stelligent · allinwonder · Jul 10, 2017 · Jul 10, 2017
diff --git a/docs/development.md b/docs/development.md
@@ -33,10 +33,11 @@ $ rake jenkins:create
 
 You can include a parameter to specify your VPN CIDR block for a more secure NACL/Security Group configuration:
 
-Limits inbound/outbound traffic to the VPC, Github and your CIDR block.
+Limits inbound/outbound traffic to the VPC, Github and your CIDR block. You can use your own github repo foked from this one. 
+You can change the source reop from `pipeline/jobs/jobdsl.groovy` file to create new set of rules
 ```bash
 $ bundle install
-$ rake jenkins:create['192.0.0.0/24']
+$ rake jenkins:create['192.0.0.0/24','git-repo-url']
 ```
 
 ## Updating CloudFormation Templates

diff --git a/pipeline/tasks/jenkins.rake b/pipeline/tasks/jenkins.rake
@@ -10,11 +10,13 @@ region = 'us-east-1' if ENV['AWS_REGION'].nil?
 namespace :jenkins do
   desc 'Create a Workshop VPC + Jenkins'
   # task :create, [:vpc_id, :subnet_id, :world_cidr] do |_, opts|
-  task :create, [:world_cidr] do |_, opts|
+  task :create, [:world_cidr, :gitrepo_url] do |_, opts|
     opts[:world_cidr] = '0.0.0.0/0'
 
     world_cidr = opts[:world_cidr]
+    gitrepo_url = opts[:gitrepo_url]
     world_cidr = '0.0.0.0/0' if world_cidr.nil?
+    gitrepo_url = '[email protected]:stelligent/aws-devsecops-workshop.git' if gitrepo_url.nil?
 
     # Compile the template
     cfn_template_path = 'provisioning/cloudformation/templates/workshop-jenkins'
@@ -32,6 +34,10 @@ namespace :jenkins do
           {
             parameter_key: 'WorldCIDR',
             parameter_value: world_cidr
+          },
+          {
+            parameter_key: 'GitRepoUrl',
+            parameter_value: gitrepo_url
           }
         ]
       )

diff --git a/provisioning/cloudformation/templates/workshop-jenkins.json b/provisioning/cloudformation/templates/workshop-jenkins.json
@@ -16,6 +16,11 @@
       "Type": "String",
       "Description": "The CIDR block to allow HTTP access to Jenkins with.",
       "Default": "192.30.252.0/22"
+    },
+    "GitRepoUrl": {
+      "Type": "String",
+      "Description": "Your Customized Github Repo aws-devsecops-workshop. Default: [email protected]:stelligent/aws-devsecops-workshop.git",
+      "Default": "[email protected]:stelligent/aws-devsecops-workshop.git"
     }
   },
   "Resources": {
@@ -157,14 +162,6 @@
               "Ref": "WorldCIDR"
             }
           },
-          {
-            "IpProtocol": "tcp",
-            "FromPort": "443",
-            "ToPort": "443",
-            "CidrIp": {
-              "Ref": "GithubCIDR"
-            }
-          },
           {
             "IpProtocol": "tcp",
             "FromPort": "80",
@@ -339,6 +336,16 @@
                   "Ref": "ConfigRulesUser"
                 },
                 "\"\n",
+                "export git_repo_url=\"",
+                {
+                  "Ref": "GitRepoUrl"
+                },
+                "\"\n",
+                "# Install SSM\n",
+                "mkdir -p /tmp/ssm; cd /tmp/;\n",
+                "wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb\n",
+                "sudo dpkg -i amazon-ssm-agent.deb\n",
+                "sudo start amazon-ssm-agent\n",
                 "#!/bin/bash --login\n",
                 "set -ex\n",
                 "\n",
@@ -425,6 +432,7 @@
                 "sed -i.bak \"s#STACK_NAME_TOKEN#${stack_name}#g\" /var/lib/jenkins/config.xml\n",
                 "sed -i.bak \"s#REGION_TOKEN#${region}#g\" /var/lib/jenkins/config.xml\n",
                 "sed -i.bak \"s#0.0.0.0/0#${world_cidr}#g\" /var/lib/jenkins/config.xml\n",
+                "sed -i.bak \"s#[email protected]:stelligent/aws-devsecops-workshop.git#${git_repo_url}#g\" /var/lib/jenkins/jobs/seed-aws-devsecops-workshop/config.xml\n",
                 "\n",
                 "# Restart Jenkins\n",
                 "service jenkins restart\n",
@@ -467,6 +475,7 @@
           ]
         },
         "Path": "/",
+        "ManagedPolicyArns": ["arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"],
         "Policies": [
           {
             "PolicyName": "aws-devsecops-jenkins-role",
@@ -477,6 +486,11 @@
                   "Action": "cloudformation:*",
                   "Resource": "*"
                 },
+                {
+                  "Effect": "Allow",
+                  "Action": "ssm:*",
+                  "Resource": "*"
+                },
                 {
                   "Effect": "Allow",
                   "Action": "ec2:*",