Skip to content

Configuration of a Jenkins master with slaves on-demand (AWS EC2 version)


Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



60 Commits

Repository files navigation

(WIP) Terraform template to create a Jenkins master with slaves on-demand

License: MIT

Configuration of a Jenkins master with slaves on-demand (AWS EC2 only for now).

Infrastructure diagram




  • Custom Virtual Private Cloud (VPC)

Jenkins master

  • Public subnet
  • Internet gateway
  • NAT gateway
  • Security group to allow access the Jenkins UI
  • Security group to allow access to EFS storage from Jenkins master

Jenkins slaves

  • Private subnet
  • Security groups to allow only access from the Jenkins master


Jenkins Master

  • AWS EC2 instance (t3.large by default)
  • AWS AMI (Amazon Linux 2)
  • SSH key pair
  • NGINX reverse-proxy configuration

Jenkins Slaves

  • AWS EC2 instance template (different instance sizes)
  • AWS AMI (Amazon Linux 2 minimal)
  • SSH key pair


  • EBS root volume for all instances
  • AWS Elastic File System (EFS) for the Jenkins master configuration and data

How to install

Clone this Git repository

git clone

Now, go to the tf-vm/aws folder (the only type and provider for the moment)

cd terraform-jenkins-slaves-on-demand/tf-vm/aws

You can change some of the variables in the See the configuration section

Start by install the dependencies

terraform init

Run terraform plan to see which resources will be created and save the generated execution plan

terraform plan --out=jenkins.tfplan

Apply the Terraform plan

terraform apply jenkins.tfplan


This variables can be changed under the file.

Variable Default value Description
aws_region us-east-1 AWS Region
env dev Name of the environment
vpc_cidr VPC CIDR
public_subnet Public subnet
private_subnet Private subnet
instance_type t3.large Instance type
ebs_optimized true EBS optimized
path_public_key Path to the SSH public key for Jenkins master


Name Description
jenkins_master_public_ip Jenkins master public IP
jenkins_master_public_dns Jenkins master public DNS


  • Terraform backend with S3 + lock
  • Add EC2 health check URL for the Jenkins master
  • Encrypt the AMI with the new AWS API
  • Encrypt EFS in transit (SSL)
  • Mount the EFS volume when ready (can take up to 25 min to be provisionned)
  • Configure Jenkins with the necessary plugins
  • Create a separate Jenkins master IAM role to create the slaves on-demand
  • Create the Jenkins slaves AMI
  • Let's Encrypt SSL certificate for the Jenkins master
  • Use an existing VPC ID
  • Use an existing EFS ID
  • Install and configure Prometheus Node Exporter for monitoring
  • Install and configure Logstash and export logs to an Elasticsearch instance


Configuration of a Jenkins master with slaves on-demand (AWS EC2 version)








No releases published


No packages published