Allow BitBucket Webhooks Access to Jenkins on an AWS EC2 instance behind a Private VPC

Let’s say you want to let BitBucket notify Jenkins to do a build every time a PR is created or a branch is updated. You can leverage the BitBucket webhooks to do this. If so you will want to allow traffic from the BitBucket CIDR addresses here:

If you are using AWS CloudFormation to manage your infrastructure, then you may have noticed that unfortunately there is not a more simple way to define AWS::EC2::SecurityGroupIngress. You cannot supply an array, nor can you readily loop through inputs to the template. Therefore, you have to brute-force copy and paste it over and over with unique names for the variables and Security Groups. Here is a sample CloudFormation template in JSON that you can use:

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "BitBucket Webhooks to Jenkins: https://support.atlassian.com/organization-administration/docs/ip-addresses-and-domains-for-atlassian-cloud-products/#AtlassiancloudIPrangesanddomains-OutgoingConnections",
    "Parameters": {
        "JenkinsStackName": {
            "Type": "String",
            "Description": "Name of the CloudFormation Stack that contains the Jenkins configuration",
            "MinLength": 1,
            "MaxLength": 255,
            "Default": "DEV-Jenkins"
        },
        "FromCidr1": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"13.52.5.96/28"
        },
        "FromCidr2": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"13.236.8.224/28"
        },
        "FromCidr3": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"18.184.99.224/28"
        },
        "FromCidr4": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"18.234.32.224/28"
        },
        "FromCidr5": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"18.246.31.224/28"
        },
        "FromCidr6": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"52.215.192.224/28"
        },
        "FromCidr7": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"104.192.137.240/28"
        },
        "FromCidr8": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"104.192.138.240/28"
        },
        "FromCidr9": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"104.192.140.240/28"
        },
        "FromCidr10": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"104.192.142.240/28"
        },
        "FromCidr11": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"104.192.143.240/28"
        },
        "FromCidr12": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"185.166.143.240/28"
        },
        "FromCidr13": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"185.166.142.240/28"
        }
    },
    "Resources": {
        "SecurityGroupIngress1": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr1"
                }
            }
        },
        "SecurityGroupIngress2": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr2"
                }
            }
        },
        "SecurityGroupIngress3": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr3"
                }
            }
        },
        "SecurityGroupIngress4": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr4"
                }
            }
        },
        "SecurityGroupIngress5": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr5"
                }
            }
        },
        "SecurityGroupIngress6": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr6"
                }
            }
        },
        "SecurityGroupIngress7": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr7"
                }
            }
        },
        "SecurityGroupIngress8": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr8"
                }
            }
        },
        "SecurityGroupIngress9": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr9"
                }
            }
        },
        "SecurityGroupIngress10": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr10"
                }
            }
        },
        "SecurityGroupIngress11": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr11"
                }
            }
        },
        "SecurityGroupIngress12": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr12"
                }
            }
        },
        "SecurityGroupIngress13": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr13"
                }
            }
        }
    }
}

Once the stack is created, you will no longer see NETWORK ERROR in BitBucket.

Here is a deeper look at the “View details” for the NETWORK ERROR

19 Comments:

  1. Some really nice stuff on this website , I enjoy it.

  2. Youre so cool! I dont suppose Ive read something like this before. So nice to find any individual with some unique ideas on this subject. realy thank you for starting this up. this website is something that is needed on the web, someone with somewhat originality. useful job for bringing something new to the internet!

  3. Good web site! I really love how it is easy on my eyes and the data are well written. I’m wondering how I might be notified whenever a new post has been made. I’ve subscribed to your RSS which must do the trick! Have a nice day!

  4. Certainly. It was and with me. We can communicate on this theme. Here or in PM.

  5. I was very pleased to find this web-site.I wanted to thanks for your time for this wonderful read!! I definitely enjoying every little bit of it and I have you bookmarked to check out new stuff you blog post.

  6. It’s really a great and helpful piece of information. I’m happy that you shared this helpful info with us. Please keep us up to date like this. Thanks for sharing.

  7. I gotta favorite this website it seems very useful very useful

  8. Bravo, what necessary words…, a brilliant idea

  9. Sweet internet site, super layout, rattling clean and utilize genial.

  10. I think, that you are not right. Let’s discuss. Write to me in PM.

  11. I recommend to you to come for a site where there are many articles on a theme interesting you.

Leave a Reply

Your email address will not be published. Required fields are marked *