How to protect jenkins?

[Belandria Gaspar]

I am using a EC2 instance in AWS with Window Server 2008 AMI, I am building an CSharp project. I am wondering, what is best way to set a authentication? because now my jenkins url is acceded in a public dns, like as: ec2-xx-xx-xx-xx.compute-1.amazonaws.com:8080

I would like looking for another solution different to htaccess with apache or using a jenkins plugins, in fact, my boss thinks that using IAM in AWS I could be doing a authentication against my URL.

Any idea? 

Thanks in advance

[Andrew Marentis]

Personally I wouldn't run Jenkins inside the cloud. I would only deploy to the cloud.

But You could start by reading 

https://wiki.jenkins-ci.org/display/JENKINS/Securing+Jenkins

Implement firewall rules in aws and ip tables locally. 

Run snort, 

And strip the OS down to only be essentials of what you need to run Jenkins and whatever.

And I would manage this all through something like chef, puppet or ansible. So there is history of your configuration. And if something gets broken you can easily spin it up again.

-A

Sent from my iPhone

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/095cb308-9dbc-4afb-af6c-783b1a01b95c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.