Hello!
I'm looking to use AWS ECS to run Jenkins agents for Linux-based ROM builds. On GitHub, I have a selection of Dockerfiles that push to GHCR (and possibly ECR soon), which run the Jenkins agent on start-up. The agents would clone the correct revision of the ROM manifest, build, and upload it to S3. There are also some BSPs that I was going to store in EFS.
The idea I had, rather than renting dedicated servers, was to use ECS (Fargate?) with a private subnet for the Jenkins agents, and a public subnet for the Jenkins controller. I did find this repository on GitHub, but it's out of date, and I couldn't get it working.
Whilst I did succeed in getting an initial prototype of the setup working with a third-party CloudFormation template, I found the NAT Gateways was a cost factor that was undesirable. I came across this AMI which seemed to suit my needs. Whilst the containers agent would be started by Jenkins, I didn't want them to be accessible from the internet - however, they should be able to access the internet.
I have spoken with a couple of DevOps friends of mine, who said the ECS idea was overkill and to use a Hetzner/EC2 VM, but I'm not so keen on spinning up VMs, just to run a container. I would prefer to keep it lightweight with ECS and containers.
The general aim is for a scalable setup. I can't say for sure if builds will run every month, which is why I felt running the NAT Gateway continuously was an unwanted cost. The AMI mentioned above might solve that issue.
I appreciate this post is probably something I should ask a specialist. but I thought there was no harm in asking. i could use AWS CodeBuild, but using Jenkins allows the community project to not be locked into a specific vendor, and move hosting if necessary.
Am I going for the right approach here? I can write Terraform, but I have to admit, a little lost with all the tooling - CDK, CloudFormation, Terraform, etc!
Thank you :)
AWS OFFICIALAktualisiert vor 9 Monaten