The diagram below describes a CI platform architecture within a VPC.
CI Architecture with VPC

  • AWS Ruby SDK – AWS supports multiple software development kits including .NET, Python, PHP and Java. We’re using the Ruby SDK to perform some conditional behavior and then launch CloudFormation stacks.
  • CloudFormation – JSON-based language for provisioning most AWS resources.
  • OpsWorks – An application management and deployment service. OpsWorks provides a consistent event model and stack model for putting together AWS resources as a unit.
  • Bastion host – A bastion is an instance used to gain access to the rest of a network. In the reference implementation, we’re using a bastion to gain access to resources contained within the VPC – in this case the instance running Jenkins. We lock this machine down to port 22 and can optionally limit CIDR resources to specific networks or even IP addresses.
  • VPC – The Virtual Private Cloud (VPC) is a isolated network of AWS resources. Essentially, it’s a VPN from traditional computing and contains the same types of constructs as well including public and private subnets, route tables, network ACLs, etc.
  • Private Subnet – A private subnet has no resources with public IP addresses.
  • Public Subnet – A public subnet contains resources with publicly addressable IP addresses
  • Internet Gateway – Connect specific AWS resources to the Internet through an IGW
  • NAT Host – A network address translation host is an instance or instances responsible for translating public IP addresses to private addressees so that hosts within a private subnet are only accessed through the public subnet rather than be directly accessible over the Internet.
  • CI Instance (Jenkins Server) – Jenkins is a Continuous Integration server. We’re using Jenkins to create a complete deployment production line (or pipeline) to create a continuous flow system in which each commit becomes a release candidate if it passes all the checks and there’s a business decision to release the software.