We start by creating a Terraform EC2 key-pair and a Terraform IAM user as in previous chapters (do not forget to write down access/secret API keys). Then we grant permissions to the IAM user to perform actions with the EC2, IAM, S3 and CodeCommit services:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "NotAction": [ "codecommit:DeleteRepository" ], "Resource": "*" }, { "Effect": "Allow", "NotAction": [ "s3:DeleteBucket" ], "Resource": "*" }, { "Sid": "Stmt1461764665000", "Effect": "Allow", "Action": [ "ec2:AllocateAddress", ...
Then we associate a SSH public key with the user (as per the screenshots in the previous chapter) to allow codecommit
repository access.
Next, we need to setup our AWS CLI environment with the keys we produced earlier:
$ export AWS_ACCESS_KEY_ID='user_access_key' $ export AWS_SECRET_ACCESS_KEY='user_secret_access_key' $ export AWS_DEFAULT_REGION='us-east-1'
Now we should be able to use the CLI tool and create our SaltStack repository:
$ aws codecommit create-repository --repository-name salt --repository-description "SaltStack repo" { "repositoryMetadata": { "repositoryName": "salt", "cloneUrlSsh": "ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/salt", ...
We clone the repository locally:
$ git clone ssh://[email protected] 1.amazonaws.com/v1/repos/salt Cloning into 'salt'... warning: You appear to have cloned an empty repository. Checking connectivity... done.
(where SSH_KEY_ID
is the one we saw after uploading a public key here)
Finally, you can copy the ready salt code examples for this chapter, commit and push to the codecommit
repository.
With the SaltStack repo in sync, we can proceed with Terraform and the bootstrap process. Inside our TF templates folder we run the familiar command sequence:
$ terraform validate $ terraform plan Refreshing Terraform state prior to plan... ... Plan: 11 to add, 0 to change, 0 to destroy. $ terraform apply aws_iam_role.jenkins: Creating... ... Apply complete! Resources: 11 added, 0 changed, 0 destroyed. Outputs: JENKINS EIP = x.x.x.x VPC ID = vpc-xxxxxx
At the end we get the IP of our Jenkins node which we would need to resolve into a hostname (for example via the nslookup
cmd). Load that in your browser and you should be greeted by Jenkins.