Jenkins Controller on AWS (EC2)

aws-jenkins — Jenkins Controller on AWS

A single-node Jenkins controller on EC2 with secure defaults baked in. The instance runs Amazon Linux 2023 and installs Jenkins (stable) + Amazon Corretto 17 via cloud-init. IMDSv2 is enforced (http_tokens = required), the root EBS volume is always encrypted (gp3 by default), and the module ships an SSM-agent-ready, least-privilege instance profile (just AmazonSSMManagedInstanceCore) so you get Session Manager shell access with no SSH keys and no inbound SSH at all. The security group exposes the Jenkins UI and SSH only to the CIDR blocks you list in allowed_cidrs — there is no open-to-the-world default.

Self-contained for quick trials: leave subnet_id unset and the module discovers a subnet in the account's default VPC and derives the matching VPC for the security group.

Works with Terraform and OpenTofu (>= 1.6), AWS provider >= 6.0, < 7.0.

What it provisions

• aws_instance — the Jenkins controller (IMDSv2-only, encrypted gp3 root, EBS-optimized).
• aws_security_group + standalone ingress/egress rules — UI (jenkins_port) and SSH (22) from allowed_cidrs; all egress for package/plugin installs.
• aws_iam_role + aws_iam_instance_profile — SSM-ready, least privilege.

Requirements

• Terraform or OpenTofu >= 1.6
• hashicorp/aws >= 6.0, < 7.0

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.

License

Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).