Question 95415 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

How do you securely route github webhooks into a privately hosted jenkins on AWS? – Amazon web services

I have a jenkins host in a private subnet that i’ve configured to only be accessible via a VPN. I have a github enterprise cloud account and I would like github to be able to send webhooks to this private instance in order to kick off jenkins pipelines.

I think API Gateway would solve this issue, though I personally don’t have any experience with API gateway and maybe that is overkill

Has anyone encountered this issue before?

I tried with webhookrelay and it works. I need some solution that I can solve using AWS services like using lambda and api gateway or reverse proxy

Tags:

2

Answers


  1. 0

    Try this one https://github.com/devops-workflow/aws-lambda-jenkins-proxy is in similar way using circle, you can change it desirable repo and using api gateway +vpc link to reach private resource.

    Other way to do that is using http api gw => vpc link => alb => jenkins TCP8080, but you need to secure that external api using cloudfront or waf.

    Login or Signup to reply.
  2. 0

    I was going to use the suggestion of Joanale but ended up with a solution that used a Lambda to pass on the request to the Jenkins server. Similar solution.

    Something like this:

    def handler(event, context):
    try:
        event["headers"]["host"] = urlparse(JENKINS_URL).netloc
        logger.info(f"Received event: {json.dumps(event, indent=2)}")
        requests.post(JENKINS_GITHUB_WEBHOOK_URL, data=event["body"], headers=event["headers"])
        return build_response(200, 'Successful')
    except Exception as e:
        logger.error(e)
        return build_response(500, 'Failed')


def build_response(status_code, message):
    return {
        "statusCode": status_code,
        "body": message,
        "headers": {
            "Content-Type": "application/json",
            "Access-Control-Allow-Origin": "*",
        },
    }
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search