{"id":18482722,"url":"https://github.com/jenkins-infra/aws","last_synced_at":"2025-04-08T17:31:17.474Z","repository":{"id":37089344,"uuid":"318486455","full_name":"jenkins-infra/aws","owner":"jenkins-infra","description":"Documentation, tooling and other resources related to the Jenkins Infrastructure Project parts hosted in Amazon Web Services (AWS).","archived":false,"fork":false,"pushed_at":"2024-04-19T14:12:35.000Z","size":775,"stargazers_count":7,"open_issues_count":3,"forks_count":10,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-04-20T13:11:16.021Z","etag":null,"topics":["aws","eks","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jenkins-infra.png","metadata":{"funding":{"community_bridge":"jenkins","custom":["https://jenkins.io/donate/#why-donate"]},"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-12-04T10:48:52.000Z","updated_at":"2024-04-23T12:58:42.597Z","dependencies_parsed_at":"2024-04-23T12:58:41.826Z","dependency_job_id":"6360ab0d-0e30-4265-892e-05c22682bd2e","html_url":"https://github.com/jenkins-infra/aws","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkins-infra%2Faws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkins-infra%2Faws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkins-infra%2Faws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkins-infra%2Faws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jenkins-infra","download_url":"https://codeload.github.com/jenkins-infra/aws/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247892363,"owners_count":21013691,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","eks","terraform"],"created_at":"2024-11-06T12:29:53.758Z","updated_at":"2025-04-08T17:31:17.144Z","avatar_url":"https://github.com/jenkins-infra.png","language":"HCL","funding_links":["https://funding.communitybridge.org/projects/jenkins","https://jenkins.io/donate/#why-donate"],"categories":[],"sub_categories":[],"readme":"= Jenkins Infra on AWS\n:toc:\n:private_repo_name: terraform-states\n:private_repo_url: https://github.com/jenkins-infra/{private_repo_name}\n\nThis repository hosts the infrastructure-as-code definition for all the link:https://aws.amazon.com/[Amazon Web Services (AWS)-hosted] resources for the link:https://www.jenkins.io/projects/infrastructure/[Jenkins Infrastructure Project].\n\n== Requirements\n\n* An AWS account with the ability to assume the role `infra-admin` on the AWS account used for the Jenkins infrastructure\n* The requirements (of the shared tools) listed at link:https://github.com/jenkins-infra/shared-tools/tree/main/terraform#requirements[shared-tools/terraform#requirements]\n* The link:https://www.terraform.io/docs/language/settings/backends/s3.html[Terraform S3 Backend Configuration] on a local file named `backend-config`:\n** The content can be retrieved from the outputs of the link:{private_repo_url}[(private) repository {private_repo_name}]\n** This file (`backend-config`) is git-ignored\n\n* The git command line to allow cloning the repository and its submodule link:https://github.com/jenkins-infra/shared-tools[shared-tools]\n** This repository has submodules. Once you cloned the repository, execute the following command to obtain the shared tools:\n\n[source,bash]\n----\ngit submodule update --init --recursive\n----\n\n== HowTo\n\nIMPORTANT: Don't blindly execute the terraform code located in this repository on your own account as it may lead your account bill to significantly increase.\n\nOnce you've fulfilled the \u003c\u003cRequirements\u003e\u003e, you may execute any command from https://github.com/jenkins-infra/shared-tools/blob/main/terraform/README.adoc#available-commands by adding the correct flag `--directory` pointing to `.shared-tools/terraform/`:\n\n[source,bash]\n----\nmake --directory=.shared-tools/terraform help\nmake --directory=.shared-tools/terraform lint\n# ...\n----\n\n\nA usual change to this repository looks like the following:\n\n* Fork the repository and clone it locally\n* Follow the \u003c\u003cRequirements\u003e\u003e steps to obtain the shared tools\n* Start by running a full `make --directory=.shared-tools/terraform validate` command to ensure that you work on a sane base (should generate a report TXT file with no changes to be applied)\n* Edit the Terraform project files\n* Run the command `make --directory=.shared-tools/terraform validate` again to ensure that your changes are OK\n* Commit, push and open a pull request to let the Jenkins pipeline run the test + plan (as per https://github.com/jenkins-infra/shared-tools/blob/main/terraform/README.adoc#jenkins-pipeline)\n\n== Troubleshoot\n\n== IAM: User Not Authorized\n\nSometimes, the CI users are missing an authorization on a resource. You would see a message like the following:\n\n[source]\n----\nError: error updating tags for IAM Policy (arn:aws:iam::XXXXXXXXXXX:policy/jenkins-YYYYYYYYYY): error tagging resource (arn:aws:iam::XXXXXXXXXXX:policy/jenkins-YYYYYYYYYY): AccessDenied: User: arn:aws:iam::ZZZZZZZZZZZZZ:user/production-terraform is not authorized to perform: XXXX:Yyyyyyy on resource: policy arn:aws:iam::XXXXXXXXXXX:policy/jenkins-YYYYYYYYYY\n\tstatus code: 403, request id: \u003credacted\u003e\n----\n\nTo solve this issues, you have to update the IAM policies for the technical user, found in the link:{private_repo_url}[(private) repository {private_repo_name}].\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjenkins-infra%2Faws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjenkins-infra%2Faws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjenkins-infra%2Faws/lists"}