DEV Community: Kandla Gifari Akbar The latest articles on DEV Community by Kandla Gifari Akbar (@kandlagifari). https://dev.to/kandlagifari https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1246231%2Fc553f9f2-5706-414c-9435-647072e4244a.png DEV Community: Kandla Gifari Akbar https://dev.to/kandlagifari en Build Jenkins EC2 AMI Using HachiCorp Packer Kandla Gifari Akbar Thu, 04 Jan 2024 12:23:31 +0000 https://dev.to/kandlagifari/build-jenkins-ec2-ami-using-hachicorp-packer-2dif https://dev.to/kandlagifari/build-jenkins-ec2-ami-using-hachicorp-packer-2dif <h2> Preparation </h2> <p>We need to prepare some tools, such as:</p> <p>1.HashiCorp Packer. You can download it in <a href="https://developer.hashicorp.com/packer/install?product_intent=packer" rel="noopener noreferrer">here</a>. In this article, I use Packer v1.9.4</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxwf3ve2smf7txnwtv2ui.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxwf3ve2smf7txnwtv2ui.png" alt="Image description" width="800" height="59"></a></p> <p>2.AWS CLI. You can install it in <a href="https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html" rel="noopener noreferrer">here</a>. In this article, I use aws-cli v2.8.3</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqa8l6a8pcpg452kra95o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqa8l6a8pcpg452kra95o.png" alt="Image description" width="800" height="45"></a></p> <p>3.Your Favorite IDE (Integrated Development Environment).</p> <p>4.HashiCorp Terraform (Optional, if you'd like to follow along on the provisioning Jenkins EC2 Using Terraform). You can download it in <a href="https://developer.hashicorp.com/terraform/install" rel="noopener noreferrer">here</a>. In this article, I use Terraform v1.3.2</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo2ujvabduh75476rdxol.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo2ujvabduh75476rdxol.png" alt="Image description" width="800" height="60"></a></p> <h2> HashiCorp Packer Introduction </h2> <p>HashiCorp Packer is an open-source tool that automates the creation of any machine image for multiple platforms. Packer is no replacement for configuration management tools like Ansible, Puppet, or Chef. Packer uses these tools to install and configure software and dependencies while creating images (AMI for EC2). </p> <p>Packer uses a configuration file to create a machine image. Then, it uses builders to spin up an instance on the target platform and runs provisioners to configure applications or services. Once setup is done, it shuts down the temporary instance and saves the new images with any needed post-processing.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp46bw0chliukp2s42esu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp46bw0chliukp2s42esu.png" alt="Image description" width="661" height="461"></a></p> <p>Here are the steps in the process:</p> <ol> <li>Boot a temporary instance using the base AMI defined in the HCL template file.</li> <li>Provision the instance using configuration management tools like Ansible, Chef, or a simple automated script to configure the example into the desired state.</li> <li>Create a new machine image from the temporary running instance and shut down the temporary instance after the AMI is registered.</li> </ol> <h2> Create Jenkins Master EC2 AMI </h2> <p><strong>Step 1:</strong> Verify Packer is available on our local machine. Just type <code>packer</code> in our terminal.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F032gedufrjzmg0hl10mh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F032gedufrjzmg0hl10mh.png" alt="Image description" width="800" height="213"></a></p> <p><strong>Step 2:</strong> Create an HCL template file named <code>jenkins-master.pkr.hcl</code> and fill it with the following code.<br> jenkins-master.pkr.hcl <br> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>packer { required_plugins { amazon = { source = "github.com/hashicorp/amazon" version = "~&gt; 1" } } } source "amazon-ebs" "jenkins-master" { ami_description = "Amazon Linux Image with Jenkins Server" ami_name = "jenkins-master-{{timestamp}}" instance_type = "${var.instance_type}" profile = "${var.aws_profile}" region = "${var.region}" source_ami_filter { filters = { name = "amzn2-ami-hvm*" root-device-type = "ebs" virtualization-type = "hvm" } most_recent = true owners = ["amazon"] } ssh_username = "ec2-user" tags = { "Name" = "Jenkins Master" "Environment" = "SandBox" "OS_Version" = "Amazon Linux 2" "Release" = "Latest" "Created-by" = "Packer" } } build { name = "jenkins-master" sources = ["source.amazon-ebs.jenkins-master"] provisioner "shell" { execute_command = "sudo -E -S sh '{{ .Path }}'" script = "./setup-jenkins-master.sh" } } </code></pre> </div> </p> <p>This file consists of 3 main blocks:</p> <ol> <li> <code>Packer</code> block that we can define our required plugins for AMI creation</li> <li> <code>Source</code> block that we can define our source AMI (base AMI)</li> <li> <code>Build</code> block that we can define several <code>provisioner</code> or what packer need to run to create a custom AMI</li> </ol> <p>We can get the Source AMI using the <code>source_ami_filter</code> attribute. So that Packer will automatically populate the <code>source_ami</code> based on the filtering criteria that we are defined on the template. If multiple AMIs meet all of the filtering criteria provided in <code>source_ami_filter</code>, the <code>most_recent</code> attribute will select the newest Amazon Linux AMI.</p> <p>The <code>build</code> block has a <code>provisioner</code> stage that is responsible for installing and configuring all needed dependencies. Packer fully supports multiple modern configuration management tools such as Ansible, Chef, or even Bash scripts are also supported. </p> <p>We can also see that several arguments need to pass a variable that can be overridden at the Packer runtime. So, let's create the variables file.</p> <p><strong>Step 3:</strong> Create the variables file and call it <code>variables.pkr.hcl</code> that defined our variable on our main packer template.<br> variables.pkr.hcl <br> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>variable "aws_profile" { type = string default = "default" } variable "instance_type" { type = string default = "t3.micro" } variable "region" { type = string default = "us-east-1" } </code></pre> </div> </p> <p><strong>Step 4:</strong> We also need to create a bash script called <code>setup-jenkins-master.sh</code> for installing and configuring all dependencies in <code>provisioner</code> stage</p> <p> setup-jenkins-master.sh <br> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">echo</span> <span class="s2">"Installing Amazon Linux extras"</span> amazon-linux-extras <span class="nb">install </span>epel <span class="nt">-y</span> <span class="nb">echo</span> <span class="s2">"Install Jenkins stable release"</span> yum remove <span class="nt">-y</span> java amazon-linux-extras <span class="nb">install </span>java-openjdk11 <span class="nt">-y</span> wget <span class="nt">-O</span> /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo rpm <span class="nt">--import</span> https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key yum <span class="nb">install</span> <span class="nt">-y</span> jenkins chkconfig jenkins on systemctl start jenkins systemctl status jenkins journalctl <span class="nt">-u</span> jenkins </code></pre> </div> </p> <p>The script is straightforward, it will install Amazon Linux Extras, Java Development Kit (JDK), and also Jenkins. Once the Jenkins package is installed with the Yum package manager, the script configures Jenkins to start automatically if the machine has been restarted with the <code>chkconfig</code> command.</p> <p><strong>Step 5:</strong> We can also create an environment variable file that will override the default value on the <code>variables.pkr.hcl</code> file. This step is optional, but if you want, you can create a file with the pattern <code>*.auto.pkrvars.hcl</code>, for example <code>jenkins-master.auto.pkrvars.hcl</code></p> <p> jenkins-master.auto.pkrvars.hcl <br> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws_profile = "packer" # change with your aws profile name instance_type = "t3.micro" region = "ap-southeast-3" </code></pre> </div> </p> <p><strong>Step 6:</strong> We need to create a <code>packer</code> user with a custom IAM policy to create an AMI. For this, let's create a file called <code>packer-iam-policy.json</code></p> <blockquote> <p>I assume that you are familiar with configuring AWS CLI. You can also refer to this <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html" rel="noopener noreferrer">AWS documentation</a>.</p> </blockquote> <p> packer-iam-policy.json <br> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ec2:AttachVolume"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:AuthorizeSecurityGroupIngress"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:CopyImage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:CreateImage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:CreateKeypair"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:CreateSecurityGroup"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:CreateSnapshot"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:CreateTags"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:CreateVolume"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DeleteKeyPair"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DeleteSecurityGroup"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DeleteSnapshot"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DeleteVolume"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DeregisterImage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeImageAttribute"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeImages"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeInstanceStatus"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeRegions"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeSecurityGroups"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeSnapshots"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeSubnets"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeTags"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeVolumes"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DetachVolume"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:GetPasswordData"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:ModifyImageAttribute"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:ModifyInstanceAttribute"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:ModifySnapshotAttribute"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:RegisterImage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:RunInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:StopInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:TerminateInstances"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> </p> <p>We can use this shell command to create a <code>packer</code> user using AWS CLI command and attach the <code>packer-iam-policy</code> to this user<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws iam create-user <span class="nt">--user-name</span> packer aws iam put-user-policy <span class="nt">--user-name</span> packer <span class="nt">--policy-name</span> packer-iam-policy <span class="nt">--policy-document</span> file://packer-iam-policy.json aws iam create-access-key <span class="nt">--user-name</span> packer </code></pre> </div> <p>Take note of the <code>AccessKeyId</code> and <code>SecretAccessKey</code> because the packer will need this key to access AWS resources.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhjvbnn4ekjqsv1n9j42k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhjvbnn4ekjqsv1n9j42k.png" alt="Image description" width="800" height="130"></a></p> <p><strong>Step 7:</strong> With a properly configured IAM user, it is time to build our first image. We need to run <code>packer init .</code> for the first time. It will give the output like this.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffq7thkk3cbe2mszuldgt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffq7thkk3cbe2mszuldgt.png" alt="Image description" width="800" height="72"></a></p> <p><strong>Step 8:</strong> After initializing, run the <code>packer build .</code> command to start the Packer Build.</p> <p>Packer will create temporary Key Pair, Security Group, EC2 Instance, based on the configuration specified in the HCL template file and then execute the bash script on the deployed instance.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flon144qugq6msy41w3zb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flon144qugq6msy41w3zb.png" alt="Image description" width="800" height="255"></a></p> <p>Packer Spin-Up Temporary EC2 Instance</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr6dbda68utbvpzdrog7l.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr6dbda68utbvpzdrog7l.png" alt="Image description" width="800" height="131"></a></p> <p>At the end of running the <code>packer build .</code> command, Packer will automatically clean up the temporary resource (Key Pair, Security Group, EC2 Instance) and write outputs of the artifacts created as part of the build. Artifacts are the results of a build and are typically represented by the AMI ID.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj7d4ztieguejitty7n0b.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj7d4ztieguejitty7n0b.png" alt="Image description" width="800" height="357"></a></p> <p>Packer Automatically Terminate Our Temporary EC2 Instance</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyltl4c9xc0fldep6cucl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyltl4c9xc0fldep6cucl.png" alt="Image description" width="800" height="130"></a></p> <p><strong>Step 9:</strong> We can verify the newly created AMI on the EC2 Console. Go to <code>EC2</code> and then click on <code>AMIs</code>. Filter on the <code>Owned by me</code>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2ydd05t9bwfr3sbxh0uy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2ydd05t9bwfr3sbxh0uy.png" alt="Image description" width="800" height="106"></a></p> <h2> Launch Our Jenkins EC2 Using the New AMI </h2> <p>Yeah!!! Finally, our Jenkins AMI has been created. Let’s test it out and see if Jenkins has been properly installed. For this, we can test Launch Instance via Console, but in this article I will use Terraform.</p> <p><strong>Step 1:</strong> Verify Terraform is available on our local machine. Just type <code>terraform</code> in our terminal.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flc228pikwj3fdki63mkw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flc228pikwj3fdki63mkw.png" alt="Image description" width="800" height="168"></a></p> <p><strong>Step 2:</strong> Create a file named <code>main.tf</code>, and fill it with the following code.<br> main.tf <br> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">region</span> <span class="nx">profile</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">aws_profile</span> <span class="p">}</span> <span class="k">data</span> <span class="s2">"aws_ami"</span> <span class="s2">"packer_image"</span> <span class="p">{</span> <span class="nx">most_recent</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"tag:Created-by"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"Packer"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"tag:Name"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="kd">var</span><span class="p">.</span><span class="nx">app_name</span><span class="p">]</span> <span class="p">}</span> <span class="nx">owners</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"self"</span><span class="p">]</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"allow_jenkins"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"allow_jenkins"</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Allow inbound traffic to jenkins 8080"</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Jenkins Inbound Traffic"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">allowed_ip</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"allow_jenkins"</span> <span class="p">}</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_iam_role"</span> <span class="s2">"jenkins_role"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"jenkins-iam-role"</span> <span class="nx">assume_role_policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="s2">"Version"</span> <span class="p">=</span> <span class="s2">"2012-10-17"</span><span class="p">,</span> <span class="s2">"Statement"</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="s2">"Action"</span> <span class="p">=</span> <span class="s2">"sts:AssumeRole"</span><span class="p">,</span> <span class="s2">"Effect"</span> <span class="p">=</span> <span class="s2">"Allow"</span><span class="p">,</span> <span class="s2">"Sid"</span> <span class="p">=</span> <span class="s2">""</span><span class="p">,</span> <span class="s2">"Principal"</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"Service"</span> <span class="p">=</span> <span class="s2">"ec2.amazonaws.com"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_iam_role_policy_attachment"</span> <span class="s2">"AmazonSSMManagedInstanceCore"</span> <span class="p">{</span> <span class="nx">policy_arn</span> <span class="p">=</span> <span class="s2">"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">jenkins_role</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_iam_instance_profile"</span> <span class="s2">"jenkins_instance_profile"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"jenkins-instance-profile"</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">jenkins_role</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"jenkins_ami"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_ami</span><span class="p">.</span><span class="nx">packer_image</span><span class="p">.</span><span class="nx">id</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">instance_type</span> <span class="nx">iam_instance_profile</span> <span class="p">=</span> <span class="nx">aws_iam_instance_profile</span><span class="p">.</span><span class="nx">jenkins_instance_profile</span><span class="p">.</span><span class="nx">name</span> <span class="nx">vpc_security_group_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">allow_jenkins</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"Name"</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">app_name</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> </p> <p>This Terraform script will create a <code>Security Group</code> to open Inbound Access on port 8080 (default Jenkins Port) from the specific CIDR (we can change it on the Terraform Variable). It will also create an <code>IAM Role</code> with SSM Policy because we will access our EC2 Using <code>SSM Session Manager</code> (We don't open SSH port). Lastly, it will create an <code>EC2 Instance</code> in which the AMI will be queried based on the data block we filtered based on the <code>new AMI created by Packer</code>.</p> <p><strong>Step 3:</strong> We need to create a variable file to define our variable block that will be used on the main template.<br> So, let's create <code>variables.tf</code>, and fill it with the following code.</p> <p> variables.tf <br> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">variable</span> <span class="s2">"region"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"AWS Region"</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="p">}</span> <span class="k">variable</span> <span class="s2">"app_name"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Application Name"</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"Jenkins Master"</span> <span class="p">}</span> <span class="k">variable</span> <span class="s2">"instance_type"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"EC2 Instance Type"</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"t3.small"</span> <span class="p">}</span> <span class="k">variable</span> <span class="s2">"aws_profile"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Custom AWS Profile"</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"default"</span> <span class="p">}</span> <span class="k">variable</span> <span class="s2">"allowed_ip"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"List of Allow IP Address to Access EC2"</span> <span class="nx">default</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> </p> <p><strong>Step 4:</strong> We can also create the outputs file, so the Terraform will print the output value once the provisioning process is done. This step is not mandatory, but it is still worth having when we deal with huge Terraform scripts with modules. :)<br> So, let's create <code>outputs.tf</code>, and fill it with the following code.</p> <p> outputs.tf <br> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">output</span> <span class="s2">"public_ip"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">jenkins_ami</span><span class="p">.</span><span class="nx">public_ip</span> <span class="p">}</span> <span class="k">output</span> <span class="s2">"public_dns"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">jenkins_ami</span><span class="p">.</span><span class="nx">public_dns</span> <span class="p">}</span> <span class="k">output</span> <span class="s2">"jenkins_url"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"http://</span><span class="k">${</span><span class="nx">aws_instance</span><span class="p">.</span><span class="nx">jenkins_ami</span><span class="p">.</span><span class="nx">public_dns</span><span class="k">}</span><span class="s2">:8080"</span> <span class="p">}</span> </code></pre> </div> </p> <p><strong>Step 5:</strong> Last but not least, we can also create an environment variable file that will override the default value on the <code>variables.tf</code> file. We can name it <code>terraform.tfvars</code>, so Terraform will automatically detect the new value of variables.</p> <p> terraform.tfvars <br> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="nx">region</span> <span class="err">=</span> <span class="s2">"ap-southeast-3"</span> <span class="nx">instance_type</span> <span class="err">=</span> <span class="s2">"t3.micro"</span> <span class="nx">aws_profile</span> <span class="err">=</span> <span class="s2">"kobokan-aer"</span> <span class="c1"># change with your aws profile name</span> <span class="nx">allowed_ip</span> <span class="err">=</span> <span class="p">[</span><span class="s2">"10.10.10.10/32"</span><span class="p">]</span> <span class="c1"># change with your IP</span> </code></pre> </div> </p> <p><strong>Step 6:</strong> Finally, we can try to run our Terraform scripts. For the first, we need to run <code>terraform init</code> to initilizing the backend and install the required plugins.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl9vmy2sp7yrd9jx9r1rp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl9vmy2sp7yrd9jx9r1rp.png" alt="Image description" width="800" height="275"></a></p> <p>Terraform will create this file and directory if the initializing runs successfully.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F83fge8v8ydum8v9flnu3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F83fge8v8ydum8v9flnu3.png" alt="Image description" width="800" height="97"></a></p> <p><strong>Step 7:</strong> After initializing, run the <code>terraform apply -auto-approve</code> to start resource provisioning.</p> <blockquote> <p>In the real project, always run the <code>terraform plan</code> first to see the list of resources Terraform will create.</p> </blockquote> <p>We can see that Terraform will automatically pull the latest AMI created by Packer.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0c2j0e8n6k0j6k3cgugd.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0c2j0e8n6k0j6k3cgugd.png" alt="Image description" width="800" height="677"></a></p> <p>At the end of the <code>terraform apply</code>, we can verify the Jenkins App will be automatically installed on our EC2. Simply copy the <code>jenkins_url</code> output on our favorite Browser.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff8p9z7fsmgwn9ogswvsv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff8p9z7fsmgwn9ogswvsv.png" alt="Image description" width="800" height="290"></a></p> <p>Jenkins automatically installed and running</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcx3gcy03hvay8hlvnynz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcx3gcy03hvay8hlvnynz.png" alt="Image description" width="800" height="413"></a></p> <p><strong>Step 8:</strong> If you want, you can test to use the Jenkins. Just copy the Initial Admin Password on the EC2. Click on the Jenkins Master EC2 -&gt; Connect -&gt; Session Manager -&gt; Connect</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjsivkhxokelj6qknkfi2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjsivkhxokelj6qknkfi2.png" alt="Image description" width="800" height="110"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy48y88rkdscel69pyn2i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy48y88rkdscel69pyn2i.png" alt="Image description" width="800" height="423"></a></p> <p><strong>Step 9:</strong> Copy this password on the Jenkins UI, and we only need to follow the steps that Jenkins provides will be straightforward.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fry4jyx7ktu640058swn3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fry4jyx7ktu640058swn3.png" alt="Image description" width="800" height="187"></a></p> <p>Yeayy!!! we successfully Set Up our Jenkins Master on the EC2 Using the AMI from Packer. Feel free to play around with that.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffgwrnlzrwictxelf24hu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffgwrnlzrwictxelf24hu.png" alt="Image description" width="800" height="423"></a></p> <h2> Clean Up </h2> <p>To clean up our resources, simply run the following shell command on our local terminal.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ec2 deregister-image <span class="nt">--image-id</span> &lt;your-ami-id&gt; aws ec2 delete-snapshot <span class="nt">--snapshot-id</span> &lt;your-snapshot-id&gt; <span class="c"># On the Terraform Working Directory</span> terraform destroy <span class="nt">-auto-approve</span> </code></pre> </div> <h2> Conclusion </h2> <p>Now that we can use Jenkins AMI to create Jenkins instances. Terraform will pull the latest AMI created by Packer. We can still improve it by integrating it into the pipeline to automatically create AMI on the Packer workflow and provision the EC2 using Terraform. But it is totally AWSome for now :)</p> <h2> Thank you for Reading </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgzazg2fu0e8q0qgarway.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgzazg2fu0e8q0qgarway.gif" alt="Image description" width="500" height="281"></a></p> aws packer jenkins ec2