Demo of using code analysis and alerting for infrastructure as code (Terraform) in a CI/CD pipeline (Jenkins)
Deploy the CloudFormation infrastructure/cloudformation.json
template. The template creates a user with the following credentials and minimal required permisisons to complete the Lab:
- Username: student
- Password: password
-
In the Cloud9 environment, download the sample Terraform configuration files:
wget https://github.com/cloudacademy/terraform-highly-available-website-on-aws/blob/master/config.zip?raw=true -O tf.zip unzip tf.zip -d tf
-
Run TFLint on the configuration files:
docker run -v $(pwd):/tf --workdir=/tf --rm wata727/tflint:0.5.4 --error-with-issues
-
Create an Amazon SNS Topic and subscribe to it. Copy the Topic ARN for later.
-
Create a new Jenkins project that watches a Git repo at
git://localhost/lab.git
withPoll SCM
enabled and the following execute shell build step:#!/bin/bash docker run -v $(pwd):/src --workdir=/src --rm wata727/tflint:0.5.4 --error-with-issues
-
Add a post-build action for Amazon SNS Notifier using the Topic ARN you copied earlier.
-
Clone the Jenkins server Git repo:
cd ~/environment repo_url=$(aws ec2 describe-instances --filters "Name=tag:Type,Values=Build" --query "Reservations[0].Instances[0].PublicDnsName" \ | sed 's/"\(.*\)"/git:\/\/\1\/lab.git/') git clone $repo_url src
-
Add, commit, and push the configuration files to the remote Git repo
-
Check your emails and inspect the build failure using the link in the email
Delete the CloudFormation stack to remove all the resources used in the Lab.