Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jenkins-infra/aws

Documentation, tooling and other resources related to the Jenkins Infrastructure Project parts hosted in Amazon Web Services (AWS).
https://github.com/jenkins-infra/aws

aws eks terraform

Last synced: about 2 months ago
JSON representation

Documentation, tooling and other resources related to the Jenkins Infrastructure Project parts hosted in Amazon Web Services (AWS).

Awesome Lists containing this project

README 

        
= Jenkins Infra on AWS

:toc:

:private_repo_name: terraform-states

:private_repo_url: https://github.com/jenkins-infra/{private_repo_name}



This repository hosts the infrastructure-as-code definition for all the link:https://aws.amazon.com/[Amazon Web Services (AWS)-hosted] resources for the link:https://www.jenkins.io/projects/infrastructure/[Jenkins Infrastructure Project].



== Requirements



* An AWS account with the ability to assume the role `infra-admin` on the AWS account used for the Jenkins infrastructure

* The requirements (of the shared tools) listed at link:https://github.com/jenkins-infra/shared-tools/tree/main/terraform#requirements[shared-tools/terraform#requirements]

* The link:https://www.terraform.io/docs/language/settings/backends/s3.html[Terraform S3 Backend Configuration] on a local file named `backend-config`:

** The content can be retrieved from the outputs of the link:{private_repo_url}[(private) repository {private_repo_name}]

** This file (`backend-config`) is git-ignored



* The git command line to allow cloning the repository and its submodule link:https://github.com/jenkins-infra/shared-tools[shared-tools]

** This repository has submodules. Once you cloned the repository, execute the following command to obtain the shared tools:



[source,bash]

----

git submodule update --init --recursive

----



== HowTo



IMPORTANT: Don't blindly execute the terraform code located in this repository on your own account as it may lead your account bill to significantly increase.



Once you've fulfilled the <>, you may execute any command from https://github.com/jenkins-infra/shared-tools/blob/main/terraform/README.adoc#available-commands by adding the correct flag `--directory` pointing to `.shared-tools/terraform/`:



[source,bash]

----

make --directory=.shared-tools/terraform help

make --directory=.shared-tools/terraform lint

# ...

----



A usual change to this repository looks like the following:



* Fork the repository and clone it locally

* Follow the <> steps to obtain the shared tools

* Start by running a full `make --directory=.shared-tools/terraform validate` command to ensure that you work on a sane base (should generate a report TXT file with no changes to be applied)

* Edit the Terraform project files

* Run the command `make --directory=.shared-tools/terraform validate` again to ensure that your changes are OK

* Commit, push and open a pull request to let the Jenkins pipeline run the test + plan (as per https://github.com/jenkins-infra/shared-tools/blob/main/terraform/README.adoc#jenkins-pipeline)



== Troubleshoot



== IAM: User Not Authorized



Sometimes, the CI users are missing an authorization on a resource. You would see a message like the following:



[source]

----

Error: error updating tags for IAM Policy (arn:aws:iam::XXXXXXXXXXX:policy/jenkins-YYYYYYYYYY): error tagging resource (arn:aws:iam::XXXXXXXXXXX:policy/jenkins-YYYYYYYYYY): AccessDenied: User: arn:aws:iam::ZZZZZZZZZZZZZ:user/production-terraform is not authorized to perform: XXXX:Yyyyyyy on resource: policy arn:aws:iam::XXXXXXXXXXX:policy/jenkins-YYYYYYYYYY

	status code: 403, request id: 

----



To solve this issues, you have to update the IAM policies for the technical user, found in the link:{private_repo_url}[(private) repository {private_repo_name}].