{"id":14984690,"url":"https://github.com/bwolf/aws-jenkins","last_synced_at":"2025-08-15T19:27:44.569Z","repository":{"id":75889861,"uuid":"132373849","full_name":"bwolf/aws-jenkins","owner":"bwolf","description":"CloudFormation templates for Jenkins on AWS.","archived":false,"fork":false,"pushed_at":"2018-05-08T22:03:10.000Z","size":71,"stargazers_count":8,"open_issues_count":0,"forks_count":11,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-02T06:24:24.367Z","etag":null,"topics":["aws","aws-cloudformation","aws-ec2","ci","jenkins","jenkins-ci"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bwolf.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-06T20:33:13.000Z","updated_at":"2021-08-13T11:37:13.000Z","dependencies_parsed_at":null,"dependency_job_id":"ee5c9902-6060-47b4-8c16-245e464a5ae7","html_url":"https://github.com/bwolf/aws-jenkins","commit_stats":{"total_commits":13,"total_committers":1,"mean_commits":13.0,"dds":0.0,"last_synced_commit":"9623c53e75b2be1a99689f4522399a019e44dc29"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwolf%2Faws-jenkins","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwolf%2Faws-jenkins/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwolf%2Faws-jenkins/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwolf%2Faws-jenkins/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bwolf","download_url":"https://codeload.github.com/bwolf/aws-jenkins/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238930129,"owners_count":19554122,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cloudformation","aws-ec2","ci","jenkins","jenkins-ci"],"created_at":"2024-09-24T14:09:31.602Z","updated_at":"2025-02-15T00:32:00.249Z","avatar_url":"https://github.com/bwolf.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"#+TITLE: CloudFormation templates for Jenkins on AWS\n\n* Introduction\nThis repository contains several stacks for creating a Jenkins\ninstance on AWS using [[https://aws.amazon.com/documentation/cloudformation/?id=docs_gateway][CloudFormation]] templates ([[https://en.wikipedia.org/wiki/Infrastructure_as_Code][infrastructure as\ncode]]).\n\nThe design is a mix of durability and cost effectiveness. The\ntemplates are not designed with [[https://en.wikipedia.org/wiki/High_availability][HA]] in mind (there are already\nsolutions for this, search GitHub for example), because this would\nrequire a load balancer (ELB) and certain storage.\n\nThe storage of this variant of Jenkins is stored outside of the\ninstance template, allowing updates of the instance without pruning\nexistent configurations. Previously, [[https://aws.amazon.com/de/efs/][EFS]] was used instead of [[https://aws.amazon.com/de/ebs/][EBS]],\nbecause it is more versatile and easier to maintain. Unfortunately its\nprice is higher and it is not so performative.\n\n[[https://letsencrypt.org][Let's Encrypt]], to securely encrypt the traffic to Jenkins via HTTPS.\n\nThe following CloudFormation templates are available and each of\nthese is deployed as Stack:\n- Alert topic (SNS): ~alert.yml~\n- Hosted zone (Route53): ~zone.yml~\n- Virtual private network (VPC): ~vpc.yml~\n- Storage (EBS): ~storage.yml~\n- Jenkins (EC2): ~jenkins.yml~\n\n#+BEGIN_SRC plantuml :file deps.png :results silent\nartifact SNS\nartifact Route53\nartifact VPC\nartifact EBS\nartifact EC2\nEBS --\u003e SNS\nEBS --\u003e VPC\nEBS --\u003e SNS\nEC2 --\u003e SNS\nEC2 --\u003e EBS\nEC2 --\u003e VPC\nEC2 --\u003e Route53\nEC2 --\u003e SNS\n#+END_SRC\n\n[[./deps.png]]\n\n* Customization\nPlease consider investigation of your requirements before applying the\ntemplates blindly. Most templates are parameterized to allow easy\nadjustment to needs. Check the [[https://calculator.s3.amazonaws.com/index.html][Simple Monthly Calculator]] to estimate\nthe monthly costs.\n\n* Alert Topic (SNS), Optional\nDeploy Stack:\n#+BEGIN_SRC sh :results silent\n  aws cloudformation deploy --stack-name jenkins-alert --template-file $(pwd)/alert.yml \\\n      --tags Stack=jenkins-alert \\\n      --capabilities CAPABILITY_IAM \\\n      --parameter-overrides Email=mail@domain.tld\n#+END_SRC\n\n* Hosted Zone (Route53), Optional but required for Let's Encrypt\n** Deploy Stack\n#+BEGIN_SRC sh :results silent\n  aws cloudformation deploy --stack-name sub-domain-tld \\\n      --template-file $(pwd)/zone.yml \\\n      --tags Stack=sub-domain-tld \\\n      --capabilities CAPABILITY_IAM \\\n      --parameter-overrides Domain=sub.domain.tld\n#+END_SRC\n\n** Update Name servers\nRetrieve the Route53 name servers for the zone:\n#+BEGIN_SRC sh :results silent\n  aws cloudformation describe-stacks --stack-name domain-tld \\\n      --query 'Stacks[0].Outputs[1]'\n#+END_SRC\n\nUse the values to update the upstream DNS for this zone. Typically\nthis is done by creating NS records for the subdomain prefix, where\neach NS record points to AWS Route 53 (the retrieved values).\n\n* VPC, Optional\nDeploy Stack:\n#+BEGIN_SRC sh :results silent\n  aws cloudformation deploy --stack-name jenkins-vpc --template-file $(pwd)/vpc.yml \\\n      --tags Stack=jenkins-vpc \\\n      AvailabilityZone=your-zone\n#+END_SRC\n\n* Storage (EBS)\nDeploy stack:\n#+BEGIN_SRC sh :results silent\n  aws cloudformation deploy --stack-name jenkins-storage \\\n      --template-file $(pwd)/storage.yml \\\n      --tags Stack=jenkins-storage\n      --paremeter-overrides \\\n      ParentAlertStack=jenkins-alert \\\n      ParentVpcStack=jenkins-vpc\n#+END_SRC\n\n* Jenkins (EC2)\n** SSH Keys\nCreate SSH key pair (just once) for connecting to the EC2 instance.\nStore the generated key securely.\n\n#+BEGIN_SRC sh :results silent\n  aws ec2 create-key-pair --key-name Jenkins --query 'KeyMaterial' \\\n      --output text \u003e jenkins.pem\n  chmod 0400 jenkins.pem\n#+END_SRC\n\n** Deploy Stack\nNote: Remove the two parameters ~HostedZoneName~ and ~DnsName~ to omit the\noptional DNS registration with Route53.\n\nNote: /The following will block until the stack is provisioned./\n#+BEGIN_SRC sh :results silent\n  aws cloudformation deploy --stack-name jenkins-ec2 \\\n      --template-file $(pwd)/jenkins.yml \\\n      --tags Stack=jenkins-ec2 \\\n      --capabilities CAPABILITY_IAM \\\n      --parameter-overrides \\\n      ParentAlertStack=jenkins-alert \\\n      ParentStorageStack=jenkins-storage \\\n      ParentVpcStack=jenkins-vpc \\\n      InstanceType=t2.small \\\n      KeyName=Jenkins \\\n      EnableEc2Ssh=true \\\n      HostedZoneName=sub.domain.tld \\\n      DnsName=build.sub.domain.tld \\\n      LetsEncryptEnable=false\n#+END_SRC\n\n** Finish Jenkins Setup\nRetrieve the public IP address of the EC2 instance:\n#+BEGIN_SRC sh :results silent\n  aws cloudformation describe-stacks --stack-name jenkins-ec2 \\\n      --query 'Stacks[0].Outputs'\n#+END_SRC\n\nConnect to the instance via SSH.\n#+BEGIN_SRC sh\n  ssh -o StrictHostKeyChecking=no -o GlobalKnownHostsFile=/dev/null \\\n      -o UserKnownHostsFile=/dev/null -i jenkins.pem -l ec2-user IP-ADDRESS\n#+END_SRC\n\nTo unlock Jenkins, get the initial admin password:\n#+BEGIN_SRC sh\n  sudo less /var/lib/jenkins/secrets/initialAdminPassword\n#+END_SRC\n\nOpen browser with http://ipaddress:8080 and paste the admin password into\nthe corresponding input of the Jenkins setup instructions.\n\nContinue with the online Jenkins setup by providing the respective\ninputs to the setup wizard and finish the setup by creating the\ninitial admin account.\n\n** Enable Let's Encrypt and disable SSH\nThe following step assumes that no more SSH interactions are intended.\nBy enabling Let's Encrypt support, the HTTP port 8080 will be\ndisabled. A valid mail address should be supplied for Let's Encrypt.\n\n#+BEGIN_SRC sh :results silent\n  aws cloudformation update-stack --stack-name jenkins-ec2 \\\n      --template-body file://$(pwd)/jenkins.yml \\\n      --capabilities CAPABILITY_IAM \\\n      --parameters \\\n      ParameterKey=ParentAlertStack,UsePreviousValue=true \\\n      ParameterKey=ParentStorageStack,UsePreviousValue=true \\\n      ParameterKey=ParentVpcStack,UsePreviousValue=true \\\n      ParameterKey=InstanceType,UsePreviousValue=true \\\n      ParameterKey=KeyName,UsePreviousValue=true \\\n      ParameterKey=EnableEc2Ssh,UsePreviousValue=true \\\n      ParameterKey=HostedZoneName,UsePreviousValue=true \\\n      ParameterKey=DnsName,UsePreviousValue=true \\\n      ParameterKey=LetsEncryptEnable,ParameterValue=true \\\n      ParameterKey=LetsEncryptMailAddress,ParameterValue=valid.mail@address.tld\n#+END_SRC\n\n* Developer notes\n** RegionMap\nTo update the region map:\n#+BEGIN_SRC sh :results silent\n  regions=$(aws ec2 describe-regions --query \"Regions[].RegionName\" --output text)\n  for region in $regions; do\n      ami=$(aws --region $region ec2 describe-images \\\n                --filters \"Name=name,Values=amzn-ami-hvm-2017.09.1.20180115-x86_64-gp2\" \\\n                --query \"Images[0].ImageId\" --output \"text\");\n      printf \"'$region':\\n  AMI: '$ami'\\\\n\";\n  done\n#+END_SRC\n\n* License\nCopyright 2018 Marcus Geiger\n\nLicensed under the Apache License, Version 2.0 (the \"License\"); you\nmay not use this file except in compliance with the License. You may\nobtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\nimplied. See the License for the specific language governing\npermissions and limitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbwolf%2Faws-jenkins","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbwolf%2Faws-jenkins","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbwolf%2Faws-jenkins/lists"}