Jenkins

Deploy Jenkins CI Server on AWS.

View on GitHub

Reference

Inputs

• acm_ssl_certificate_domain — The domain name used for an SSL certificate issued by the Amazon Certificate Manager (ACM).

• alarms_sns_topic_arn — The ARNs of SNS topics where CloudWatch alarms (e.g., for CPU, memory, and disk space usage) should send notifications. Also used for the alarms if the Jenkins backup job fails.

• alb_subnet_ids — The IDs of the subnets in which to deploy the ALB that runs in front of Jenkins. Must be subnets in vpc_id.

• allow_incoming_http_from_cidr_blocks — The IP address ranges in CIDR format from which to allow incoming HTTP requests to Jenkins.

• allow_incoming_http_from_security_group_ids — The IDs of security groups from which to allow incoming HTTP requests to Jenkins.

• allow_ssh_from_cidr_blocks — The IP address ranges in CIDR format from which to allow incoming SSH requests to Jenkins.

• allow_ssh_from_security_group_ids — The IDs of security groups from which to allow incoming SSH requests to Jenkins.

• ami — The ID of the AMI to run on the Jenkins server. This should be the AMI build from the Packer template jenkins-ubuntu.json. One of var.ami or ami_filters is required. Set to null if looking up the ami with filters.

• ami_filters — Properties on the AMI that can be used to lookup a prebuilt AMI for use with Jenkins. You can build the AMI using the Packer template jenkins-ubuntu.json. Only used if var.ami is null. One of var.ami or ami_filters is required. Set to null if passing the ami ID directly.

• backup_job_alarm_period — How often, in seconds, the backup job is expected to run. This is the same as backup_job_schedule_expression, but unfortunately, Terraform offers no way to convert rate expressions to seconds. We add a CloudWatch alarm that triggers if the value of backup_job_metric_name and backup_job_metric_namespace isn't updated within this time period, as that indicates the backup failed to run.

• backup_job_metric_name — The name for the CloudWatch Metric the AWS lambda backup job will increment every time the job completes successfully.

• backup_job_metric_namespace — The namespace for the CloudWatch Metric the AWS lambda backup job will increment every time the job completes successfully.

• backup_job_schedule_expression — A cron or rate expression that specifies how often to take a snapshot of the Jenkins server for backup purposes. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html for syntax details.

• backup_using_dlm — Set to true to backup the Jenkins Server using AWS Data Lifecycle Management Policies.

• backup_using_lambda — Set to true to backup the Jenkins Server using a Scheduled Lambda Function.

• build_permission_actions — The list of IAM actions this Jenkins server should be allowed to do: e.g., ec2:, s3:, etc. This should be the list of IAM permissions Jenkins needs in this AWS account to run builds. These permissions will be added to the server's IAM role for all resources ('*').

• cloud_init_parts — Cloud init scripts to run on the Jenkins server when it is booting. See the part blocks in https://www.terraform.io/docs/providers/template/d/cloudinit_config.html for syntax.

• custom_tags — A list of custom tags to apply to Jenkins and all other resources.

• default_user — The default OS user for the Jenkins AMI. For AWS Ubuntu AMIs, which is what the Packer template in jenkins-ubunutu.json uses, the default OS user is 'ubuntu'.

• dlm_backup_job_schedule_interval — How often this lifecycle policy should be evaluated, in hours.

• dlm_backup_job_schedule_name — The name of the data lifecyle management schedule

• dlm_backup_job_schedule_number_of_snapshots_to_retain — How many snapshots to keep. Must be an integer between 1 and 1000.

• dlm_backup_job_schedule_times — A list of times in 24 hour clock format that sets when the lifecyle policy should be evaluated. Max of 1.

• domain_name — The domain name for the DNS A record to add for Jenkins (e.g. jenkins.foo.com). Must be in the domain managed by hosted_zone_id.

• ebs_kms_key_arn — The ARN of the KMS key used for encrypting the Jenkins EBS volume. The module will grant Jenkins permission to use this key.

• ebs_kms_key_arn_is_alias — Whether or not the provide EBS KMS key ARN is a key alias. If providing the key ID, leave this set to false.

• enable_cloudwatch_alarms — Set to true to enable several basic CloudWatch alarms around CPU usage, memory usage, and disk space usage. If set to true, make sure to specify SNS topics to send notifications to using alarms_sns_topic_arn.

• enable_cloudwatch_log_aggregation — Set to true to add AIM permissions to send logs to CloudWatch. This is useful in combination with https://github.com/gruntwork-io/terraform-aws-monitoring/tree/master/modules/logs/cloudwatch-log-aggregation-scripts to do log aggregation in CloudWatch.

• enable_cloudwatch_metrics — Set to true to add IAM permissions to send custom metrics to CloudWatch. This is useful in combination with https://github.com/gruntwork-io/terraform-aws-monitoring/tree/master/modules/agents/cloudwatch-agent to get memory and disk metrics in CloudWatch for your Jenkins server.

• enable_ip_lockdown — Enable ip-lockdown to block access to the instance metadata. Defaults to true.

• enable_ssh_grunt — Set to true to add IAM permissions for ssh-grunt (https://github.com/gruntwork-io/terraform-aws-security/tree/master/modules/ssh-grunt), which will allow you to manage SSH access via IAM groups.

• external_account_auto_deploy_iam_role_arns — A list of IAM role ARNs in other AWS accounts that Jenkins will be able to assume to do automated deployment in those accounts.

• external_account_ssh_grunt_role_arn — If you are using ssh-grunt and your IAM users / groups are defined in a separate AWS account, you can use this variable to specify the ARN of an IAM role that ssh-grunt can assume to retrieve IAM group and public SSH key info from that account. To omit this variable, set it to an empty string (do NOT use null, or Terraform will complain).

• hosted_zone_id — The ID of the Route 53 Hosted Zone in which to create a DNS A record for Jenkins.

• instance_type — The instance type to use for the Jenkins server (e.g. t2.medium)

• is_internal_alb — Set to true to make the Jenkins ALB an internal ALB that cannot be accessed from the public Internet. We strongly recommend setting this to true to keep Jenkins more secure.

• jenkins_device_name — The OS device name where the Jenkins EBS volume should be attached

• jenkins_mount_point — The OS path where the Jenkins EBS volume should be mounted

• jenkins_subnet_id — The ID of the subnet in which to deploy Jenkins. Must be a subnet in vpc_id.

• jenkins_user — The OS user that should be used to run Jenkins

• jenkins_volume_encrypted — Set to true to encrypt the Jenkins EBS volume.

• jenkins_volume_size — The amount of disk space, in GB, to allocate for the EBS volume used by the Jenkins server.

• jenkins_volume_type — The type of volume to use for the EBS volume used by the Jenkins server. Must be one of: standard, gp2, io1, sc1, or st1.

• keypair_name — The name of a Key Pair that can be used to SSH to the Jenkins server. Leave blank if you don't want to enable Key Pair auth.

• memory — The amount of memory to give Jenkins (e.g., 1g or 512m). Used for the -Xms and -Xmx settings.

• name — Enter the name of the Jenkins server

• root_block_device_volume_type — The type of volume to use for the root disk for Jenkins. Must be one of: standard, gp2, io1, sc1, or st1.

• root_volume_size — The amount of disk space, in GB, to allocate for the root volume of this server. Note that all of Jenkins' data is stored on a separate EBS Volume (see jenkins_volume_size), so this root volume is primarily used for the OS, temp folders, apps, etc.

• skip_health_check — If set to true, skip the health check, and start a rolling deployment of Jenkins without waiting for it to initially be in a healthy state. This is primarily useful if the server group is in a broken state and you want to force a deployment anyway.

• ssh_grunt_iam_group — If you are using ssh-grunt, this is the name of the IAM group from which users will be allowed to SSH to this Jenkins server. This value is only used if enable_ssh_grunt=true.

• ssh_grunt_iam_group_sudo — If you are using ssh-grunt, this is the name of the IAM group from which users will be allowed to SSH to this Jenkins server with sudo permissions. This value is only used if enable_ssh_grunt=true.

• tenancy — The tenancy of this server. Must be one of: default, dedicated, or host.

• vpc_id — The ID of the VPC in which to deploy Jenkins

Outputs

• alb_arn — The ARN of the ALB deployed in front of Jenkins

• alb_dns_name — The DNS name of the ALB deployed in front of Jenkins

• alb_hosted_zone_id — The hosted zone ID of the ALB deployed in front of Jenkins

• alb_http_listener_arns — The ARNs of just the HTTP ALB listeners of the ALB deployed in front of Jenkins

• alb_https_listener_acm_cert_arns — The ARNs of just the HTTPS ALB listeners that usse ACM certs of the ALB deployed in front of Jenkins

• alb_https_listener_non_acm_cert_arns — The ARNs of just the HTTPS ALB listeners that use non-ACM certs of the ALB deployed in front of Jenkins

• alb_listener_arns — The ARNs of the ALB listeners of the ALB deployed in front of Jenkins

• alb_name — The name of the ALB deployed in front of Jenkins

• alb_security_group_id — The ID of the security group attached to the ALB deployed in front of Jenkins

• backup_lambda_function_arn —

• backup_lambda_function_name —

• jenkins_asg_name — The name of the Auto Scaling Group in which Jenkins is running

• jenkins_domain_name — The public domain name configured for Jenkins

• jenkins_ebs_volume_id — The ID of the EBS Volume that will store the JENKINS_HOME directory

• jenkins_iam_role_arn — The ARN of the IAM role attached to the Jenkins EC2 Instance

• jenkins_iam_role_id — The ID of the IAM role attached to the Jenkins EC2 Instance

• jenkins_security_group_id — The ID of the Security Group attached to the Jenkins EC2 Instance