Configuration of a Jenkins master with slaves on-demand (AWS EC2 only for now).

• Custom Virtual Private Cloud (VPC)

• Public subnet
• Internet gateway
• NAT gateway
• Security group to allow access the Jenkins UI
• Security group to allow access to EFS storage from Jenkins master

• Private subnet
• Security groups to allow only access from the Jenkins master

• AWS EC2 instance (t3.large by default)
• AWS AMI (Amazon Linux 2)
• SSH key pair
• NGINX reverse-proxy configuration

• AWS EC2 instance template (different instance sizes)
• AWS AMI (Amazon Linux 2 minimal)
• SSH key pair

• EBS root volume for all instances
• AWS Elastic File System (EFS) for the Jenkins master configuration and data

Clone this Git repository

git clone [email protected]:timoa/terraform-jenkins-slaves-on-demand.git

Now, go to the tf-vm/aws folder (the only type and provider for the moment)

cd terraform-jenkins-slaves-on-demand/tf-vm/aws

You can change some of the variables in the variables.tf. See the configuration section

Start by install the dependencies

terraform init

Run terraform plan to see which resources will be created and save the generated execution plan

terraform plan --out=jenkins.tfplan

Apply the Terraform plan

terraform apply jenkins.tfplan

This variables can be changed under the variables.tf file.

• Terraform backend with S3 + lock
• Add EC2 health check URL for the Jenkins master
• Encrypt the AMI with the new AWS API
• Encrypt EFS in transit (SSL)
• Mount the EFS volume when ready (can take up to 25 min to be provisionned)
• Configure Jenkins with the necessary plugins
• Create a separate Jenkins master IAM role to create the slaves on-demand
• Create the Jenkins slaves AMI
• Let's Encrypt SSL certificate for the Jenkins master
• Use an existing VPC ID
• Use an existing EFS ID
• Install and configure Prometheus Node Exporter for monitoring
• Install and configure Logstash and export logs to an Elasticsearch instance