CloudBees CICloudBees Value Stream ManagementCloudBees CDCloudBees Build AccelerationCloudBees Feature FlagsCloudBees Jenkins DistributionCloudBees SDMCloudBees Jenkins PlatformCloudBees Jenkins EnterpriseCloudBees LexiconRelease notesCloudBees Build Acceleration resourcesCloudBees Feature Flags APIs
Introduction
What’s new
Installation on Amazon Web Service (AWS) guide
Introduction
Getting started
Navigating
New User Experience
Continuous Delivery as a Service
Shared configurations
Managing
Operating
Managing agents
External HTTP endpoints
Cross Team Collaboration
Building on CloudBees Jenkins Enterprise
Upgrading CloudBees Jenkins Enterprise
Troubleshooting
Cluster Environment: Amazon Web Services
Changing domain name and enabling SSL
Using wiki markup languages in descriptions
Appendix: AWS Running in an internal-only VPC
Appendix: Configuration reference
Appendix: Destroying and recreating a cluster
Generating a support bundle
Configuring support and training access using SSO
Backup and restore
Jenkins CLI tool
About Plugins
Plugin management
About Pipelines
Administering Pipeline
Defining Pipeline
Understanding and implementing Pipeline as Code
Using Pipeline development tools
Determining plugin compatibility
Configuring Pipelines with user-scoped credentials
Using Pipeline Policies
Specifying a matrix of one or more dimensions
Converting a Freestyle project to a Declarative Pipeline
Pipeline best practices
Creating Pipelines
Triggering jobs with a simple webhook
Pipeline templates
Automating with Jenkinsfile
Pipeline syntax reference
Multibranch Pipeline Template syntax
Introduction
CyberArk Credential Provider Plugin
Restricting access and delegating administration with Role-Based Access Control
Folders Plus plugin
Managing build agents with Nodes Plus plugin
Understanding Beekeeper security warnings
CloudBees Jenkins JVM troubleshooting
Performance decision tree for troubleshooting
Miscellaneous references
Amazon Web Services CLI Plugin
Microsoft Azure CLI Plugin
Cloud Foundry CLI Plugin
OpenShift CLI Plugin
CLI reference
Configuration reference
Elasticsearch
Infrastructure security
CloudBees ServiceNow Integration
Support policies

Appendix: AWS Running in an internal-only VPC

CloudBees will no longer be supporting CloudBees Jenkins Enterprise 1.x after July 30, 2020. This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation for CloudBees CI. For information on moving to CloudBees CI, please refer to Migrating from CloudBees Jenkins Enterprise 1.x to CloudBees CI on modern cloud platforms which has been created to help you with the migration process. Existing customers can also contact their CSM to help ensure a smooth transition.

CloudBees Jenkins Enterprise installs by default by setting up public resources, such as ELBs or public IPs.

But it can be installed in an internal-only VPC if required.

Prerequisites

  • You need to have an existing VPC (or to set one up) and a subnet with outbound connectivity.

  • The workstation used for CloudBees Jenkins Enterprise installation need to have access to the VPC private network.

Reference architecture

This is the reference architecture we have been using to test this feature. Instances of the CloudBees Jenkins Enterprise cluster are created using vpc-1 and subnet-1. The CloudBees Jenkins Enterprise workstation was connected using VPN to another VPC peered to vpc-1 through a VPC peering (pcx-1). An alternative would have been to create the CloudBees Jenkins Enterprise workstation directly in the VPC, on the public subnet (subnet-2).

Table 1. AWS resources
Resource Type Elements Attributes

VPC

vpc-1

CIDR: 172.18.128.0/17

Subnet

subnet-1 (private)

CIDR: 172.18.128.0/24

Auto-assign Public IP: no

Route Table: rt-1

subnet-2 (public)

CIDR: 172.18.130.0/24

Auto-assign Public IP: yes

Route Table: rt-2

Route table

rt-1 (private)

172.18.128.0/17 → local

0.0.0.0/0 → nat-1

172.18.64.0/18 → pcx-1

rt-2 (public)

172.18.128.0/17 → local

0.0.0.0/0 → igw-1

172.18.64.0/18 → pcx-1

VPC Peering

pcx-1

Peered VPC CIDR: 172.18.64.0/18

NAT Gateway

nat-1

Attached to public subnet

Internet Gateway

igw-1

Installation

In the cluster-init.config, you will need to provide:

  • vpc_id : ID of the existing VPC

  • vpc_subnet_id : ID of the existing subnet

  • additional_security_group_id : ID of an existing security group ID that will be added to all instances and elb of the cluster.

  • internal : must be set to yes

Using wiki markup languages in descriptions
Appendix: Configuration reference