Simple Jenkins EC2 Server deployment with AWS CloudFormation

If you read my previous post: Keep your AWS IaC inline with CloudFormation initial prep for Terraform, Jenkins, and Packer, you were probably expecting a Jenkins build…but I’ve saved it for this post.

But before we get started with the Jenkins build, here’s a quick question to address.

Why are we using Cloudformation and not Packer or Terraform?

Because I want to keep as much Terraform/Packer code off my machine as possible. Imagine that our environment is centered around the publishing/central IT cross-account AWS setup, and any new changes should be pushed through Infrastructure as Code (IaC) stacks and not by admins assuming roles and deploying stuff from their machines.

CFT Instance Resource for Jenkins

Cool! With that being the scenario, let’s include our Jenkins instance AND Security Group resources in the CloudFormation template for IaC prep!

EC2InstanceJenkins:

Type: AWS::EC2::Instance

Properties:

IamInstanceProfile: !Ref "IAMInstanceProfileJenkins"

ImageId: "ami-062f7200baf2fa504" 

KeyName: !Ref "KeyPair" 

InstanceType: "t2.micro" 

SecurityGroupIds:

- !Fn::GetAtt "SecurityGroupID"

SubnetId: !Ref "SubnetID"

A couple things to note here:

1. I used a direct reference to the AMI ID, but you can always follow AWS suggestions of always having the latest AMI using SSM Parameters.
2. I used parameter references for values. This will change for your acct. Please be sure you include those parameters in the cloudformation.

Now for the fun part (userdata script):

1) Basic Tools and Dependencies

UserData:

Fn::Base64: !Sub |

#!/bin/bash -xe

sudo yum update -y

sudo amazon-linux-extras install corretto8

sudo yum install jq unzip git -y

Firstly, we want to be sure all is up to date and that we enable corretto8. Also, we have some of the basic tools (e.g.: unzip, jq, git). Note: currently, v8 of corretto is the only one that works for Jenkins.

2) Jenkins Installation

sudo wget -O /etc/yum.repos.d/jenkins.repo 
http://pkg.jenkins-ci.org/redhat/jenkins.repo

sudo rpm --import 
https://pkg.jenkins.io/redhat/jenkins.io.key
sudo yum install jenkins -y

sudo service jenkins start

3) Install Packer and Terraform

NOTE: Some may prefer to install the plugins through the Jenkins console. This is an excellent solution, but for the purposes of this blog we will stick to the command line.

sudo unzip terraform.zip && rm terraform.zip -f && sudo mv terraform /bin/terraform

sudo unzip packer.zip && rm packer.zip -f && sudo mv packer /bin/packer.io

Please note we renamed the packer binary to “packer.io”. If not renamed, conflicts with the preexisting packer command will occur.

4) Generate SSH Key and SSM Parameters

sudo ssh-keygen -t rsa -f /home/ec2-user/.ssh/id_rsa -q -P ""

sudo chmod 775 /home/ec2-user/.ssh/id_rsa && sudo chmod 775 /home/ec2-user/.ssh/id_rsa

JenkinsPWD="/var/lib/jenkins/secrets/initialAdminPassword"

PrvKey="/home/ec2-user/.ssh/id_rsa"

PubKey="/home/ec2-user/.ssh/id_rsa.pub"

aws ssm put-parameter --region us-east-1 --name /jenkins/initialAdminPassword --value file://$JenkinsPWD --type String –overwrite

aws ssm put-parameter --region us-east-1 --name /jenkins/SSH-Git-PrivateKey --value file://$PrvKey --type String –overwrite

aws ssm put-parameter --region us-east-1 --name /jenkins/SSH-Git-PublicKey --value file://$PubKey --type String –overwrite

NOTE: Remember to encrypt the parameter—or, better yet, use Secrets Manager!

Awesome! Your Jenkins server is now ready for you to setup using the parameters we just generated. No need to SSH and cat the values when you can access the console and view the parameters. Additionally, you can now add the SSH credentials to both Jenkins and Github and start building pipelines with Github as SCM! If your organization has any additional questions or concerns about AWS and any related technologies, please don’t hesitate to reach out to us. We’d love to help you out.