Skip to content

Assignment 01

Section Submission Due Date Grading Due Date
Boston 06/05/2025 @ 3 PM ET 06/12/2025 @ 3 PM EDT

Getting Help

Info

Ask all your questions in Teams channel.

Learning Objectives

The objective of this assignment is learn how to setup our own CI/CD infrastructure using skills learned in CSYE 6225 and continue to leverage cloud services and infrastructure as and when needed.

AWS Organization Setup

  1. Enable support for organizations in your AWS account. This is your root account.
  2. Create a dev member account. You will use this account for assignment development. You can use an alias for your personal Gmail email address. For e.g., if your email address is j.doe@gmail.com, you can create an alias such as j.doe+dev@gmail.com.
  3. Create a prod member account. You will use this account to demo assignments for grading. You can use an alias for your personal Gmail email address. For e.g., if your email address is j.doe@gmail.com, you can create an alias such as j.doe+prod@gmail.com.

Install and Configure AWS Command Line Interface

  1. Install and configure AWS Command Line Interface (CLI) on your development machine (laptop). See Install the AWS Command Line Interface on Linux for detailed instructions.
  2. Create dev profile for your dev AWS account and prod profile for your production AWS account. The default profile should not be set up.
  3. Both dev and prod aws cli profiles should be set to use us-east-1 region.

Create & Setup GitHub Organization

  1. Subscribe to GitHub Teams Plan.
  2. Create a new GitHub organization. Your organization name should be cyse7125-su25-teamNN.
  3. Invite me to your GitHub Organization as a collaborator. My email and GitHub ID can be found in the syllabus.

Jenkins Setup

Create IAM User for GitHub Actions (Root AWS Account Only)

Tip

This one-time setup can be done through the AWS console.

  1. Create a new user ghactions with programmatic access only.

Create & Setup GitHub Repository for Jenkins AMI

  1. Create a new private GitHub repository for AMI in the GitHub organization you created.
  2. GitHub repository name must be ami-jenkins.
  3. Update README.md in your repository with instructions for using packer.
  4. Fork the GitHub repository in your namespace. You will do all development work on your fork.
  5. All code for Jenkins AMI should be in this repository.
  6. Add appropriate .gitignore to your repository. A collection of useful .gitignore templates can be found here.

Building Jenkins AMI using Packer

  1. Use Ubuntu 24.04 LTS as your source image to create a custom AMI using packer.
  2. All AMI you build should be private. Only your team can deploy EC2 instances from it.
  3. All AMI builds should happen in your ROOT AWS account.
  4. AMI builds should be set up to run in your default VPC.
  5. The AMI should include everything needed to run Jenkins including plugins except for the configuration.
  6. Use Caddy or Nginx as reverse proxy for Jenkins instance and set them up to get SSL certificate from Let's Encrypt on startup.

Implement CI/CD for Building Jenkins AMI with GitHub Actions

Any changes pushed to your Jenkins AMI GitHub repository should trigger a build with a new private AMI being registered with your ROOT AWS.

Domain Name & Route53

The following setup should be done in your root AWS account.

  1. Setup hosted zone in Route53 for your domain name.
  2. Create a new subdomain jenkins.yourdomain.tld with TTL of 60 seconds.

Enable GitHub Status Checks for AMIs

  1. Enable GitHub status checks on the GitHub repository in your organization.
  2. Run packer validate on all pull requests.

Add branch protection rule for the main branch

Create & Setup GitHub Repository for Jenkins Infrastructure

  1. Create a new private GitHub repository for AMI in the GitHub organization you created.
  2. GitHub repository name must be infra-jenkins.
  3. Update README.md in your repository with instructions for standing up and tearing down your infrastructure.
  4. Fork the GitHub repository in your namespace. You will do all development work on your fork.
  5. All Terraform code for Jenkins infrastructure should be in this repository.
  6. Add appropriate .gitignore to your repository. A collection of useful .gitignore templates can be found here.

Enable GitHub Status Checks for Terraform Infrastructure Code for Jenkins

Create a GitHub Actions workflow to run pr-check that will validate the terraform code before being allowed to merge.

Assign Elastic IP for Jenkins Instance & Add DNS Record

Note

This one-time setup can be done through the AWS console.

  1. Allocate an Elastic IP address for the Jenkins instance in your ROOT AWS account and tag it appropriately using the AWS console.
  2. Add DNS A record jenkins.yourdomain.tld with value of the elastic IP allocated for Jenkins instance.

Infrastructure as Code w/Terraform for AWS Infrastructure & Jenkins Setup

Note

  1. All tools such as certbot, Nginx, caddy, etc. must be installed in your AMI. Credentials in Jenkins can be configured manually.
  2. It is highly recommend testing against Let's Encrypt staging environment before using the production environment. This will allow you to get things right before issuing trusted certificates and reduce the chance of your running up against rate limits.

The following setup should be done in your root AWS account. Terraform should do the following:

  1. Setup and teardown networking components such as VPC, subnets, route table, internet gateway, security groups, etc. Do not set up Jenkins in the default VPC.
  2. Launch and terminate the EC2 instance with the AMI you have built to run Jenkins.
  3. Attach the elastic IP address allocated for Jenkins to this EC2 instance.
  4. Nginx (with certbot) or Caddy should be set up and running on your EC2 instance to get an SSL certificate from Let's Encrypt and reverse proxy for Jenkins. You may want to use nginx to proxy requests to Jenkins. See this article for Nginx, Jenkins, and Let's Encrypt setup.
  5. When terminating the EC2 instance you must do the following:
  6. Terminate Jenkins EC2 instances.
  7. Disassociate the elastic IP address but do not release the elastic IP address.

Assignment Submission

Submissions are considered on-time if they meet the following criteria:

  1. All code changes for the assignment are committed to the GitHub repositories on or before the due date.
  2. Code from all repositories (even if a repo was modified for an assignment) must be uploaded to Canvas by the due date using the process outlined below.
  3. The zip file uploaded to Canvas contains full (deep) clones of git repositories i.e. do not copy/paste source code into the folder. You must use the git clone command to clone the repositories in the folder you are going to zip and submit for the assignment. Uploads that are not clone of git repositories will not be considered valid submission.
  4. Pay attention to the due date in Canvas. For example, an assignment that is due at 9:00 PM will be considered late by canvas if you upload at 9:00 PM; for it to be considered on-time, you must upload the assignment by 8:59 PM.

Preparing for Assignment Submission

Submit your code from all the repositories in this assignment. Read the instructions carefully to create your zip file.

  1. Create a folder with the naming convention cyse7125-su25-teamNN_## where NN is the group number and ## is the assignment number.
  2. In the cyse7125-su25-teamNN_## directory, clone all your GitHub (organization) repositories with the git clone command even if the repository was not modified in the assignment. It is important that you clone the repository so that your commit history and branches are preserved.
  3. Create a create a zip of the cyse7125-su25-teamNN_## directory. The zip file should be cyse7125-su25-teamNN_##.zip.
  4. Now unzip the zip file in some other directory and confirm the content of the zip files.
  5. Upload the Zip to the correct assignment in Canvas.
  6. You are allowed to resubmit 3 times. If you think there may be an issue with the ZIP file, feel free to submit it again. Only the latest submission will be graded.

Common Grading Rubrics

Git

  1. All commits to GitHub repositories must be made via pull request. No changes can be made by pushing commits directly to the main branch. The exception to this is the first commit made to the repository to initialize it, which can be done directly from the UI.
  2. All pull requests must have status checks and enforced. Merging pull requests that did not pass status checks may result in penalties.

Security

  1. Committing any kind of credentials to the code or uploading them as part of your Canvas submission may result in a penalty.
  2. Service providers may automatically disable your keys or suspend your account if they detect keys being committed in your GitHub repositories even if the repositories are private. This can have severe implications on your assignment grade and your ability to work on assignments in the course. This is not grounds for assignment extensions and late penalties will apply as documented in the syllabus.

Software Engineering Best Practices

  1. Values for variables should not be hardcoded in the code. It’s OK to have default values set for variables but if the value cannot be modified during the demo or when asked by TA or instructor, you may be penalized for it.
  2. Follow industry standards and use a style guide for your code. You can find them with simple web searches.

Code Stability, Error Handling, & Edge Cases

  1. The application should not crash between various API calls. Application, VM, or other resources should not require restart during demo unless the grading guidelines require it for demonstration of specific feature / functionality.
  2. The server cannot respond with 500 Internal Server Error. This usually highlights areas of code that do not have proper error handling.