Allow BitBucket Webhooks Access to Jenkins on an AWS EC2 instance behind a Private VPC

Let’s say you want to let BitBucket notify Jenkins to do a build every time a PR is created or a branch is updated. You can leverage the BitBucket webhooks to do this. If so you will want to allow traffic from the BitBucket CIDR addresses here:

If you are using AWS CloudFormation to manage your infrastructure, then you may have noticed that unfortunately there is not a more simple way to define AWS::EC2::SecurityGroupIngress. You cannot supply an array, nor can you readily loop through inputs to the template. Therefore, you have to brute-force copy and paste it over and over with unique names for the variables and Security Groups. Here is a sample CloudFormation template in JSON that you can use:

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "BitBucket Webhooks to Jenkins: https://support.atlassian.com/organization-administration/docs/ip-addresses-and-domains-for-atlassian-cloud-products/#AtlassiancloudIPrangesanddomains-OutgoingConnections",
    "Parameters": {
        "JenkinsStackName": {
            "Type": "String",
            "Description": "Name of the CloudFormation Stack that contains the Jenkins configuration",
            "MinLength": 1,
            "MaxLength": 255,
            "Default": "DEV-Jenkins"
        },
        "FromCidr1": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"13.52.5.96/28"
        },
        "FromCidr2": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"13.236.8.224/28"
        },
        "FromCidr3": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"18.184.99.224/28"
        },
        "FromCidr4": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"18.234.32.224/28"
        },
        "FromCidr5": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"18.246.31.224/28"
        },
        "FromCidr6": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"52.215.192.224/28"
        },
        "FromCidr7": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"104.192.137.240/28"
        },
        "FromCidr8": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"104.192.138.240/28"
        },
        "FromCidr9": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"104.192.140.240/28"
        },
        "FromCidr10": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"104.192.142.240/28"
        },
        "FromCidr11": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"104.192.143.240/28"
        },
        "FromCidr12": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"185.166.143.240/28"
        },
        "FromCidr13": {
            "Type": "String",
            "Description": "Source IP Cidr to allow connections from",
            "MinLength": 1,
            "MaxLength": 18,
            "Default":"185.166.142.240/28"
        }
    },
    "Resources": {
        "SecurityGroupIngress1": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr1"
                }
            }
        },
        "SecurityGroupIngress2": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr2"
                }
            }
        },
        "SecurityGroupIngress3": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr3"
                }
            }
        },
        "SecurityGroupIngress4": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr4"
                }
            }
        },
        "SecurityGroupIngress5": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr5"
                }
            }
        },
        "SecurityGroupIngress6": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr6"
                }
            }
        },
        "SecurityGroupIngress7": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr7"
                }
            }
        },
        "SecurityGroupIngress8": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr8"
                }
            }
        },
        "SecurityGroupIngress9": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr9"
                }
            }
        },
        "SecurityGroupIngress10": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr10"
                }
            }
        },
        "SecurityGroupIngress11": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr11"
                }
            }
        },
        "SecurityGroupIngress12": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr12"
                }
            }
        },
        "SecurityGroupIngress13": {
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": {
                "GroupId": {
                    "Fn::ImportValue": {
                        "Fn::Sub": "${JenkinsStackName}-SecurityGroupId"
                    }
                },                
                "IpProtocol": "tcp",
                "FromPort": "443",
                "ToPort": "443",
                "CidrIp": {
                    "Ref": "FromCidr13"
                }
            }
        }
    }
}

Once the stack is created, you will no longer see NETWORK ERROR in BitBucket.

Here is a deeper look at the “View details” for the NETWORK ERROR

2 Comments:

  1. Some really nice stuff on this website , I enjoy it.

  2. Youre so cool! I dont suppose Ive read something like this before. So nice to find any individual with some unique ideas on this subject. realy thank you for starting this up. this website is something that is needed on the web, someone with somewhat originality. useful job for bringing something new to the internet!

Leave a Reply

Your email address will not be published. Required fields are marked *