Skip to content

Terraform Module Docs

Jenkins

Requirements

Name Version
terraform >= 1.0
aws 5.59.0
random 3.6.2

Providers

Name Version
aws 5.59.0
random 3.6.2

Modules

No modules.

Resources

Name Type
aws_autoscaling_group.jenkins_build_farm_asg resource
aws_cloudwatch_log_group.jenkins_service_log_group resource
aws_ecs_cluster.jenkins_cluster resource
aws_ecs_cluster_capacity_providers.jenkins_cluster_fargate_rpvodiers resource
aws_ecs_service.jenkins_service resource
aws_ecs_task_definition.jenkins_task_definition resource
aws_efs_access_point.jenkins_efs_access_point resource
aws_efs_backup_policy.policy resource
aws_efs_file_system.jenkins_efs_file_system resource
aws_efs_mount_target.jenkins_efs_mount_target resource
aws_fsx_openzfs_file_system.jenkins_build_farm_fsxz_file_system resource
aws_fsx_openzfs_volume.jenkins_build_farm_fsxz_volume resource
aws_iam_instance_profile.build_farm_instance_profile resource
aws_iam_policy.build_farm_fsxz_policy resource
aws_iam_policy.build_farm_s3_policy resource
aws_iam_policy.ec2_fleet_plugin_policy resource
aws_iam_policy.jenkins_default_policy resource
aws_iam_role.build_farm_role resource
aws_iam_role.jenkins_default_role resource
aws_iam_role.jenkins_task_execution_role resource
aws_iam_role_policy_attachment.ec2_fleet_plugin_policy_attachment resource
aws_launch_template.jenkins_build_farm_launch_template resource
aws_lb.jenkins_alb resource
aws_lb_listener.jenkins_alb_https_listener resource
aws_lb_target_group.jenkins_alb_target_group resource
aws_s3_bucket.artifact_buckets resource
aws_s3_bucket.jenkins_alb_access_logs_bucket resource
aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration resource
aws_s3_bucket_policy.alb_access_logs_bucket_policy resource
aws_s3_bucket_public_access_block.access_logs_bucket_public_block resource
aws_s3_bucket_public_access_block.artifacts_bucket_public_block resource
aws_s3_bucket_versioning.artifact_bucket_versioning resource
aws_security_group.jenkins_alb_sg resource
aws_security_group.jenkins_build_farm_sg resource
aws_security_group.jenkins_build_storage_sg resource
aws_security_group.jenkins_efs_security_group resource
aws_security_group.jenkins_service_sg resource
aws_vpc_security_group_egress_rule.jenkins_alb_outbound_service resource
aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv4 resource
aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv6 resource
aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv4 resource
aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv6 resource
aws_vpc_security_group_ingress_rule.jenkins_build_farm_inbound_ssh_service resource
aws_vpc_security_group_ingress_rule.jenkins_build_vpc_all_traffic resource
aws_vpc_security_group_ingress_rule.jenkins_efs_inbound_service resource
aws_vpc_security_group_ingress_rule.jenkins_service_inbound_alb resource
random_string.artifact_buckets resource
random_string.build_farm resource
random_string.fsxz resource
random_string.jenkins resource
random_string.jenkins_alb_access_logs_bucket_suffix resource
aws_caller_identity.current data source
aws_ecs_cluster.jenkins_cluster data source
aws_elb_service_account.main data source
aws_iam_policy_document.access_logs_bucket_alb_write data source
aws_iam_policy_document.build_farm_fsxz_policy data source
aws_iam_policy_document.build_farm_s3_policy data source
aws_iam_policy_document.ec2_fleet_plugin_policy data source
aws_iam_policy_document.ec2_trust_relationship data source
aws_iam_policy_document.ecs_tasks_trust_relationship data source
aws_iam_policy_document.jenkins_default_policy data source
aws_region.current data source
aws_vpc.build_farm_vpc data source

Inputs

Name Description Type Default Required
artifact_buckets List of Amazon S3 buckets you wish to create to store build farm artifacts. 
map(
    object({
      name                 = string
      enable_force_destroy = optional(bool, true)
      enable_versioning    = optional(bool, true)
      tags                 = optional(map(string), {})
    })
  )
 null no
build_farm_compute Each object in this map corresponds to an ASG used by Jenkins as build agents. 
map(object(
    {
      ami = string
      #TODO: Support mixed instances / spot with custom policies
      instance_type     = string
      ebs_optimized     = optional(bool, true)
      enable_monitoring = optional(bool, true)
    }
  ))
 {} no
build_farm_fsx_openzfs_storage Each object in this map corresponds to an FSx OpenZFS file system used by the Jenkins build agents. 
map(object(
    {
      storage_capacity    = number
      throughput_capacity = number
      storage_type        = optional(string, "SSD") # "SSD", "HDD"
      deployment_type     = optional(string, "SINGLE_AZ_1")
      route_table_ids     = optional(list(string), null)
      tags                = optional(map(string), null)
    }
  ))
 {} no
build_farm_subnets The subnets to deploy the build farms into. list(string) n/a yes
certificate_arn The TLS certificate ARN for the Jenkins service load balancer. string n/a yes
cluster_name The ARN of the cluster to deploy the Jenkins service into. Defaults to null and a cluster will be created. string null no
container_cpu The CPU allotment for the Jenkins container. number 1024 no
container_memory The memory allotment for the Jenkins container. number 4096 no
container_name The name of the Jenkins service container. string "jenkins-container" no
container_port The container port used by the Jenkins service container. number 8080 no
create_ec2_fleet_plugin_policy Optional creation of IAM Policy required for Jenkins EC2 Fleet plugin. Default is set to false. bool false no
create_jenkins_default_policy Optional creation of Jenkins Default IAM Policy. Default is set to true. bool true no
create_jenkins_default_role Optional creation of Jenkins Default IAM Role. Default is set to true. bool true no
custom_jenkins_role ARN of the custom IAM Role you wish to use with Jenkins. string null no
enable_default_efs_backup_plan This flag controls EFS backups for the Jenkins module. Default is set to true. bool true no
enable_jenkins_alb_access_logs Enables access logging for the Jenkins ALB. Defaults to true. bool true no
enable_jenkins_alb_deletion_protection Enables deletion protection for the Jenkins ALB. Defaults to true. bool true no
environment The current environment (e.g. dev, prod, etc.) string "dev" no
existing_artifact_buckets List of ARNs of the S3 buckets used to store artifacts created by the build farm. list(string) [] no
existing_security_groups A list of existing security group IDs to attach to the Jenkins service load balancer. list(string) null no
internal Set this flag to true if you do not want the Jenkins service load balancer to have a public IP. bool false no
jenkins_agent_secret_arns A list of secretmanager ARNs (wildcards allowed) that contain any secrets which need to be accessed by the Jenkins service. list(string) null no
jenkins_alb_access_logs_bucket ID of the S3 bucket for Jenkins ALB access log storage. If access logging is enabled and this is null the module creates a bucket. string null no
jenkins_alb_access_logs_prefix Log prefix for Jenkins ALB access logs. If null the project prefix and module name are used. string null no
jenkins_alb_subnets A list of subnet ids to deploy the Jenkins load balancer into. Public subnets are recommended. list(string) n/a yes
jenkins_cloudwatch_log_retention_in_days The log retention in days of the cloudwatch log group for Jenkins. string 365 no
jenkins_efs_performance_mode The performance mode of the EFS file system used by the Jenkins service. Defaults to general purpose. string "generalPurpose" no
jenkins_efs_throughput_mode The throughput mode of the EFS file system used by the Jenkins service. Defaults to bursting. string "bursting" no
jenkins_service_desired_container_count The desired number of containers running the Jenkins service. number 1 no
jenkins_service_subnets A list of subnets to deploy the Jenkins service into. Private subnets are recommended. list(string) n/a yes
name The name attached to Jenkins module resources. string "jenkins" no
project_prefix The project prefix for this workload. This is appeneded to the beginning of most resource names. string "cgd" no
tags Tags to apply to resources. map(any) 
{
  "IAC_MANAGEMENT": "CGD-Toolkit",
  "IAC_MODULE": "Jenkins",
  "IAC_PROVIDER": "Terraform"
}
 no
vpc_id The ID of the existing VPC you would like to deploy the Jenkins service and build farms into. string n/a yes

Outputs

Name Description
alb_security_group Security group associated with the Jenkins load balancer
build_farm_security_group Security group associated with the build farm autoscaling groups
jenkins_alb_dns_name The DNS name of the Jenkins application load balancer.
jenkins_alb_zone_id The zone ID of the Jenkins ALB.
service_security_group Security group associated with the ECS service hosting jenkins