// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test 1`] = ` { "Outputs": { "JenkinsControllerServiceLoadBalancerDNSBF5E040D": { "Value": { "Fn::GetAtt": [ "JenkinsControllerServiceLB06787F02", "DNSName", ], }, }, "JenkinsControllerServiceServiceURLC68939D9": { "Value": { "Fn::Join": [ "", [ "http://", { "Fn::GetAtt": [ "JenkinsControllerServiceLB06787F02", "DNSName", ], }, ], ], }, }, "JenkinsMacAgent1InstanceId39041E59": { "Value": { "Ref": "JenkinsMacAgent1Instance609468B3", }, }, "UnityAcceleratorEndpointC89B3A26": { "Value": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "NamespaceServiceCABDF534", "Name", ], }, ".build:10080", ], ], }, }, "UnityAcceleratorInstanceIdC7EEEEA7": { "Value": { "Ref": "UnityAccelerator945220AA", }, }, }, "Parameters": { "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter": { "Default": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", "Type": "AWS::SSM::Parameter::Value", }, "SsmParameterValueawsserviceamiwindowslatestWindowsServer2022EnglishFullContainersLatestC96584B6F00A464EAD1953AFF4B05118Parameter": { "Default": "/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-ContainersLatest", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": { "ArtifactBucket7410C9EF": { "DeletionPolicy": "Delete", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "LoggingConfiguration": { "DestinationBucketName": { "Ref": "LogBucketCC3B17E8", }, "LogFilePrefix": "artifactBucketAccessLogs/", }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "Tags": [ { "Key": "aws-cdk:auto-delete-objects", "Value": "true", }, ], }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Delete", }, "ArtifactBucketAutoDeleteObjectsCustomResource0BB47FD6": { "DeletionPolicy": "Delete", "DependsOn": [ "ArtifactBucketPolicy4B4B7752", ], "Properties": { "BucketName": { "Ref": "ArtifactBucket7410C9EF", }, "ServiceToken": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", "Arn", ], }, }, "Type": "Custom::S3AutoDeleteObjects", "UpdateReplacePolicy": "Delete", }, "ArtifactBucketPolicy4B4B7752": { "Properties": { "Bucket": { "Ref": "ArtifactBucket7410C9EF", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, "/*", ], ], }, ], }, { "Action": [ "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn", ], }, }, "Resource": [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { "DependsOn": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", ], "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-us-east-2", }, "S3Key": "350185a1069fa20a23a583e20c77f6844218bd73097902362dc94f1a108f5d89.zip", }, "Description": { "Fn::Join": [ "", [ "Lambda function for auto-deleting objects in ", { "Ref": "LogBucketCC3B17E8", }, " S3 bucket.", ], ], }, "Handler": "__entrypoint__.handler", "MemorySize": 128, "Role": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn", ], }, "Runtime": "nodejs16.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Sub": "arn:\${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", }, ], }, "Type": "AWS::IAM::Role", }, "JenkinsControllerClusterE5BC789D": { "Properties": { "ClusterSettings": [ { "Name": "containerInsights", "Value": "enabled", }, ], }, "Type": "AWS::ECS::Cluster", }, "JenkinsControllerServiceDF0B0414": { "DependsOn": [ "JenkinsControllerServiceLBPublicListenerECSGroup2B1CBE4E", "JenkinsControllerServiceLBPublicListener92C1276E", ], "Properties": { "Cluster": { "Ref": "JenkinsControllerClusterE5BC789D", }, "DeploymentConfiguration": { "DeploymentCircuitBreaker": { "Enable": true, "Rollback": true, }, "MaximumPercent": 200, "MinimumHealthyPercent": 100, }, "DeploymentController": { "Type": "ECS", }, "DesiredCount": 1, "EnableECSManagedTags": false, "EnableExecuteCommand": true, "HealthCheckGracePeriodSeconds": 60, "LaunchType": "FARGATE", "LoadBalancers": [ { "ContainerName": "main", "ContainerPort": 8080, "TargetGroupArn": { "Ref": "JenkinsControllerServiceLBPublicListenerECSGroup2B1CBE4E", }, }, ], "NetworkConfiguration": { "AwsvpcConfiguration": { "AssignPublicIp": "DISABLED", "SecurityGroups": [ { "Fn::GetAtt": [ "JenkinsControllerServiceSecurityGroup8CBE094C", "GroupId", ], }, ], "Subnets": [ { "Ref": "VpcPrivateSubnet1Subnet536B997A", }, { "Ref": "VpcPrivateSubnet2Subnet3788AAA1", }, ], }, }, "TaskDefinition": { "Ref": "JenkinsControllerTaskDefinitionA87C7BAA", }, }, "Type": "AWS::ECS::Service", }, "JenkinsControllerServiceLB06787F02": { "DependsOn": [ "LogBucketAutoDeleteObjectsCustomResource7762F42C", "LogBucketPolicy900DBE48", "LogBucketCC3B17E8", "VpcPublicSubnet1DefaultRoute3DA9E72A", "VpcPublicSubnet1RouteTableAssociation97140677", "VpcPublicSubnet2DefaultRoute97F91067", "VpcPublicSubnet2RouteTableAssociationDD5762D8", ], "Properties": { "LoadBalancerAttributes": [ { "Key": "deletion_protection.enabled", "Value": "false", }, { "Key": "access_logs.s3.enabled", "Value": "true", }, { "Key": "access_logs.s3.bucket", "Value": { "Ref": "LogBucketCC3B17E8", }, }, { "Key": "access_logs.s3.prefix", "Value": "jenkinsAlbAccessLog", }, ], "Scheme": "internet-facing", "SecurityGroups": [ { "Fn::GetAtt": [ "JenkinsControllerServiceLBSecurityGroup00DC39C4", "GroupId", ], }, ], "Subnets": [ { "Ref": "VpcPublicSubnet1Subnet5C2D37C4", }, { "Ref": "VpcPublicSubnet2Subnet691E08A3", }, ], "Type": "application", }, "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", }, "JenkinsControllerServiceLBPublicListener92C1276E": { "DependsOn": [ "LogBucketAutoDeleteObjectsCustomResource7762F42C", "LogBucketPolicy900DBE48", "LogBucketCC3B17E8", ], "Properties": { "DefaultActions": [ { "TargetGroupArn": { "Ref": "JenkinsControllerServiceLBPublicListenerECSGroup2B1CBE4E", }, "Type": "forward", }, ], "LoadBalancerArn": { "Ref": "JenkinsControllerServiceLB06787F02", }, "Port": 80, "Protocol": "HTTP", }, "Type": "AWS::ElasticLoadBalancingV2::Listener", }, "JenkinsControllerServiceLBPublicListenerECSGroup2B1CBE4E": { "DependsOn": [ "LogBucketAutoDeleteObjectsCustomResource7762F42C", "LogBucketPolicy900DBE48", "LogBucketCC3B17E8", ], "Properties": { "HealthCheckIntervalSeconds": 15, "HealthCheckPath": "/login", "HealthyThresholdCount": 2, "Matcher": { "HttpCode": "200", }, "Port": 80, "Protocol": "HTTP", "TargetGroupAttributes": [ { "Key": "stickiness.enabled", "Value": "false", }, { "Key": "deregistration_delay.timeout_seconds", "Value": "10", }, ], "TargetType": "ip", "UnhealthyThresholdCount": 4, "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", }, "JenkinsControllerServiceLBSecurityGroup00DC39C4": { "DependsOn": [ "LogBucketAutoDeleteObjectsCustomResource7762F42C", "LogBucketPolicy900DBE48", "LogBucketCC3B17E8", ], "Properties": { "GroupDescription": "Automatically created Security Group for ELB TestStackJenkinsControllerServiceLB86F74D18", "SecurityGroupIngress": [ { "CidrIp": "127.0.0.1/32", "Description": "from 127.0.0.1/32:80", "FromPort": 80, "IpProtocol": "tcp", "ToPort": 80, }, { "CidrIp": { "Fn::GetAtt": [ "Vpc8378EB38", "CidrBlock", ], }, "Description": { "Fn::Join": [ "", [ "from ", { "Fn::GetAtt": [ "Vpc8378EB38", "CidrBlock", ], }, ":80", ], ], }, "FromPort": 80, "IpProtocol": "tcp", "ToPort": 80, }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::SecurityGroup", }, "JenkinsControllerServiceLBSecurityGrouptoTestStackJenkinsControllerServiceSecurityGroupFCB7D6F8808050DEB582": { "DependsOn": [ "LogBucketAutoDeleteObjectsCustomResource7762F42C", "LogBucketPolicy900DBE48", "LogBucketCC3B17E8", ], "Properties": { "Description": "Load balancer to target", "DestinationSecurityGroupId": { "Fn::GetAtt": [ "JenkinsControllerServiceSecurityGroup8CBE094C", "GroupId", ], }, "FromPort": 8080, "GroupId": { "Fn::GetAtt": [ "JenkinsControllerServiceLBSecurityGroup00DC39C4", "GroupId", ], }, "IpProtocol": "tcp", "ToPort": 8080, }, "Type": "AWS::EC2::SecurityGroupEgress", }, "JenkinsControllerServiceSecurityGroup8CBE094C": { "Properties": { "GroupDescription": "TestStack/JenkinsController/Service/Service/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::SecurityGroup", }, "JenkinsControllerServiceSecurityGroupfromTestStackJenkinsControllerServiceLBSecurityGroup69D548DA8080E236CD2D": { "Properties": { "Description": "Load balancer to target", "FromPort": 8080, "GroupId": { "Fn::GetAtt": [ "JenkinsControllerServiceSecurityGroup8CBE094C", "GroupId", ], }, "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "JenkinsControllerServiceLBSecurityGroup00DC39C4", "GroupId", ], }, "ToPort": 8080, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "JenkinsControllerStorage013252B2": { "DeletionPolicy": "Delete", "Properties": { "Encrypted": true, "FileSystemTags": [ { "Key": "Name", "Value": "TestStack/JenkinsController/Storage", }, ], "PerformanceMode": "generalPurpose", }, "Type": "AWS::EFS::FileSystem", "UpdateReplacePolicy": "Delete", }, "JenkinsControllerStorageAccessPointA57FF6EA": { "Properties": { "AccessPointTags": [ { "Key": "Name", "Value": "TestStack/JenkinsController/Storage/AccessPoint", }, ], "FileSystemId": { "Ref": "JenkinsControllerStorage013252B2", }, "PosixUser": { "Gid": "1000", "Uid": "1000", }, "RootDirectory": { "CreationInfo": { "OwnerGid": "1000", "OwnerUid": "1000", "Permissions": "755", }, "Path": "/jenkins-home", }, }, "Type": "AWS::EFS::AccessPoint", }, "JenkinsControllerStorageEfsMountTarget178994935": { "Properties": { "FileSystemId": { "Ref": "JenkinsControllerStorage013252B2", }, "SecurityGroups": [ { "Fn::GetAtt": [ "JenkinsControllerStorageEfsSecurityGroup95BB6200", "GroupId", ], }, ], "SubnetId": { "Ref": "VpcPrivateSubnet1Subnet536B997A", }, }, "Type": "AWS::EFS::MountTarget", }, "JenkinsControllerStorageEfsMountTarget202199416": { "Properties": { "FileSystemId": { "Ref": "JenkinsControllerStorage013252B2", }, "SecurityGroups": [ { "Fn::GetAtt": [ "JenkinsControllerStorageEfsSecurityGroup95BB6200", "GroupId", ], }, ], "SubnetId": { "Ref": "VpcPrivateSubnet2Subnet3788AAA1", }, }, "Type": "AWS::EFS::MountTarget", }, "JenkinsControllerStorageEfsSecurityGroup95BB6200": { "Properties": { "GroupDescription": "TestStack/JenkinsController/Storage/EfsSecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsController/Storage", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::SecurityGroup", }, "JenkinsControllerStorageEfsSecurityGroupfromTestStackJenkinsControllerServiceSecurityGroupFCB7D6F820494A76B663": { "Properties": { "Description": "from TestStackJenkinsControllerServiceSecurityGroupFCB7D6F8:2049", "FromPort": 2049, "GroupId": { "Fn::GetAtt": [ "JenkinsControllerStorageEfsSecurityGroup95BB6200", "GroupId", ], }, "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "JenkinsControllerServiceSecurityGroup8CBE094C", "GroupId", ], }, "ToPort": 2049, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "JenkinsControllerTaskDefinitionA87C7BAA": { "Properties": { "ContainerDefinitions": [ { "Environment": [ { "Name": "UNITY_ACCELERATOR_URL", "Value": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "NamespaceServiceCABDF534", "Name", ], }, ".build:10080", ], ], }, }, { "Name": "UNITY_BUILD_SERVER_URL", "Value": "http://10.0.0.100:8080", }, { "Name": "AWS_REGION", "Value": "us-east-2", }, { "Name": "ARTIFACT_BUCKET_NAME", "Value": { "Ref": "ArtifactBucket7410C9EF", }, }, { "Name": "FLEET_ASG_NAME_LINUX_FLEET", "Value": { "Ref": "JenkinsLinuxAgentFleetASG75788F44", }, }, { "Name": "FLEET_ASG_NAME_LINUX_FLEET_SMALL", "Value": { "Ref": "JenkinsLinuxAgentSmallFleetASG9671C0E4", }, }, { "Name": "FLEET_ASG_NAME_WINDOWS_FLEET", "Value": { "Ref": "JenkinsWindowsAgentFleetASG36E7B304", }, }, { "Name": "ECR_REPOSITORY_URL", "Value": { "Fn::Join": [ "", [ { "Fn::Select": [ 4, { "Fn::Split": [ ":", { "Fn::GetAtt": [ "Repository22E53BBD", "Arn", ], }, ], }, ], }, ".dkr.ecr.", { "Fn::Select": [ 3, { "Fn::Split": [ ":", { "Fn::GetAtt": [ "Repository22E53BBD", "Arn", ], }, ], }, ], }, ".", { "Ref": "AWS::URLSuffix", }, "/", { "Ref": "Repository22E53BBD", }, ], ], }, }, { "Name": "ECR_REGISTRY_URL", "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "AWS::AccountId", }, ".dkr.ecr.us-east-2.amazonaws.com", ], ], }, }, { "Name": "PLUGINS_FORCE_UPGRADE", "Value": "true", }, { "Name": "ECR_ROLE_ARN", "Value": { "Fn::GetAtt": [ "JenkinsControllerTaskDefinitionTaskRoleDFC317F9", "Arn", ], }, }, { "Name": "MAC_HOST_MAC0", "Value": { "Fn::GetAtt": [ "JenkinsMacAgent1Instance609468B3", "PrivateIp", ], }, }, { "Name": "JENKINS_URL", "Value": { "Fn::Join": [ "", [ "http://", { "Fn::GetAtt": [ "JenkinsControllerServiceLB06787F02", "DNSName", ], }, ], ], }, }, ], "Essential": true, "Image": { "Fn::Sub": "\${AWS::AccountId}.dkr.ecr.us-east-2.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-\${AWS::AccountId}-us-east-2:c18fd707fb9a53bc41fab4920d4ea0defec7f8dea60f20f4daa5409a965f9423", }, "LinuxParameters": { "Capabilities": {}, "InitProcessEnabled": true, }, "LogConfiguration": { "LogDriver": "awslogs", "Options": { "awslogs-group": { "Ref": "JenkinsControllerTaskDefinitionmainLogGroup59AA6B46", }, "awslogs-region": "us-east-2", "awslogs-stream-prefix": "jenkins-controller", }, }, "MountPoints": [ { "ContainerPath": "/var/jenkins_home", "ReadOnly": false, "SourceVolume": "shared", }, ], "Name": "main", "PortMappings": [ { "ContainerPort": 8080, "Protocol": "tcp", }, ], "Secrets": [ { "Name": "PRIVATE_KEY", "ValueFrom": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ssm:us-east-2:", { "Ref": "AWS::AccountId", }, ":parameter/ec2/keypair/", { "Fn::GetAtt": [ "KeyPair0151ACB6", "KeyPairId", ], }, ], ], }, }, ], }, ], "Cpu": "1024", "ExecutionRoleArn": { "Fn::GetAtt": [ "JenkinsControllerTaskDefinitionExecutionRoleFA99B987", "Arn", ], }, "Family": "TestStackJenkinsControllerTaskDefinition75150BD3", "Memory": "2048", "NetworkMode": "awsvpc", "RequiresCompatibilities": [ "FARGATE", ], "TaskRoleArn": { "Fn::GetAtt": [ "JenkinsControllerTaskDefinitionTaskRoleDFC317F9", "Arn", ], }, "Volumes": [ { "EFSVolumeConfiguration": { "AuthorizationConfig": { "AccessPointId": { "Ref": "JenkinsControllerStorageAccessPointA57FF6EA", }, "IAM": "ENABLED", }, "FilesystemId": { "Ref": "JenkinsControllerStorage013252B2", }, "TransitEncryption": "ENABLED", }, "Name": "shared", }, ], }, "Type": "AWS::ECS::TaskDefinition", }, "JenkinsControllerTaskDefinitionExecutionRoleDefaultPolicy609E4B04": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ecr:us-east-2:", { "Ref": "AWS::AccountId", }, ":repository/", { "Fn::Sub": "cdk-hnb659fds-container-assets-\${AWS::AccountId}-us-east-2", }, ], ], }, }, { "Action": "ecr:GetAuthorizationToken", "Effect": "Allow", "Resource": "*", }, { "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "JenkinsControllerTaskDefinitionmainLogGroup59AA6B46", "Arn", ], }, }, { "Action": [ "ssm:DescribeParameters", "ssm:GetParameters", "ssm:GetParameter", "ssm:GetParameterHistory", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ssm:us-east-2:", { "Ref": "AWS::AccountId", }, ":parameter/ec2/keypair/", { "Fn::GetAtt": [ "KeyPair0151ACB6", "KeyPairId", ], }, ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "JenkinsControllerTaskDefinitionExecutionRoleDefaultPolicy609E4B04", "Roles": [ { "Ref": "JenkinsControllerTaskDefinitionExecutionRoleFA99B987", }, ], }, "Type": "AWS::IAM::Policy", }, "JenkinsControllerTaskDefinitionExecutionRoleFA99B987": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "JenkinsControllerTaskDefinitionTaskRoleDFC317F9": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com", }, }, { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "JenkinsControllerTaskDefinitionTaskRoleDefaultPolicy96CF6745": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel", ], "Effect": "Allow", "Resource": "*", }, { "Action": "logs:DescribeLogGroups", "Effect": "Allow", "Resource": "*", }, { "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "ec2:DescribeSpotFleetInstances", "ec2:ModifySpotFleetRequest", "ec2:CreateTags", "ec2:DescribeRegions", "ec2:DescribeInstances", "ec2:TerminateInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeSpotFleetRequests", "autoscaling:DescribeAutoScalingGroups", "autoscaling:UpdateAutoScalingGroup", "iam:ListInstanceProfiles", "iam:ListRoles", ], "Effect": "Allow", "Resource": "*", }, { "Action": "iam:PassRole", "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", ], }, }, "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "JenkinsControllerTaskDefinitionTaskRoleDFC317F9", "Arn", ], }, }, { "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "Repository22E53BBD", "Arn", ], }, }, { "Action": "ecr:GetAuthorizationToken", "Effect": "Allow", "Resource": "*", }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, "/*", ], ], }, ], }, { "Action": "sts:AssumeRole", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "JenkinsControllerTaskDefinitionTaskRoleDFC317F9", "Arn", ], }, }, { "Action": [ "elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite", "elasticfilesystem:ClientRootAccess", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "JenkinsControllerStorage013252B2", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "JenkinsControllerTaskDefinitionTaskRoleDefaultPolicy96CF6745", "Roles": [ { "Ref": "JenkinsControllerTaskDefinitionTaskRoleDFC317F9", }, ], }, "Type": "AWS::IAM::Policy", }, "JenkinsControllerTaskDefinitionmainLogGroup59AA6B46": { "DeletionPolicy": "Retain", "Properties": { "RetentionInDays": 180, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "JenkinsLinuxAgentFleetASG75788F44": { "Properties": { "MaxSize": "1", "MinSize": "1", "MixedInstancesPolicy": { "InstancesDistribution": { "OnDemandBaseCapacity": 0, "OnDemandPercentageAboveBaseCapacity": 0, "SpotAllocationStrategy": "price-capacity-optimized", }, "LaunchTemplate": { "LaunchTemplateSpecification": { "LaunchTemplateId": { "Ref": "JenkinsLinuxAgentLaunchTemplate14EE0ADC", }, "Version": { "Fn::GetAtt": [ "JenkinsLinuxAgentLaunchTemplate14EE0ADC", "LatestVersionNumber", ], }, }, "Overrides": [ { "InstanceType": "c5.xlarge", }, { "InstanceType": "c5a.xlarge", }, { "InstanceType": "c5n.xlarge", }, { "InstanceType": "c4.xlarge", }, ], }, }, "VPCZoneIdentifier": [ { "Ref": "VpcPrivateSubnet1Subnet536B997A", }, { "Ref": "VpcPrivateSubnet2Subnet3788AAA1", }, ], }, "Type": "AWS::AutoScaling::AutoScalingGroup", "UpdatePolicy": { "AutoScalingScheduledAction": { "IgnoreUnmodifiedGroupSizeProperties": true, }, }, }, "JenkinsLinuxAgentLaunchTemplate14EE0ADC": { "Properties": { "LaunchTemplateData": { "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "Encrypted": true, "Throughput": 150, "VolumeSize": 30, "VolumeType": "gp3", }, }, ], "IamInstanceProfile": { "Arn": { "Fn::GetAtt": [ "JenkinsLinuxAgentLaunchTemplateProfile56F6A661", "Arn", ], }, }, "ImageId": { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter", }, "KeyName": "TestStack-agent-ssh-key", "SecurityGroupIds": [ { "Fn::GetAtt": [ "JenkinsLinuxAgentSecurityGroup04FA787D", "GroupId", ], }, ], "TagSpecifications": [ { "ResourceType": "instance", "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsLinuxAgent/LaunchTemplate", }, ], }, { "ResourceType": "volume", "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsLinuxAgent/LaunchTemplate", }, ], }, ], "UserData": { "Fn::Base64": "#!/bin/bash yum update -y yum install -y git jq # allow to use /data even if no data volume is configured JENKINS_DIR="/data" mkdir $JENKINS_DIR chmod 777 $JENKINS_DIR # mount a data volume TOKEN=\`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 600"\` AZ=\`curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .availabilityZone\` INSTANCE_ID=\`curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/instance-id\` REGION=\`curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/placement/region\` VOLUME_ID=$(aws ec2 describe-volumes --filters Name=tag:Kind,Values=TestStack-JenkinsLinuxAgent Name=availability-zone,Values=$AZ Name=status,Values=available --query 'Volumes[0].VolumeId' --output text --region $REGION) if [ "$VOLUME_ID" ];then echo "found volume \${VOLUME}" DEVICE_NAME="/dev/xvdf" # There is possibly a race condition between other instances. # We may want to retry attach-volume according to the return code (currently omitted). aws ec2 attach-volume --device $DEVICE_NAME --instance-id $INSTANCE_ID --volume-id $VOLUME_ID --region $REGION # we should do polling for the volume status instead, but it usually finishes in a few seconds... sleep 10 # basically following this doc: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html VNAME=$(readlink $DEVICE_NAME) RES=$(file -s /dev/$VNAME) if [[ "$RES" =~ .*": data" ]]; then # If the volume is not formatted yet mkfs -t xfs $DEVICE_NAME fi mount $DEVICE_NAME $JENKINS_DIR chmod 777 $JENKINS_DIR UUID=$(blkid | grep $VNAME | sed 's/.*UUID="\\(\\S*\\)"\\s.*/\\1/') printf "\\nUUID=\${UUID} \${JENKINS_DIR} xfs defaults,nofail 0 2\\n" >> /etc/fstab fi # install docker yum install -y docker systemctl enable docker systemctl start docker usermod -aG docker ec2-user chmod 777 /var/run/docker.sock # install git lfs # install java after data volume is set up to avoid jenkins agent configured before /data is mounted # Set os/dist explicitly https://github.com/git-lfs/git-lfs/issues/5356 curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.rpm.sh | os=fedora dist=36 bash yum install -y java-17-amazon-corretto-headless git-lfs # install tools for debug yum install -y tmux htop ", }, }, "TagSpecifications": [ { "ResourceType": "launch-template", "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsLinuxAgent/LaunchTemplate", }, ], }, ], }, "Type": "AWS::EC2::LaunchTemplate", }, "JenkinsLinuxAgentLaunchTemplateProfile56F6A661": { "Properties": { "Roles": [ { "Ref": "JenkinsLinuxAgentRoleC583C5E9", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, "JenkinsLinuxAgentRoleC583C5E9": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/AmazonSSMManagedInstanceCore", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "JenkinsLinuxAgentRoleDefaultPolicy836C304C": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, "/*", ], ], }, ], }, { "Action": "ec2:AttachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsLinuxAgentVolumev1004DCF206B", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:DetachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsLinuxAgentVolumev1004DCF206B", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:AttachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsLinuxAgentVolumev10160D220CD", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:DetachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsLinuxAgentVolumev10160D220CD", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:AttachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsLinuxAgentVolumev1108A60EC8D", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:DetachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsLinuxAgentVolumev1108A60EC8D", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:AttachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsLinuxAgentVolumev11166BF26DE", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:DetachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsLinuxAgentVolumev11166BF26DE", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:DescribeVolumes", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "JenkinsLinuxAgentRoleDefaultPolicy836C304C", "Roles": [ { "Ref": "JenkinsLinuxAgentRoleC583C5E9", }, ], }, "Type": "AWS::IAM::Policy", }, "JenkinsLinuxAgentSecurityGroup04FA787D": { "Properties": { "GroupDescription": "TestStack/JenkinsLinuxAgent/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::SecurityGroup", }, "JenkinsLinuxAgentSecurityGroupfromTestStackJenkinsControllerServiceSecurityGroupFCB7D6F8228F42F393": { "Properties": { "Description": "from TestStackJenkinsControllerServiceSecurityGroupFCB7D6F8:22", "FromPort": 22, "GroupId": { "Fn::GetAtt": [ "JenkinsLinuxAgentSecurityGroup04FA787D", "GroupId", ], }, "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "JenkinsControllerServiceSecurityGroup8CBE094C", "GroupId", ], }, "ToPort": 22, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "JenkinsLinuxAgentSmallFleetASG9671C0E4": { "Properties": { "MaxSize": "1", "MinSize": "1", "MixedInstancesPolicy": { "InstancesDistribution": { "OnDemandBaseCapacity": 0, "OnDemandPercentageAboveBaseCapacity": 0, "SpotAllocationStrategy": "price-capacity-optimized", }, "LaunchTemplate": { "LaunchTemplateSpecification": { "LaunchTemplateId": { "Ref": "JenkinsLinuxAgentSmallLaunchTemplateEE7A973D", }, "Version": { "Fn::GetAtt": [ "JenkinsLinuxAgentSmallLaunchTemplateEE7A973D", "LatestVersionNumber", ], }, }, "Overrides": [ { "InstanceType": "t3.medium", }, ], }, }, "VPCZoneIdentifier": [ { "Ref": "VpcPrivateSubnet1Subnet536B997A", }, { "Ref": "VpcPrivateSubnet2Subnet3788AAA1", }, ], }, "Type": "AWS::AutoScaling::AutoScalingGroup", "UpdatePolicy": { "AutoScalingScheduledAction": { "IgnoreUnmodifiedGroupSizeProperties": true, }, }, }, "JenkinsLinuxAgentSmallLaunchTemplateEE7A973D": { "Properties": { "LaunchTemplateData": { "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "Encrypted": true, "Throughput": 150, "VolumeSize": 20, "VolumeType": "gp3", }, }, ], "IamInstanceProfile": { "Arn": { "Fn::GetAtt": [ "JenkinsLinuxAgentSmallLaunchTemplateProfile6D16D303", "Arn", ], }, }, "ImageId": { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter", }, "KeyName": "TestStack-agent-ssh-key", "SecurityGroupIds": [ { "Fn::GetAtt": [ "JenkinsLinuxAgentSmallSecurityGroupA0746C5C", "GroupId", ], }, ], "TagSpecifications": [ { "ResourceType": "instance", "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsLinuxAgentSmall/LaunchTemplate", }, ], }, { "ResourceType": "volume", "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsLinuxAgentSmall/LaunchTemplate", }, ], }, ], "UserData": { "Fn::Base64": "#!/bin/bash yum update -y yum install -y git jq # allow to use /data even if no data volume is configured JENKINS_DIR="/data" mkdir $JENKINS_DIR chmod 777 $JENKINS_DIR # mount a data volume TOKEN=\`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 600"\` AZ=\`curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .availabilityZone\` INSTANCE_ID=\`curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/instance-id\` REGION=\`curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/placement/region\` VOLUME_ID=$(aws ec2 describe-volumes --filters Name=tag:Kind,Values=TestStack-JenkinsLinuxAgentSmall Name=availability-zone,Values=$AZ Name=status,Values=available --query 'Volumes[0].VolumeId' --output text --region $REGION) if [ "$VOLUME_ID" ];then echo "found volume \${VOLUME}" DEVICE_NAME="/dev/xvdf" # There is possibly a race condition between other instances. # We may want to retry attach-volume according to the return code (currently omitted). aws ec2 attach-volume --device $DEVICE_NAME --instance-id $INSTANCE_ID --volume-id $VOLUME_ID --region $REGION # we should do polling for the volume status instead, but it usually finishes in a few seconds... sleep 10 # basically following this doc: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html VNAME=$(readlink $DEVICE_NAME) RES=$(file -s /dev/$VNAME) if [[ "$RES" =~ .*": data" ]]; then # If the volume is not formatted yet mkfs -t xfs $DEVICE_NAME fi mount $DEVICE_NAME $JENKINS_DIR chmod 777 $JENKINS_DIR UUID=$(blkid | grep $VNAME | sed 's/.*UUID="\\(\\S*\\)"\\s.*/\\1/') printf "\\nUUID=\${UUID} \${JENKINS_DIR} xfs defaults,nofail 0 2\\n" >> /etc/fstab fi # install docker yum install -y docker systemctl enable docker systemctl start docker usermod -aG docker ec2-user chmod 777 /var/run/docker.sock # install git lfs # install java after data volume is set up to avoid jenkins agent configured before /data is mounted # Set os/dist explicitly https://github.com/git-lfs/git-lfs/issues/5356 curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.rpm.sh | os=fedora dist=36 bash yum install -y java-17-amazon-corretto-headless git-lfs # install tools for debug yum install -y tmux htop ", }, }, "TagSpecifications": [ { "ResourceType": "launch-template", "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsLinuxAgentSmall/LaunchTemplate", }, ], }, ], }, "Type": "AWS::EC2::LaunchTemplate", }, "JenkinsLinuxAgentSmallLaunchTemplateProfile6D16D303": { "Properties": { "Roles": [ { "Ref": "JenkinsLinuxAgentSmallRoleF5CAF5C8", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, "JenkinsLinuxAgentSmallRoleF5CAF5C8": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/AmazonSSMManagedInstanceCore", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "JenkinsLinuxAgentSmallSecurityGroupA0746C5C": { "Properties": { "GroupDescription": "TestStack/JenkinsLinuxAgentSmall/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::SecurityGroup", }, "JenkinsLinuxAgentSmallSecurityGroupfromTestStackJenkinsControllerServiceSecurityGroupFCB7D6F822535DAB4E": { "Properties": { "Description": "from TestStackJenkinsControllerServiceSecurityGroupFCB7D6F8:22", "FromPort": 22, "GroupId": { "Fn::GetAtt": [ "JenkinsLinuxAgentSmallSecurityGroupA0746C5C", "GroupId", ], }, "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "JenkinsControllerServiceSecurityGroup8CBE094C", "GroupId", ], }, "ToPort": 22, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "JenkinsLinuxAgentVolumev1004DCF206B": { "DeletionPolicy": "Delete", "Properties": { "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "", }, ], }, "Encrypted": true, "Iops": 3000, "MultiAttachEnabled": false, "Size": 100, "Tags": [ { "Key": "Kind", "Value": "TestStack-JenkinsLinuxAgent", }, { "Key": "Name", "Value": "TestStack-JenkinsLinuxAgent-0-0", }, ], "Throughput": 200, "VolumeType": "gp3", }, "Type": "AWS::EC2::Volume", "UpdateReplacePolicy": "Delete", }, "JenkinsLinuxAgentVolumev10160D220CD": { "DeletionPolicy": "Delete", "Properties": { "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "", }, ], }, "Encrypted": true, "Iops": 3000, "MultiAttachEnabled": false, "Size": 100, "Tags": [ { "Key": "Kind", "Value": "TestStack-JenkinsLinuxAgent", }, { "Key": "Name", "Value": "TestStack-JenkinsLinuxAgent-0-1", }, ], "Throughput": 200, "VolumeType": "gp3", }, "Type": "AWS::EC2::Volume", "UpdateReplacePolicy": "Delete", }, "JenkinsLinuxAgentVolumev1108A60EC8D": { "DeletionPolicy": "Delete", "Properties": { "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "", }, ], }, "Encrypted": true, "Iops": 3000, "MultiAttachEnabled": false, "Size": 100, "Tags": [ { "Key": "Kind", "Value": "TestStack-JenkinsLinuxAgent", }, { "Key": "Name", "Value": "TestStack-JenkinsLinuxAgent-1-0", }, ], "Throughput": 200, "VolumeType": "gp3", }, "Type": "AWS::EC2::Volume", "UpdateReplacePolicy": "Delete", }, "JenkinsLinuxAgentVolumev11166BF26DE": { "DeletionPolicy": "Delete", "Properties": { "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "", }, ], }, "Encrypted": true, "Iops": 3000, "MultiAttachEnabled": false, "Size": 100, "Tags": [ { "Key": "Kind", "Value": "TestStack-JenkinsLinuxAgent", }, { "Key": "Name", "Value": "TestStack-JenkinsLinuxAgent-1-1", }, ], "Throughput": 200, "VolumeType": "gp3", }, "Type": "AWS::EC2::Volume", "UpdateReplacePolicy": "Delete", }, "JenkinsMacAgent1DedicatedHostA0E9B9BB": { "DeletionPolicy": "Retain", "Properties": { "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "", }, ], }, "InstanceType": "mac1.metal", }, "Type": "AWS::EC2::Host", "UpdateReplacePolicy": "Retain", }, "JenkinsMacAgent1Instance609468B3": { "DependsOn": [ "JenkinsMacAgent1InstanceInstanceRoleDefaultPolicy7D35E4C4", "JenkinsMacAgent1InstanceInstanceRole37F9A48B", ], "Properties": { "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "", }, ], }, "BlockDeviceMappings": [ { "DeviceName": "/dev/sda1", "Ebs": { "Encrypted": true, "VolumeSize": 200, "VolumeType": "gp3", }, }, ], "HostId": { "Fn::GetAtt": [ "JenkinsMacAgent1DedicatedHostA0E9B9BB", "HostId", ], }, "IamInstanceProfile": { "Ref": "JenkinsMacAgent1InstanceInstanceProfileD673B46F", }, "ImageId": "ami-013846afc111c94b0", "InstanceType": "mac1.metal", "KeyName": "TestStack-agent-ssh-key", "SecurityGroupIds": [ { "Fn::GetAtt": [ "JenkinsMacAgent1InstanceInstanceSecurityGroupFD9F49AE", "GroupId", ], }, ], "SubnetId": { "Ref": "VpcPrivateSubnet2Subnet3788AAA1", }, "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsMacAgent1/Instance", }, ], "Tenancy": "host", "UserData": { "Fn::Base64": "#!/bin/zsh #install openjdk@17 su ec2-user -c '/usr/local/bin/brew install openjdk@17 jq' ln -sfn /usr/local/opt/openjdk@17/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk-17.jdk java -version # resize disk to match the ebs volume # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-mac-instances.html#mac-instance-increase-volume PDISK=$(diskutil list physical external | head -n1 | cut -d" " -f1) APFSCONT=$(diskutil list physical external | grep "Apple_APFS" | tr -s " " | cut -d" " -f8) yes | diskutil repairDisk $PDISK diskutil apfs resizeContainer $APFSCONT 0 # Start the ARD Agent # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-mac-instances.html#connect-to-mac-instance /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -restart -agent -privs -all ", }, }, "Type": "AWS::EC2::Instance", }, "JenkinsMacAgent1InstanceInstanceProfileD673B46F": { "Properties": { "Roles": [ { "Ref": "JenkinsMacAgent1InstanceInstanceRole37F9A48B", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, "JenkinsMacAgent1InstanceInstanceRole37F9A48B": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/AmazonSSMManagedInstanceCore", ], ], }, ], "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsMacAgent1/Instance", }, ], }, "Type": "AWS::IAM::Role", }, "JenkinsMacAgent1InstanceInstanceRoleDefaultPolicy7D35E4C4": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "JenkinsMacAgent1InstanceInstanceRoleDefaultPolicy7D35E4C4", "Roles": [ { "Ref": "JenkinsMacAgent1InstanceInstanceRole37F9A48B", }, ], }, "Type": "AWS::IAM::Policy", }, "JenkinsMacAgent1InstanceInstanceSecurityGroupFD9F49AE": { "Properties": { "GroupDescription": "TestStack/JenkinsMacAgent1/Instance/InstanceSecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsMacAgent1/Instance", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::SecurityGroup", }, "JenkinsMacAgent1InstanceInstanceSecurityGroupfromTestStackJenkinsControllerServiceSecurityGroupFCB7D6F822A4CEA2EA": { "Properties": { "Description": "from TestStackJenkinsControllerServiceSecurityGroupFCB7D6F8:22", "FromPort": 22, "GroupId": { "Fn::GetAtt": [ "JenkinsMacAgent1InstanceInstanceSecurityGroupFD9F49AE", "GroupId", ], }, "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "JenkinsControllerServiceSecurityGroup8CBE094C", "GroupId", ], }, "ToPort": 22, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "JenkinsWindowsAgentFleetASG36E7B304": { "Properties": { "MaxSize": "1", "MinSize": "1", "MixedInstancesPolicy": { "InstancesDistribution": { "OnDemandBaseCapacity": 0, "OnDemandPercentageAboveBaseCapacity": 0, "SpotAllocationStrategy": "price-capacity-optimized", }, "LaunchTemplate": { "LaunchTemplateSpecification": { "LaunchTemplateId": { "Ref": "JenkinsWindowsAgentLaunchTemplate067AB1A1", }, "Version": { "Fn::GetAtt": [ "JenkinsWindowsAgentLaunchTemplate067AB1A1", "LatestVersionNumber", ], }, }, "Overrides": [ { "InstanceType": "m6a.xlarge", }, { "InstanceType": "m5a.xlarge", }, { "InstanceType": "m5n.xlarge", }, { "InstanceType": "m5.xlarge", }, ], }, }, "VPCZoneIdentifier": [ { "Ref": "VpcPrivateSubnet1Subnet536B997A", }, { "Ref": "VpcPrivateSubnet2Subnet3788AAA1", }, ], }, "Type": "AWS::AutoScaling::AutoScalingGroup", "UpdatePolicy": { "AutoScalingScheduledAction": { "IgnoreUnmodifiedGroupSizeProperties": true, }, }, }, "JenkinsWindowsAgentLaunchTemplate067AB1A1": { "Properties": { "LaunchTemplateData": { "BlockDeviceMappings": [ { "DeviceName": "/dev/sda1", "Ebs": { "Encrypted": true, "Throughput": 150, "VolumeSize": 50, "VolumeType": "gp3", }, }, ], "IamInstanceProfile": { "Arn": { "Fn::GetAtt": [ "JenkinsWindowsAgentLaunchTemplateProfile92B75BA8", "Arn", ], }, }, "ImageId": { "Ref": "SsmParameterValueawsserviceamiwindowslatestWindowsServer2022EnglishFullContainersLatestC96584B6F00A464EAD1953AFF4B05118Parameter", }, "KeyName": "TestStack-agent-ssh-key", "SecurityGroupIds": [ { "Fn::GetAtt": [ "JenkinsWindowsAgentSecurityGroup0420B640", "GroupId", ], }, ], "TagSpecifications": [ { "ResourceType": "instance", "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsWindowsAgent/LaunchTemplate", }, ], }, { "ResourceType": "volume", "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsWindowsAgent/LaunchTemplate", }, ], }, ], "UserData": { "Fn::Base64": "version: 1.1 tasks: - task: executeScript inputs: - frequency: once type: powershell runAs: admin content: |- $instanceMetadata = Get-EC2InstanceMetadata -Category @("AvailabilityZone", "InstanceId", "Region") $AZ = $instanceMetadata[0] $INSTANCE_ID = $instanceMetadata[1] $REGION = $instanceMetadata[2].SystemName $VOLUME_ID = Get-EC2Volume -Filter @(@{Name="tag:Kind"; Values="TestStack-JenkinsWindowsAgent"}, @{Name="availability-zone"; Values=$AZ}, @{Name="status"; Values="available"}) -Region $REGION -Select "Volumes.VolumeId" | Select-Object -First 1 if ($VOLUME_ID) { $JENKINS_DRIVE = "D" Write-Output "found volume \${VOLUME_ID}" $DEVICE_NAME = "/dev/xvdf" # There is possibly a race condition between other instances. # We may want to retry attach-volume according to the return code (currently omitted). Add-EC2Volume -Device $DEVICE_NAME -InstanceId $INSTANCE_ID -VolumeId $VOLUME_ID -Region $REGION # we should do polling for the volume status instead, but it usually finishes in a few seconds... Start-Sleep 10 # basically following this doc: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-windows-volumes.html $serialNumber = $VOLUME_ID.Replace("vol-","vol") $disk = Get-Disk | Where-Object {$_.SerialNumber -CLike "$serialNumber*"} # basically following this doc: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-using-volumes.html if ($disk.PartitionStyle -eq "RAW") { Write-Output "initialize raw disk" $disk | Initialize-Disk -PartitionStyle MBR } # Get partition information from the volume $partitions = $disk | Get-Partition if (-not $partitions) { # If no partitions present, create a new partition and format it. Write-Output "create partition" $disk | New-Partition -DriveLetter $JENKINS_DRIVE -UseMaximumSize | Format-Volume -FileSystem NTFS -NewFileSystemLabel "Data" } else { if ($disk.IsOffline) { # If the disk was offline for unknown reason, change it online and reload partition information. Write-Output "Disk is offline, change to online." $disk | Set-Disk -IsOffline $false Start-Sleep 5 $disk = Get-Disk | Where-Object {$_.SerialNumber -CLike "$serialNumber*"} $partitions = $disk | Get-Partition } if ($disk.IsReadOnly) { # If the disk was read only for unknown reason, change it writable. Write-Output "Disk is read only, change to writable." $disk | Set-Disk -IsReadOnly $false } # Find drive for Jenkins $jenkinsPartition = $partitions | Where-Object {$_.DriveLetter -eq $JENKINS_DRIVE} if ($jenkinsPartition) { Write-Output "drive $JENKINS_DRIVE already mounted" } else { Write-Output "change drive letter of first partition to $JENKINS_DRIVE" $partitions | Select-Object -First 1 | Set-Partition -NewDriveLetter $JENKINS_DRIVE } } } # Install chocolatey package manager: https://chocolatey.org/install Set-ExecutionPolicy Bypass -Scope Process -Force [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) # Install git and git-lfs choco install git -y --no-progress choco install git-lfs -y --no-progress # Install java choco install corretto17jdk --install-args INSTALLDIR="C:\\Java" -y --no-progress # Install Unity Hub choco install unity-hub -y --no-progress # Install Unity Editor $unityVersion = '2021.3.26f1' $unityVersionChangeset = 'a16dc32e0ff2' & "$env:ProgramFiles\\Unity Hub\\Unity Hub.exe" -- --no-sandbox --headless install --version $unityVersion --changeset $unityVersionChangeset | Out-String -Stream # Install iOS / Android Build Support & "$env:ProgramFiles\\Unity Hub\\Unity Hub.exe" -- --no-sandbox --headless install-modules --version $unityVersion --module ios android --childModules | Out-String -Stream - task: enableOpenSsh ", }, }, "TagSpecifications": [ { "ResourceType": "launch-template", "Tags": [ { "Key": "Name", "Value": "TestStack/JenkinsWindowsAgent/LaunchTemplate", }, ], }, ], }, "Type": "AWS::EC2::LaunchTemplate", }, "JenkinsWindowsAgentLaunchTemplateProfile92B75BA8": { "Properties": { "Roles": [ { "Ref": "JenkinsWindowsAgentRole976AA548", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, "JenkinsWindowsAgentRole976AA548": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/AmazonSSMManagedInstanceCore", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "JenkinsWindowsAgentRoleDefaultPolicyDBFF2EE3": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "ArtifactBucket7410C9EF", "Arn", ], }, "/*", ], ], }, ], }, { "Action": "ec2:AttachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsWindowsAgentVolumev100306AD8C2", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:DetachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsWindowsAgentVolumev100306AD8C2", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:AttachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsWindowsAgentVolumev10169FCBE04", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:DetachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsWindowsAgentVolumev10169FCBE04", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:AttachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsWindowsAgentVolumev11077A8DA6F", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:DetachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsWindowsAgentVolumev11077A8DA6F", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:AttachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsWindowsAgentVolumev1113BA2ED6E", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:DetachVolume", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":volume/", { "Ref": "JenkinsWindowsAgentVolumev1113BA2ED6E", }, ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":ec2:us-east-2:", { "Ref": "AWS::AccountId", }, ":instance/*", ], ], }, ], }, { "Action": "ec2:DescribeVolumes", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "JenkinsWindowsAgentRoleDefaultPolicyDBFF2EE3", "Roles": [ { "Ref": "JenkinsWindowsAgentRole976AA548", }, ], }, "Type": "AWS::IAM::Policy", }, "JenkinsWindowsAgentSecurityGroup0420B640": { "Properties": { "GroupDescription": "TestStack/JenkinsWindowsAgent/SecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::SecurityGroup", }, "JenkinsWindowsAgentSecurityGroupfromTestStackJenkinsControllerServiceSecurityGroupFCB7D6F8225D3EAF22": { "Properties": { "Description": "from TestStackJenkinsControllerServiceSecurityGroupFCB7D6F8:22", "FromPort": 22, "GroupId": { "Fn::GetAtt": [ "JenkinsWindowsAgentSecurityGroup0420B640", "GroupId", ], }, "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "JenkinsControllerServiceSecurityGroup8CBE094C", "GroupId", ], }, "ToPort": 22, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "JenkinsWindowsAgentVolumev100306AD8C2": { "DeletionPolicy": "Delete", "Properties": { "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "", }, ], }, "Encrypted": true, "Iops": 3000, "MultiAttachEnabled": false, "Size": 100, "Tags": [ { "Key": "Kind", "Value": "TestStack-JenkinsWindowsAgent", }, { "Key": "Name", "Value": "TestStack-JenkinsWindowsAgent-0-0", }, ], "Throughput": 200, "VolumeType": "gp3", }, "Type": "AWS::EC2::Volume", "UpdateReplacePolicy": "Delete", }, "JenkinsWindowsAgentVolumev10169FCBE04": { "DeletionPolicy": "Delete", "Properties": { "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "", }, ], }, "Encrypted": true, "Iops": 3000, "MultiAttachEnabled": false, "Size": 100, "Tags": [ { "Key": "Kind", "Value": "TestStack-JenkinsWindowsAgent", }, { "Key": "Name", "Value": "TestStack-JenkinsWindowsAgent-0-1", }, ], "Throughput": 200, "VolumeType": "gp3", }, "Type": "AWS::EC2::Volume", "UpdateReplacePolicy": "Delete", }, "JenkinsWindowsAgentVolumev11077A8DA6F": { "DeletionPolicy": "Delete", "Properties": { "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "", }, ], }, "Encrypted": true, "Iops": 3000, "MultiAttachEnabled": false, "Size": 100, "Tags": [ { "Key": "Kind", "Value": "TestStack-JenkinsWindowsAgent", }, { "Key": "Name", "Value": "TestStack-JenkinsWindowsAgent-1-0", }, ], "Throughput": 200, "VolumeType": "gp3", }, "Type": "AWS::EC2::Volume", "UpdateReplacePolicy": "Delete", }, "JenkinsWindowsAgentVolumev1113BA2ED6E": { "DeletionPolicy": "Delete", "Properties": { "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "", }, ], }, "Encrypted": true, "Iops": 3000, "MultiAttachEnabled": false, "Size": 100, "Tags": [ { "Key": "Kind", "Value": "TestStack-JenkinsWindowsAgent", }, { "Key": "Name", "Value": "TestStack-JenkinsWindowsAgent-1-1", }, ], "Throughput": 200, "VolumeType": "gp3", }, "Type": "AWS::EC2::Volume", "UpdateReplacePolicy": "Delete", }, "KeyPair0151ACB6": { "Properties": { "KeyName": "TestStack-agent-ssh-key", }, "Type": "AWS::EC2::KeyPair", }, "LogBucketAutoDeleteObjectsCustomResource7762F42C": { "DeletionPolicy": "Delete", "DependsOn": [ "LogBucketPolicy900DBE48", ], "Properties": { "BucketName": { "Ref": "LogBucketCC3B17E8", }, "ServiceToken": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", "Arn", ], }, }, "Type": "Custom::S3AutoDeleteObjects", "UpdateReplacePolicy": "Delete", }, "LogBucketCC3B17E8": { "DeletionPolicy": "Delete", "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "OwnershipControls": { "Rules": [ { "ObjectOwnership": "ObjectWriter", }, ], }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "Tags": [ { "Key": "aws-cdk:auto-delete-objects", "Value": "true", }, ], }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Delete", }, "LogBucketPolicy900DBE48": { "Properties": { "Bucket": { "Ref": "LogBucketCC3B17E8", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "LogBucketCC3B17E8", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "LogBucketCC3B17E8", "Arn", ], }, "/*", ], ], }, ], }, { "Action": [ "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn", ], }, }, "Resource": [ { "Fn::GetAtt": [ "LogBucketCC3B17E8", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "LogBucketCC3B17E8", "Arn", ], }, "/*", ], ], }, ], }, { "Action": "s3:PutObject", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::033677994240:root", ], ], }, }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "LogBucketCC3B17E8", "Arn", ], }, "/jenkinsAlbAccessLog/AWSLogs/", { "Ref": "AWS::AccountId", }, "/*", ], ], }, }, { "Action": "s3:PutObject", "Condition": { "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control", }, }, "Effect": "Allow", "Principal": { "Service": "delivery.logs.amazonaws.com", }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "LogBucketCC3B17E8", "Arn", ], }, "/jenkinsAlbAccessLog/AWSLogs/", { "Ref": "AWS::AccountId", }, "/*", ], ], }, }, { "Action": "s3:GetBucketAcl", "Effect": "Allow", "Principal": { "Service": "delivery.logs.amazonaws.com", }, "Resource": { "Fn::GetAtt": [ "LogBucketCC3B17E8", "Arn", ], }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "Namespace9B63B8C8": { "Properties": { "Name": "build", "Vpc": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::ServiceDiscovery::PrivateDnsNamespace", }, "NamespaceServiceCABDF534": { "Properties": { "DnsConfig": { "DnsRecords": [ { "TTL": 60, "Type": "A", }, ], "NamespaceId": { "Fn::GetAtt": [ "Namespace9B63B8C8", "Id", ], }, "RoutingPolicy": "MULTIVALUE", }, "Name": "accelerator", "NamespaceId": { "Fn::GetAtt": [ "Namespace9B63B8C8", "Id", ], }, }, "Type": "AWS::ServiceDiscovery::Service", }, "NamespaceServiceInstanceB7EA89DA": { "Properties": { "InstanceAttributes": { "AWS_INSTANCE_IPV4": { "Fn::GetAtt": [ "UnityAccelerator945220AA", "PrivateIp", ], }, "AWS_INSTANCE_PORT": "80", }, "InstanceId": "TestStackNamespaceServiceInstance3F6349C3", "ServiceId": { "Fn::GetAtt": [ "NamespaceServiceCABDF534", "Id", ], }, }, "Type": "AWS::ServiceDiscovery::Instance", }, "Repository22E53BBD": { "DeletionPolicy": "Delete", "Properties": { "ImageScanningConfiguration": { "ScanOnPush": true, }, }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Delete", }, "UnityAccelerator945220AA": { "DependsOn": [ "UnityAcceleratorInstanceRoleCB5BC0EE", ], "Properties": { "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "", }, ], }, "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "Encrypted": true, "VolumeSize": 300, "VolumeType": "gp3", }, }, ], "IamInstanceProfile": { "Ref": "UnityAcceleratorInstanceProfile73C75DCC", }, "ImageId": { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter", }, "InstanceType": "t3.large", "SecurityGroupIds": [ { "Fn::GetAtt": [ "UnityAcceleratorInstanceSecurityGroup3E6ABE00", "GroupId", ], }, ], "SubnetId": { "Ref": "VpcPrivateSubnet1Subnet536B997A", }, "Tags": [ { "Key": "Name", "Value": "TestStack/UnityAccelerator/Default", }, ], "UserData": { "Fn::Base64": "#cloud-config cloud_config_modules: - [runcmd, always] cloud_final_modules: - [scripts-user, always] runcmd: - | #!/bin/bash echo Initializing... $(date) yum update -y yum install -y git docker systemctl enable docker systemctl start docker usermod -aG docker ec2-user chmod 777 /var/run/docker.sock docker rm -f accelerator docker run --name accelerator -p 80:80 -p 10080:10080 --env PASSWORD=passw0rd --env USER=admin -v "/home/ec2-user/agent:/agent" -d --restart unless-stopped unitytechnologies/accelerator:latest yum install -y tmux htop ", }, }, "Type": "AWS::EC2::Instance", }, "UnityAcceleratorInstanceProfile73C75DCC": { "Properties": { "Roles": [ { "Ref": "UnityAcceleratorInstanceRoleCB5BC0EE", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, "UnityAcceleratorInstanceRoleCB5BC0EE": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/AmazonSSMManagedInstanceCore", ], ], }, ], "Tags": [ { "Key": "Name", "Value": "TestStack/UnityAccelerator/Default", }, ], }, "Type": "AWS::IAM::Role", }, "UnityAcceleratorInstanceSecurityGroup3E6ABE00": { "Properties": { "GroupDescription": "TestStack/UnityAccelerator/Default/InstanceSecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "SecurityGroupIngress": [ { "CidrIp": { "Fn::GetAtt": [ "Vpc8378EB38", "CidrBlock", ], }, "Description": { "Fn::Join": [ "", [ "from ", { "Fn::GetAtt": [ "Vpc8378EB38", "CidrBlock", ], }, ":10080", ], ], }, "FromPort": 10080, "IpProtocol": "tcp", "ToPort": 10080, }, ], "Tags": [ { "Key": "Name", "Value": "TestStack/UnityAccelerator/Default", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::SecurityGroup", }, "Vpc8378EB38": { "Properties": { "CidrBlock": "10.0.0.0/16", "EnableDnsHostnames": true, "EnableDnsSupport": true, "InstanceTenancy": "default", "Tags": [ { "Key": "Name", "Value": "TestStack/Vpc", }, ], }, "Type": "AWS::EC2::VPC", }, "VpcIGWD7BA715C": { "Properties": { "Tags": [ { "Key": "Name", "Value": "TestStack/Vpc", }, ], }, "Type": "AWS::EC2::InternetGateway", }, "VpcPrivateSubnet1DefaultRouteBE02A9ED": { "Properties": { "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VpcPublicSubnet1NATGateway4D7517AA", }, "RouteTableId": { "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", }, }, "Type": "AWS::EC2::Route", }, "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { "Properties": { "RouteTableId": { "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", }, "SubnetId": { "Ref": "VpcPrivateSubnet1Subnet536B997A", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "VpcPrivateSubnet1RouteTableB2C5B500": { "Properties": { "Tags": [ { "Key": "Name", "Value": "TestStack/Vpc/PrivateSubnet1", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::RouteTable", }, "VpcPrivateSubnet1Subnet536B997A": { "Properties": { "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Private", }, { "Key": "aws-cdk:subnet-type", "Value": "Private", }, { "Key": "Name", "Value": "TestStack/Vpc/PrivateSubnet1", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::Subnet", }, "VpcPrivateSubnet2DefaultRoute060D2087": { "Properties": { "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VpcPublicSubnet1NATGateway4D7517AA", }, "RouteTableId": { "Ref": "VpcPrivateSubnet2RouteTableA678073B", }, }, "Type": "AWS::EC2::Route", }, "VpcPrivateSubnet2RouteTableA678073B": { "Properties": { "Tags": [ { "Key": "Name", "Value": "TestStack/Vpc/PrivateSubnet2", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::RouteTable", }, "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { "Properties": { "RouteTableId": { "Ref": "VpcPrivateSubnet2RouteTableA678073B", }, "SubnetId": { "Ref": "VpcPrivateSubnet2Subnet3788AAA1", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "VpcPrivateSubnet2Subnet3788AAA1": { "Properties": { "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Private", }, { "Key": "aws-cdk:subnet-type", "Value": "Private", }, { "Key": "Name", "Value": "TestStack/Vpc/PrivateSubnet2", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::Subnet", }, "VpcPublicSubnet1DefaultRoute3DA9E72A": { "DependsOn": [ "VpcVPCGWBF912B6E", ], "Properties": { "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VpcIGWD7BA715C", }, "RouteTableId": { "Ref": "VpcPublicSubnet1RouteTable6C95E38E", }, }, "Type": "AWS::EC2::Route", }, "VpcPublicSubnet1EIPD7E02669": { "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": "TestStack/Vpc/PublicSubnet1", }, ], }, "Type": "AWS::EC2::EIP", }, "VpcPublicSubnet1NATGateway4D7517AA": { "DependsOn": [ "VpcPublicSubnet1DefaultRoute3DA9E72A", "VpcPublicSubnet1RouteTableAssociation97140677", ], "Properties": { "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId", ], }, "SubnetId": { "Ref": "VpcPublicSubnet1Subnet5C2D37C4", }, "Tags": [ { "Key": "Name", "Value": "TestStack/Vpc/PublicSubnet1", }, ], }, "Type": "AWS::EC2::NatGateway", }, "VpcPublicSubnet1RouteTable6C95E38E": { "Properties": { "Tags": [ { "Key": "Name", "Value": "TestStack/Vpc/PublicSubnet1", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::RouteTable", }, "VpcPublicSubnet1RouteTableAssociation97140677": { "Properties": { "RouteTableId": { "Ref": "VpcPublicSubnet1RouteTable6C95E38E", }, "SubnetId": { "Ref": "VpcPublicSubnet1Subnet5C2D37C4", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "VpcPublicSubnet1Subnet5C2D37C4": { "Properties": { "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Public", }, { "Key": "aws-cdk:subnet-type", "Value": "Public", }, { "Key": "Name", "Value": "TestStack/Vpc/PublicSubnet1", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::Subnet", }, "VpcPublicSubnet2DefaultRoute97F91067": { "DependsOn": [ "VpcVPCGWBF912B6E", ], "Properties": { "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VpcIGWD7BA715C", }, "RouteTableId": { "Ref": "VpcPublicSubnet2RouteTable94F7E489", }, }, "Type": "AWS::EC2::Route", }, "VpcPublicSubnet2RouteTable94F7E489": { "Properties": { "Tags": [ { "Key": "Name", "Value": "TestStack/Vpc/PublicSubnet2", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::RouteTable", }, "VpcPublicSubnet2RouteTableAssociationDD5762D8": { "Properties": { "RouteTableId": { "Ref": "VpcPublicSubnet2RouteTable94F7E489", }, "SubnetId": { "Ref": "VpcPublicSubnet2Subnet691E08A3", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "VpcPublicSubnet2Subnet691E08A3": { "Properties": { "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Public", }, { "Key": "aws-cdk:subnet-type", "Value": "Public", }, { "Key": "Name", "Value": "TestStack/Vpc/PublicSubnet2", }, ], "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::Subnet", }, "VpcVPCGWBF912B6E": { "Properties": { "InternetGatewayId": { "Ref": "VpcIGWD7BA715C", }, "VpcId": { "Ref": "Vpc8378EB38", }, }, "Type": "AWS::EC2::VPCGatewayAttachment", }, }, "Rules": { "CheckBootstrapVersion": { "Assertions": [ { "Assert": { "Fn::Not": [ { "Fn::Contains": [ [ "1", "2", "3", "4", "5", ], { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `;