• You have IAM access to an AWS account, with privileges to deploy and manage resources
  • This account is isolated from any customer work
  • Your organisation has experience in architecture of solutions on AWS, including VPCs, security groups, bastions, and subnets
  • A basic solution architecture for securely running public and private resources in AWS is documented and available to you
  • You have some familiarity with the concepts above, and an expert to ask if necessary


  1. Consult your Cloud Architect and pick an existing VPC in which to deploy Jenkins. We recommend one that already has a bastion set up.
    1. Note down the security group the bastion belongs to
  2. Create a security group from the EC2 dashboard in the AWS Management Console.
    1. Make sure that the security group is in the VPC you will be using.
    2. Give the security group a “Name” tag with something descriptive in it.
    3. Add an in bound rule for type SSH and source the bastion security group (start typing the bastion’s security group name into the source, the console will auto-complete).
    4. Add a second inbound rule with type custom TCP, port 8080, and the bastion security group.
  3. “Launch Instance” to start up an EC2 (Amazon Linux AMI. Any size will do, I used t2.micro).  We recommend a “private-apps” subnet in your VPC.  In which case you’ll need to:
    1. Start the NAT that marshalls traffic in your VPC
    2. Edit the NAT security group to allow TCP 465 (SMTPS) inbound for all your private-apps subnets (use CIDR notation), and outbound to Anywhere on the same port.
  4. Start the Bastion
  5. Connect to the bastion. You can get an RDP connection by clicking Actions->Connect on the EC2-console when the bastion is selected.
  6. SSH from the bastion to the EC2. Get the EC2’s IP address from the console. Make sure that you have the appropriate PEM/PPK file on the bastion and that it is configured for the SSH session. This step will rely on your knowledge of how security is implemented in this VPC. Once connected, run the following commands:
    1. sudo bash
      1. yum update
      2. wget -O /etc/yum.repos.d/jenkins.repo
      3. rpm --import
      4. yum install jenkins
      5. yum install git
      6. service jenkins start
      7. chkconfig jenkins on
  7. On the bastion, point a browser to http://<IP>:8080 where <IP> is the private IP of your Jenkins EC2
    1. Click Manage Jenkins
      1. Click Setup Security
        1. Click Enable Security
        2. Select Jenkins’ own user database
        3. Select Allow users to sign up
        4. Select Logged-in users can do anything
        5. Save
        1. Click Create an account
          1. Fill in Account details to create the account Jenkins will use
        1. Click Manage Security then Configure Global Security
          1. Un-check Allow users to sign up (to lock out changes)
          2. Save
      1. Click Manage Plugins
        1. Click Available
        2. Filter by “Git Plugin”
        3. Choose “Git Plugin”
        4. Click install without restart
        5. Wait a minute then check “Restart Jenkins when installation…”
        6. Wait a minute, then click Jenkins in the top left
      1. Log in with the account created above
      2. Click Manage Jenkins, then Configure System
      3. Scroll down to “Ant” section
        1. Click “Add Ant”
        2. Give Ant a version number that matches the default version (ie. ANT_1_9_5)
        3. Make sure that “install automatically” is checked (it should default correctly)
      4. Scroll down to “E-mail Notification” section
        1. Enter

          into SMTP Server

        2. Enter

          into Default user e-mail suffix

        3. Click Advanced
        4. Check Use SMTP Authentication
        5. Enter your gmail username
        6. Generate an app-specific password in gmail and enter it here
        7. Check Use SSL
        8. Enter

          into Port

        9. Enter

          into reply to address

        10. Check Test configuration by sending test e-mail
        11. Enter your email into Test e-mail recipient
        12. Click test configuration (if this fails, double-check your NAT security group settings)
      5. Click Save

Where now?

Why not learn how to configure a Jenkins job?


Used as a references: