure each worker group uses the correct worker-pool-id for its intended pool.

Network Requirements

The key requirement for this setup is ensuring proper network connectivity:

  • Outbound HTTPS connections: Private workers need to be able to make outbound connections to communicate with the Spacelift SaaS control plane

  • Access to required resources: Workers must be able to reach any services your runs need, such as AWS APIs, your version control system, and artifact registries

  • No inbound access required: Workers do not need to accept inbound connections

Setup Considerations

When configuring workers across multiple AWS accounts:

  1. Handle network security to ensure workers can make the required outbound connections

  2. Configure appropriate IAM permissions in each AWS account for the workers

  3. Ensure each worker deployment specifies the correct worker-pool-id

For detailed networking requirements and deployment guidance, refer to the Spacelift documentation on worker networking.