AWSTemplateFormatVersion: 2010-09-09
Description:
  This template creates an EC2 instance which runs Jenkins.
  The initial password of the Jenkins instance will be shown in the outputs tab
  and must be changed during initial setup.  **WARNING**
  This template creates EC2 instances and related resources. You will be billed for
  the AWS resources used if you create a stack from this template.

Parameters:
  JenkinsInstanceType:
    AllowedValues:
      - t2.nano
      - t2.micro
      - t2.small
      - t2.medium
      - t2.large
      - t3.micro
      - t3.small
      - t3.medium
      - t3.large
      - t3.xlarge
      - t3.2xlarge
    Default: t2.micro
    Description: Amazon EC2 instance type for the Jenkins instances.
    Type: String

  VPC:
    Description: VPC for the Jenkins instance
    Type: AWS::EC2::VPC::Id

  Subnet:
    Description: Subnet for the Jenkins instance
    Type: AWS::EC2::Subnet::Id

Mappings:
  RegionMap:
    'eu-north-1':
      AMI: 'ami-039609244d2810a6b'
    'ap-south-1':
      AMI: 'ami-0ebc1ac48dfd14136'
    'eu-west-1':
      AMI: 'ami-07d9160fa81ccffb5'
    'ap-northeast-1':
      AMI: 'ami-0cc75a8978fbbc969'
    'ap-southeast-1':
      AMI: 'ami-0cd31be676780afa7'
    'ap-southeast-2':
      AMI: 'ami-0ded330691a314693'
    'eu-central-1':
      AMI: 'ami-0c115dbd34c69a004'
    'us-east-1':
      AMI: 'ami-02354e95b39ca8dec'
    'us-east-2':
      AMI: 'ami-07c8bc5c1ce9598c3'
    'us-west-2':
      AMI: 'ami-0873b46c45c11058d'

Resources:
  JenkinsSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: !Ref VPC
      GroupDescription: HTTP Access to Jenkins
      SecurityGroupIngress:
        - IpProtocol: 'tcp'
          FromPort: 8080
          ToPort: 8080
          CidrIp: '0.0.0.0/0'

  JenkinsInstance:
    Type: AWS::EC2::Instance
    Properties:
      SubnetId: !Ref Subnet
      ImageId: !FindInMap
        - RegionMap
        - !Ref 'AWS::Region'
        - AMI
      SecurityGroupIds:
        - !Ref JenkinsSecurityGroup
      InstanceType: !Ref JenkinsInstanceType
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash
          set -x
          yum update -y
          yum install -y java-1.8.0-openjdk-devel python3 docker git
          yum remove awscli -y
          pip3 install twine
          pip3 install wheel
          curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
          unzip awscliv2.zip
          ./aws/install  -i /usr/local/aws-cli -b /usr/bin
          curl --silent --location http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo | sudo tee /etc/yum.repos.d/jenkins.repo
          rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
          yum install -y jenkins
          usermod -aG docker jenkins
          systemctl start jenkins
          systemctl start docker
          systemctl enable docker
          systemctl enable jenkins
          curl --retry 15 --retry-connrefused http://127.0.0.1:8080/jnlpJars/jenkins-cli.jar > jenkins-cli.jar
          /opt/aws/bin/cfn-signal --success true --data "$(cat /var/lib/jenkins/secrets/initialAdminPassword)" "${JenkinsWaitHandle}"

  JenkinsWaitCondition:
    Type: "AWS::CloudFormation::WaitCondition"
    DependsOn: JenkinsInstance
    Properties:
      Timeout: 800
      Handle: !Ref JenkinsWaitHandle

  JenkinsWaitHandle:
    Type: "AWS::CloudFormation::WaitConditionHandle"

Outputs:
  InitialPassword:
    Value: !GetAtt JenkinsWaitCondition.Data
  JenkinsURL:
    Value: !Sub http://${JenkinsInstance.PublicDnsName}:8080