- Build a Jenkins Master Docker image with plugins
- Deploy a Jenkins Master on Fargate with CDK
- Deploy VPC stack
- Deploy ECS Fargate cluster stack
- Deploy IAM Role stack
- Deploy ECR and CodeCommit repository stack
- Deploy ECS Fargate Service stack
- Set password from CloudWatch Logs
- Run Jenkins builds
Jenkins version: v2.346.2
npm install -g aws-cdk@2.32.1
npm install -g cdk-ecr-deployment@2.5.5
# install packages in the root folder
npm install
cdk bootstrapUse the cdk command-line toolkit to interact with your project:
cdk deploy: deploys your app into an AWS accountcdk synth: synthesizes an AWS CloudFormation template for your appcdk diff: compares your app with the deployed stackcdk watch: deployment every time a file change is detected
| Stack | Time To Complete | |
|---|---|---|
| 1 | VPC | 3m 30s (optional) |
| 2 | ECS Fargate cluster | 50s |
| 3 | IAM roles | 1m |
| 4 | ECR and CodeCommit repository | 1m |
| 5 | ECS Fargate Service and ALB | 4m |
| Total | 7m (10m 30s with a new VPC) |
Use the deploy-all.sh file if you want to deploy all stacks without prompt at a time.
Deploy a new VPC:
cd vpc
cdk deployThe VPC ID will be saved into the SSM Parameter Store(/jenkins-fargate-cdk/vpc-id) to refer from other stacks.
To use the existing VPC, use the -c vpcId context parameter or create SSM Parameter:
aws ssm put-parameter --name "/jenkins-fargate-cdk/vpc-id" --value "{existing-vpc-id}" --type String cd ../ecs-devops-cluster
cdk deploy
# or define your VPC id with context parameter
cdk deploy -c vpcId=<vpc-id>SSM parameter:
- /jenkins-fargate-cdk/vpc-id
Cluster Name: config.ts
ecs-devops-cluster/lib/devops-cluster-stack.ts.ts
Create the ECS Task Execution role and default Task Role.
- AmazonECSFargateTaskExecutionRole
- ECSFargateDefaultTaskRole including a policy for ECS Exec
cd ../ecs-iam-role
cdk deploy ecs-iam-role/lib/ecs-iam-role-stack.ts
cd ../ecr-codecommit
cdk deploy --outputs-file ./cdk-outputs.json
cat ./cdk-outputs.json | jq .Crearte a Fargate Service, Auto Scaling, ALB, and Log Group.
cd ../ecs-jenkins-service
cdk deploy --outputs-file ./cdk-outputs.json
cat ./cdk-outputs.json | jq .e.g.,
{
"ecs-jenkins-fargate-dev": {
"TaskDefinition": "jenkins-task",
"LogGroup": "jenkins",
"ALB": "alb-jenkins-123456789.ap-northeast-2.elb.amazonaws.com",
"Service": "arn:aws:ecs:ap-northeast-2:123456789:service/jenkins-fargate-dev/jenkins"
}
}SSM parameters:
- /jenkins-fargate-cdk/vpc-id
- /jenkins-fargate-cdk/cluster-securitygroup-id
- /jenkins-fargate-cdk/task-execution-role-arn
- /jenkins-fargate-cdk/default-task-role-arn
ecs-jenkins-service/lib/jenkins-fargate-stack.ts
IMPORTANT
If the ECS cluster was re-created, you HAVE to deploy after cdk.context.json files deletion with the below:
find . -name "cdk.context.json" -exec rm -f {} \;
Connect to Jenkins ALB and Unlock Jenkins with password. You can find the password on CDK console and CloudWatch Logs stream:
To connect into Jenkins container, refer to the ecs-exec.md page.
├── build.gradle
├── deploy-all.sh
├── clean-up.sh
├── config.ts
├── package.json
├── tsconfig.json
├── app
│ ├── Dockerfile
│ └── build.sh
├── ecr-codecommit
│ ├── bin
│ │ └── index.ts
│ ├── cdk.json
│ └── lib
│ └── ecr-codecommit-stack.ts
├── ecs-iam-role
│ ├── bin
│ │ └── index.ts
│ ├── cdk.json
│ └── lib
│ └── ecs-iam-role-stack.ts
├── ecs-devops-cluster
│ ├── bin
│ │ └── index.ts
│ ├── cdk.json
│ ├── jest.config.js
│ └── lib
│ └── devops-cluster-stack.ts.ts
├── ecs-jenkins-service
│ ├── bin
│ │ └── index.ts
│ ├── cdk.json
│ └── lib
│ └── jenkins-fargate-stack.ts
└── vpc
├── bin
│ └── index.ts
├── cdk.json
└── lib
└── vpc-stack.ts