Open in app

Sign in

Write

Sign in

Terraform: Provisioning an EC2 Instance with Jenkins, Running a SonarQube Container & Trivy

Mihir Modi
3 min readJan 19, 2024

--

Jenkins, Docker, Sonar Qube, Trivy Installation in 5 minutes

As technology is emerging, we also have to install smart ways, and with a single command, we try to complete our work. For that, Terraform provides infrastructure as code. You just have to write a few lines of code and run as many times as you want. You can reuse it as many times as you want.

Prerequisites:

— Terraform is installed on your machine.
— Configure AWS cloud with your IDE.

You have to make the below four files in your folder.

provider.tf

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = "us-east-1"
}

main.tf

resource "aws_instance" "jenkins_instance" {
  ami                    = "ami-0c7217cdde317cfec"
  instance_type          = "t2.micro"
  key_name               = "publickeypair"
  vpc_security_group_ids = [aws_security_group.instance_sg.id]
  user_data              = templatefile("./jenkins.sh", {})

  tags = {
    Name = "Jenkins-Docker"
  }
}

resource "aws_instance" "sonarqube_instance" {
  ami                    = "ami-0c7217cdde317cfec"
  instance_type          = "t2.large"
  key_name               = "publickeypair"
  vpc_security_group_ids = [aws_security_group.instance_sg.id]
  user_data              = templatefile("./sonarqube.sh", {})

  tags = {
    Name = "sonarqube_instance"
  }
}

resource "aws_security_group" "instance_sg" {
  name        = "allow_tls"
  description = "Allow TLS inbound traffic"

  ingress = [
    for port in [22, 80, 8080, 9000, 443] : {
      description      = "inbound rules"
      from_port        = port # Corrected attribute name
      to_port          = port
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]
      ipv6_cidr_blocks = []
      prefix_list_ids  = []
      security_groups  = []
      self             = false
    }
  ]

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "allow_tls"
  }
}

jenkins.sh

#!/bin/bash

sudo apt update -y
sudo apt install fontconfig openjdk-17-jre -y

sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
  https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update -y
sudo apt-get install jenkins -y

sudo systemctl daemon-reload
sudo systemctl start jenkins
sudo systemctl status jenkins

#install trivy
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y

sonarqube.sh

#!/bin/bash

sudo apt update -y
sudo apt install fontconfig openjdk-17-jre -y

sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
  https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update -y
sudo apt-get install jenkins -y

sudo systemctl daemon-reload
sudo systemctl start jenkins
sudo systemctl status jenkins

#install trivy
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y

You just have to paste the above script and run with terraform commands.

terraform init
terraform fmt
terraform validate
terraform plan
terraform apply

Within 2 to 4 minutes everything installed in machine.

Open with Jenkins → Ip address:8080
Open with sonarqube → Ip address:9000

Terraform.sh

sudo apt-get update && sudo apt-get install -y gnupg software-properties-common
wget -O- https://apt.releases.hashicorp.com/gpg | \
gpg --dearmor | \
sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
gpg --no-default-keyring \
--keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
--fingerprint
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \
sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update
sudo apt-get install terraform

Thank You…
If you like, please clap, and you can check my LinkedIn.
LinkedIn

DevOps
Technology
Programming
AWS
Sonarqube

--

--

Mihir Modi

Written by Mihir Modi

39 Followers

Publish DevOps tools related blog, #Docker, #Terraform, #Jenkins #BigData and many more.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams