Jenkins in separate account for Reference Architecture
If I have an existing Jenkins server running in an AWS account outside of the 6 I used to deploy my Reference Architecture, should I redeploy it into the Shared account? What is the level of effort to keep my existing Jenkins server and have it successfully run `infrastructure-live` CI jobs? And is there an existing Jenkinsfile I can reference? --- <ins datetime="2022-06-02T18:11:21Z"> <p><a href="https://support.gruntwork.io/hc/requests/108707">Tracked in ticket #108707</a></p> </ins>
You can keep the Jenkins server where it is. The main integration point for auto deploy is handled by the ECS Deploy Runner (explained [here](https://docs.gruntwork.io/guides/build-it-yourself/pipelines/)). Access to invoke the deploy runner is managed by the `allow-auto-deploy-from-other-accounts` IAM Role. So as long as Jenkins can assume that IAM Role in the target account, then it doesn't really matter where it is. There are two ways to accomplish this: - You can create a machine IAM User with auto deploy access to all the sub accounts, and have Jenkins login as that IAM User using traditional AWS Access Key Credentials. - You update the auto deploy IAM Roles in each account to trust the existing account so that the Jenkins IAM Role can assume the auto deploy roles in each sub account.