main.yml

AWSTemplateFormatVersion: '2010-09-09'
Parameters:
  KeyPairName:
    Type: String
    Description: Name of the Key Pair to create
    Default: MyKeyPair
Resources:
  MyKeyPair:
    Type: AWS::EC2::KeyPair
    Properties:
      KeyName: !Ref KeyPairName

  EC2InstanceRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: EC2-FullAccess-Role
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: ec2.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: EC2FullAccessPolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action: ec2:*
                Resource: '*'

  EC2InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      InstanceProfileName: EC2-FullAccess-InstanceProfile
      Roles:
        - !Ref EC2InstanceRole

  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true

  InternetGateway:
    Type: AWS::EC2::InternetGateway

  InternetGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref VPC

  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [ 0, !GetAZs '' ]
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: true

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC

  DefaultPublicRoute:
    Type: AWS::EC2::Route
    DependsOn: InternetGatewayAttachment
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnet

  JenkinsSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access
      VpcId: !Ref VPC 
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0
          FromPort: 22
          ToPort: 22
          IpProtocol: tcp
        - CidrIp: 0.0.0.0/0
          FromPort: 8080
          ToPort: 8080
          IpProtocol: tcp

  JenkinsEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.xlarge
      KeyName: !Ref MyKeyPair
      Tags:
        - Key: Name
          Value: MasterHost
      SubnetId: !Ref PublicSubnet
      SecurityGroupIds:
        - !GetAtt "JenkinsSecurityGroup.GroupId"
      ImageId: ami-053b0d53c279acc90
      BlockDeviceMappings:
        - DeviceName: /dev/sda1  # Root volume device name
          Ebs:
            VolumeSize: 16  # Size in GB
            VolumeType: gp2  # General Purpose SSD
      IamInstanceProfile: !Ref EC2InstanceProfile
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash
          # Update package index and install required packages
          sudo apt update -y
          sudo apt install -y python3-pip

          # Install Ansible via pip3
          sudo pip3 install ansible

          # Install Jenkins
          sudo apt install openjdk-11-jdk -y

          curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null

          echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]  https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list > /dev/null

          sudo apt update -y

          sudo apt install jenkins -y

          sudo systemctl start jenkins

          # Install libssl1.1 for MongoMemoryServer package
          
          ## To handle dependency installations
          sudo apt-get install gdebi-core -y

          ## Download libssl1.1
          sudo wget http://ftp.us.debian.org/debian/pool/main/o/openssl/libssl1.1_1.1.1n-0+deb11u4_amd64.deb

          ## Install libssl1.1
          sudo gdebi --non-interactive libssl1.1_1.1.1n-0+deb11u4_amd64.deb

          # Install boto via pip3
          sudo pip3 install boto3

          # Download and install AWS CLI v2 using curl, unzip, and sudo
          sudo apt install unzip
          curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
          unzip awscliv2.zip
          sudo ./aws/install

          # Install Docker
          sudo apt-get remove docker docker-engine docker.io
          sudo apt-get update
          sudo apt install docker.io -y
          sudo systemctl start docker
          sudo systemctl enable docker

          # Add ubuntu and jenkins to docker group
          sudo usermod -a -G docker ubuntu
          sudo usermod -a -G docker jenkins

          sudo cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak
          sudo sed -i 's/^ExecStart=.*/ExecStart=\/usr\/bin\/dockerd -H tcp:\/\/127.0.0.1:2375 -H unix:\/\/\/var\/run\/docker.sock/g' /lib/systemd/system/docker.service
          sudo systemctl daemon-reload
          sudo systemctl restart docker
          sudo systemctl restart jenkins


Outputs:
  JenkinsPublicIp:
    Description: Jenkins EC2 Instance Public Ip
    Value: !GetAtt JenkinsEC2Instance.PublicIp