Terraform: Provisioning an EC2 Instance with Jenkins, Running a SonarQube Container & Trivy

Mihir Modi
3 min readJan 19, 2024

--

Jenkins, Docker, Sonar Qube, Trivy Installation in 5 minutes

As technology is emerging, we also have to install smart ways, and with a single command, we try to complete our work. For that, Terraform provides infrastructure as code. You just have to write a few lines of code and run as many times as you want. You can reuse it as many times as you want.

Prerequisites:

— Terraform is installed on your machine.
— Configure AWS cloud with your IDE.

You have to make the below four files in your folder.

provider.tf

terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}

# Configure the AWS Provider
provider "aws" {
region = "us-east-1"
}

main.tf

resource "aws_instance" "jenkins_instance" {
ami = "ami-0c7217cdde317cfec"
instance_type = "t2.micro"
key_name = "publickeypair"
vpc_security_group_ids = [aws_security_group.instance_sg.id]
user_data = templatefile("./jenkins.sh", {})

tags = {
Name = "Jenkins-Docker"
}
}

resource "aws_instance" "sonarqube_instance" {
ami = "ami-0c7217cdde317cfec"
instance_type = "t2.large"
key_name = "publickeypair"
vpc_security_group_ids = [aws_security_group.instance_sg.id]
user_data = templatefile("./sonarqube.sh", {})

tags = {
Name = "sonarqube_instance"
}
}

resource "aws_security_group" "instance_sg" {
name = "allow_tls"
description = "Allow TLS inbound traffic"

ingress = [
for port in [22, 80, 8080, 9000, 443] : {
description = "inbound rules"
from_port = port # Corrected attribute name
to_port = port
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
}
]

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

tags = {
Name = "allow_tls"
}
}

jenkins.sh

#!/bin/bash

sudo apt update -y
sudo apt install fontconfig openjdk-17-jre -y

sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update -y
sudo apt-get install jenkins -y

sudo systemctl daemon-reload
sudo systemctl start jenkins
sudo systemctl status jenkins

#install trivy
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y

sonarqube.sh

#!/bin/bash

sudo apt update -y
sudo apt install fontconfig openjdk-17-jre -y

sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update -y
sudo apt-get install jenkins -y

sudo systemctl daemon-reload
sudo systemctl start jenkins
sudo systemctl status jenkins

#install trivy
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y

You just have to paste the above script and run with terraform commands.

terraform init
terraform fmt
terraform validate
terraform plan
terraform apply

Within 2 to 4 minutes everything installed in machine.

Open with Jenkins → Ip address:8080
Open with sonarqube → Ip address:9000

Terraform.sh

sudo apt-get update && sudo apt-get install -y gnupg software-properties-common
wget -O- https://apt.releases.hashicorp.com/gpg | \
gpg --dearmor | \
sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
gpg --no-default-keyring \
--keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
--fingerprint
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \
sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update
sudo apt-get install terraform

Thank You…
If you like, please clap, and you can check my LinkedIn.
LinkedIn

--

--

Mihir Modi

Publish DevOps tools related blog, #Docker, #Terraform, #Jenkins #BigData and many more.