AWSTemplateFormatVersion: "2010-09-09" Description: AWS Digital Content Creation Architecture - AWS ThinkBox Deadline. (uksb-1qgdqu75l) Metadata: Version: 1.6.9 AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Region configuration Parameters: - AvailabilityZones - Label: default: VPC network configuration Parameters: - VPCName - VPCCidr - VPCPublicSubnet1Cidr - VPCPublicSubnet2Cidr - VPCPrivateSubnet1Cidr - VPCPrivateSubnet2Cidr - Label: default: Client VPN Configuration Parameters: - CreateVPNEndpoint - ClientCidrBlock - ServerCertificateArn - ClientCertificateArn - TargetNetworkCidr - Label: default: License server configuration Parameters: - LicenseServerAmiId - LicenseServerInstanceType - LicenseServerVersion - DeadlineLicense - Label: default: Repository and database configuration Parameters: - RepositoryAmiId - RepositoryInstanceType - AppVersion - Label: default: Workstation configuration Parameters: - WorkstationInstanceType - WorkstationConnectionManager - WorkstationEBSVolumeSize - WorkstationAccessCIDR - EC2UserPassword - Label: default: Render node configuration Parameters: - RenderNodeAmiId - RenderNodeInstanceType - RenderNodeTargetCapacity ParameterLabels: AvailabilityZones: default: Availability Zones VPCName: default: VPC name VPCCidr: default: VPC CIDR VPCPublicSubnet1Cidr: default: Public Subnet 1 CIDR VPCPublicSubnet2Cidr: default: Public Subnet 2 CIDR VPCPrivateSubnet1Cidr: default: Private Subnet 1 CIDR VPCPrivateSubnet2Cidr: default: Private Subnet 2 CIDR CreateVPNEndpoint: default: Create VPN Endpoint. ClientCidrBlock: default: Client CIDR for VPN Endpoint ServerCertificateArn: default: ACM Server Certificate ARN ClientCertificateArn: default: ACM Client Certificate ARN TargetNetworkCidr: default: Target Network CIDR for VPN Endpoint LicenseServerAmiId: default: License server AMI ID LicenseServerInstanceType: default: License server instance type LicenseServerVersion: default: License server version DeadlineLicense: default: Deadline license key RepositoryAmiId: default: Render Scheduler AMI ID RepositoryInstanceType: default: Render scheduler instance type AppVersion: default: Deadline application version WorkstationInstanceType: default: Workstation instance type WorkstationConnectionManager: deafult: Workstation connection manager WorkstationEBSVolumeSize: default: Workstation EBS volume size EC2UserPassword: default: EC2 user password WorkstationAccessCIDR: default: Workstation access CIDR RenderNodeAmiId: default: Render Node AMI ID RenderNodeInstanceType: default: Render node instance type RenderNodeTargetCapacity: default: Render node capacity Parameters: AvailabilityZones: Description: The list of Availability Zones to use for the subnets in the VPC. Select **two** Availability Zones from your list. Type: List VPCName: Description: The name of the VPC. Type: String Default: dcc-vpc VPCCidr: Description: The CIDR block for the VPC. Type: String Default: 10.0.0.0/16 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 VPCPublicSubnet1Cidr: Description: The CIDR block for the Public Subnet located in Availability Zone 1 of the VPC. Type: String Default: 10.0.0.0/24 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 VPCPublicSubnet2Cidr: Description: The CIDR block for the Public Subnet located in Availability Zone 2 of the VPC. Type: String Default: 10.0.1.0/24 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 VPCPrivateSubnet1Cidr: Description: The CIDR block for the Private Subnet located in Availability Zone 1 of the VPC. Type: String Default: 10.0.2.0/24 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 VPCPrivateSubnet2Cidr: Description: The CIDR block for the Private Subnet located in Availability Zone 2 of the VPC. Type: String Default: 10.0.3.0/24 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 CreateVPNEndpoint: Description: Should the CloudFormation create a Client VPN Endpoint. Workstation will be placed in Private subnet, if set to 'true'. (Specify 'true' or 'false') Type: String AllowedValues: - false - true Default: false ConstraintDescription: Must specify 'true' or 'false' ClientCidrBlock: Description: If creating Client VPN endpoint in the solution, specify the IPv4 address range. It should be in CIDR notation from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet. Type: String Default: 10.50.0.0/20 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-32 ServerCertificateArn: Description: Required if Create Client VPN endpoint is set to `true`. Type: String Default: N/A ClientCertificateArn: Description: Required if Create Client VPN endpoint is set to `true`. Type: String Default: N/A TargetNetworkCidr: Description: If creating Client VPN endpoint in the solution, specify the IPv4 address range, in CIDR notation, of the network for which access is being authorized. Type: String Default: 10.0.0.0/16 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(0[0-9]|1[0-9]|2[0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/0-32 LicenseServerAmiId: Description: Latest Amazon Linux AMI Using Systems Manager Parameter Store. Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 LicenseServerInstanceType: Description: The EC2 instance type for the Deadline License server. Type: String Default: m5.xlarge LicenseServerVersion: Description: The version of License server. Type: String AllowedValues: - 1.1 - 11.13.1.2.0 Default: 1.1 DeadlineLicense: Description: If you have license key, add it here. Type: String Default: 123456789012 NoEcho: true RepositoryAmiId: Description: Latest Amazon Linux AMI Using Systems Manager Parameter Store. Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 RepositoryInstanceType: Description: The EC2 instance type for the Deadline repository. Type: String Default: m5.2xlarge AppVersion: Description: The version of Deadline application. Type: String AllowedValues: - 10.1.3.6 - 10.0.24.4 Default: 10.1.3.6 WorkstationInstanceType: Description: Artist workstation instance type. Type: String AllowedValues: - g4dn.xlarge - g4dn.2xlarge - g4dn.4xlarge - g4dn.8xlarge - g4dn.12xlarge - g4dn.16xlarge Default: g4dn.xlarge WorkstationConnectionManager: Description: Specify whether you want to run Teradici PCoIP or NiceDcv server to connect to the workstation. Type: String AllowedValues: - teradici - nicedcv Default: teradici WorkstationEBSVolumeSize: Description: Volume size of the Workstation instance in GiB. Type: Number Default: 100 MaxValue: 16000 MinValue: 100 WorkstationAccessCIDR: Description: CIDR block of an on-premise IP address. Input your network's current public or private IP depending if the Workstation is being placed in a public or private subnet. Type: String Default: 0.0.0.0/0 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ EC2UserPassword: Description: Set password for ec2-user. Type: String NoEcho: true RenderNodeAmiId: Description: Latest Amazon Linux AMI Using Systems Manager Parameter Store. Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 RenderNodeInstanceType: Description: The EC2 instance type for the Deadline Render nodes. Type: String Default: c5.4xlarge RenderNodeTargetCapacity: Description: The number of instances in the spot fleet. Type: String Default: 2 Environment: Description: The type of environment to tag your infrastructure with. You can specify DEV (development), TEST (test), or PROD (production). Type: String AllowedValues: - DEV - TEST - PROD Default: DEV ArtefactBucketName: Description: S3 bucket name for the application assets. Type: String Default: aws-digital-content-creation-render-environment AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-.]*[0-9a-zA-Z])*$ ConstraintDescription: S3 bucket name can include numbers, lowercase letters, uppercase letters, periods (.), and hyphens (-). It cannot start or end with a hyphen (-). Mappings: AMIRegionMap: eu-north-1: NICEDCV: ami-0bdfd5a2e10328d8d TERADICI: ami-0ab314a4778b8f334 ap-south-1: NICEDCV: ami-0c2a5e20ed035feca TERADICI: ami-0a087b5315aec2a38 eu-west-3: NICEDCV: ami-04e9155e27944d4e0 TERADICI: ami-0575fa8f425ca91b4 eu-west-2: NICEDCV: ami-045be6886a93c8130 TERADICI: ami-09b559de08f3663c6 eu-west-1: NICEDCV: ami-0547e6987ff6a09e6 TERADICI: ami-0cc05ee0e4c836c97 ap-northeast-2: NICEDCV: ami-0a8e306e2265fbd90 TERADICI: ami-0b63c000dc6b2b9a3 ap-northeast-1: NICEDCV: ami-0a651db9a351a96a6 TERADICI: ami-0238d8c867840b4a3 sa-east-1: NICEDCV: ami-0bebd725a3c8b578f TERADICI: ami-03ee2f9fce0ea4c80 ap-southeast-1: NICEDCV: ami-05a42cd504e9d2f85 TERADICI: ami-0377ce14385dde95a ap-southeast-2: NICEDCV: ami-0b0154d9daba62781 TERADICI: ami-0a535b9dbf5527d00 eu-central-1: NICEDCV: ami-0aa4f904d736d1114 TERADICI: ami-0d7832ef57eb4f50b us-east-1: NICEDCV: ami-05f5825affeec78e9 TERADICI: ami-0e895052ddc54bb63 us-east-2: NICEDCV: ami-05c85de49cdb0ce40 TERADICI: ami-0bd8ecd5704337970 us-west-1: NICEDCV: ami-0af3c3830a0d0d567 TERADICI: ami-0c118e5bf07d4c8cc us-west-2: NICEDCV: ami-019ff0a55b514e755 TERADICI: ami-0b4e0e6cb3e9e82e5 Conditions: CreateClientVPN: !Equals [!Ref CreateVPNEndpoint, true] IsTeradici: !Equals [!Ref WorkstationConnectionManager, teradici] Transform: AWS::Serverless-2016-10-31 Resources: IAMStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: iam.template VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: vpc.template Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones VPCName: !Ref VPCName VPCCidr: !Ref VPCCidr VPCPublicSubnet1Cidr: !Ref VPCPublicSubnet1Cidr VPCPublicSubnet2Cidr: !Ref VPCPublicSubnet2Cidr VPCPrivateSubnet1Cidr: !Ref VPCPrivateSubnet1Cidr VPCPrivateSubnet2Cidr: !Ref VPCPrivateSubnet2Cidr ClientVPNStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: client-vpn.template Parameters: ClientCidrBlock: !Ref ClientCidrBlock ServerCertificateArn: !Ref ServerCertificateArn ClientCertificateArn: !Ref ClientCertificateArn SubnetID: !GetAtt VPCStack.Outputs.PrivateSubnet1 TargetNetworkCidr: !Ref TargetNetworkCidr VPC: !GetAtt VPCStack.Outputs.VpcID Condition: CreateClientVPN SecurityGroupsHelperStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: security-groups-helper.template Parameters: VpcID: !GetAtt VPCStack.Outputs.VpcID WorkstationAccessCIDR: !Ref WorkstationAccessCIDR Environment: !Ref Environment WorkstationConnectionManager: !Ref WorkstationConnectionManager EfsStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: efs.template Parameters: VpcID: !GetAtt VPCStack.Outputs.VpcID PrivateSubnet1: !GetAtt VPCStack.Outputs.PrivateSubnet1 PrivateSubnet2: !GetAtt VPCStack.Outputs.PrivateSubnet2 RepositorySecurityGroup: !GetAtt SecurityGroupsHelperStack.Outputs.RepositorySecurityGroup RenderNodeSecurityGroup: !GetAtt SecurityGroupsHelperStack.Outputs.RenderNodeSecurityGroup WorkstationSecurityGroup: !GetAtt SecurityGroupsHelperStack.Outputs.WorkstationSecurityGroup Environment: !Ref Environment LicenseServerStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: license-server.template Parameters: PrivateSubnet1: !GetAtt VPCStack.Outputs.PrivateSubnet1 LicenseServerSecurityGroup: !GetAtt SecurityGroupsHelperStack.Outputs.LicenseServerSecurityGroup InstanceType: !Ref LicenseServerInstanceType InstanceAMI: !Ref LicenseServerAmiId EC2InstanceProfile: !GetAtt IAMStack.Outputs.EC2InstanceProfile LicenseServerVersion: !Ref LicenseServerVersion DeadlineLicense: !Ref DeadlineLicense ArtefactBucketName: !Ref ArtefactBucketName Environment: !Ref Environment RepositoryStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: repository.template Parameters: PrivateSubnet1: !GetAtt VPCStack.Outputs.PrivateSubnet1 RepositorySecurityGroup: !GetAtt SecurityGroupsHelperStack.Outputs.RepositorySecurityGroup EfsFileSystem: !GetAtt EfsStack.Outputs.EfsFileSystem InstanceType: !Ref RepositoryInstanceType InstanceAMI: !Ref RepositoryAmiId EC2InstanceProfile: !GetAtt IAMStack.Outputs.EC2InstanceProfile EC2UserPassword: !Ref EC2UserPassword #pragma: allowlist secret AppVersion: !Ref AppVersion Environment: !Ref Environment ArtefactBucketName: !Ref ArtefactBucketName WorkstationStack: Type: AWS::CloudFormation::Stack DependsOn: - RepositoryStack Properties: TemplateURL: workstation.template Parameters: SubnetID: !If - CreateClientVPN - !GetAtt VPCStack.Outputs.PrivateSubnet1 - !GetAtt VPCStack.Outputs.PublicSubnet1 CreateVPNEndpoint: !Ref CreateVPNEndpoint WorkstationSecurityGroup: !GetAtt SecurityGroupsHelperStack.Outputs.WorkstationSecurityGroup EfsFileSystem: !GetAtt EfsStack.Outputs.EfsFileSystem InstanceType: !Ref WorkstationInstanceType WorkstationEBSVolumeSize: !Ref WorkstationEBSVolumeSize InstanceAMI: !If - IsTeradici - !FindInMap [AMIRegionMap, !Ref 'AWS::Region', TERADICI] - !FindInMap [AMIRegionMap, !Ref 'AWS::Region', NICEDCV] WorkstationInstanceProfile: !GetAtt IAMStack.Outputs.WorkstationInstanceProfile WorkstationConnectionManager: !Ref WorkstationConnectionManager AppVersion: !Ref AppVersion Environment: !Ref Environment ArtefactBucketName: !Ref ArtefactBucketName LicenseServerInstancePrivateIp: !GetAtt LicenseServerStack.Outputs.LicenseServerInstancePrivateIp EC2UserPassword: !Ref EC2UserPassword #pragma: allowlist secret RenderNodeStack: Type: AWS::CloudFormation::Stack DependsOn: RepositoryStack Properties: TemplateURL: render-node.template Parameters: PrivateSubnet1: !GetAtt VPCStack.Outputs.PrivateSubnet1 RenderNodeSecurityGroup: !GetAtt SecurityGroupsHelperStack.Outputs.RenderNodeSecurityGroup EfsFileSystem: !GetAtt EfsStack.Outputs.EfsFileSystem InstanceType: !Ref RenderNodeInstanceType InstanceAMI: !Ref RenderNodeAmiId Environment: !Ref Environment EC2InstanceProfile: !GetAtt IAMStack.Outputs.EC2InstanceProfile SpotFleetARN: !GetAtt IAMStack.Outputs.SpotFleetARN AppVersion: !Ref AppVersion LicenseServerInstancePrivateIp: !GetAtt LicenseServerStack.Outputs.LicenseServerInstancePrivateIp EC2UserPassword: !Ref EC2UserPassword #pragma: allowlist secret ArtefactBucketName: !Ref ArtefactBucketName RenderNodeTargetCapacity: !Ref RenderNodeTargetCapacity Outputs: ClientVpnEndpointID: Value: !GetAtt ClientVPNStack.Outputs.ClientVpnEndpointID Condition: CreateClientVPN LicenseServerIPAddress: Value: !GetAtt LicenseServerStack.Outputs.LicenseServerInstancePrivateIp RenderSchedulerIPAddress: Value: !GetAtt RepositoryStack.Outputs.RepositoryInstancePrivateIp WorkstationIP: Value: !If - IsTeradici - !GetAtt WorkstationStack.Outputs.WorkstationIP - !Join ["", ['https://', !GetAtt WorkstationStack.Outputs.WorkstationIP, ':8443']]