AWSTemplateFormatVersion: '2010-09-09' Description: This template deploys two Windows Server Failover Clustering (Exchange) and Exchange Server 2016 or 2019. This template also deploys the require AD architecture outlined in "Implementing Active Directory Domain Services in the AWS Cloud" **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template. Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network Configuration Parameters: - AvailabilityZones - NumberOfAZs - ThirdAZ - VPCCIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PublicSubnet3CIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PrivateSubnet3CIDR - Label: default: Amazon EC2 Configuration Parameters: - KeyPairName - Label: default: Microsoft Active Directory Configuration Parameters: - DomainDNSName - DomainNetBIOSName - DomainAdminUser - DomainAdminPassword - ADServer1InstanceType - ADServer1NetBIOSName - ADServer1PrivateIP - ADServer2InstanceType - ADServer2NetBIOSName - ADServer2PrivateIP - Label: default: Remote Desktop Gateway Configuration Parameters: - RDGWCIDR - RDGWInstanceType - NumberOfRDGWHosts - Label: default: Exchange Server Configuration Parameters: - ExchangeServerVersion - Exchange2019Source - IncludeEdgeTransportRole - EdgeInstanceType - EdgeNode1NetBIOSName - EdgeNode1PrivateIP1 - EdgeNode2NetBIOSName - EdgeNode2PrivateIP1 - EnableReFSVolumes - EncryptDataVolumes - EncryptionKmsKey - VolumeIops - VolumeSize - VolumeType - Label: default: Load Balancer Configuration Parameters: - DeployLoadBalancer - CertificateArn - Label: default: Failover Cluster Configuration Parameters: - ExchangeNodeInstanceType - ExchangeNode1NetBIOSName - ExchangeNode1PrivateIP1 - ExchangeNode1PrivateIP2 - ExchangeNode2NetBIOSName - ExchangeNode2PrivateIP1 - ExchangeNode2PrivateIP2 - ExchangeNode3NetBIOSName - ExchangeNode3PrivateIP1 - ExchangeNode3PrivateIP2 - FileServerInstanceType - FileServerNetBIOSName - FileServerPrivateIP - Label: default: AWS Quick Start Configuration Parameters: - QSS3BucketName - QSS3KeyPrefix ParameterLabels: ADServer1InstanceType: default: Domain Controller 1 instance type ADServer1NetBIOSName: default: Domain Controller 1 NetBIOS name ADServer1PrivateIP: default: Domain Controller 1 private IP address ADServer2InstanceType: default: Domain Controller 2 instance type ADServer2NetBIOSName: default: Domain Controller 2 NetBIOS name ADServer2PrivateIP: default: Domain Controller 2 private IP address AvailabilityZones: default: Availability Zones CertificateArn: default: Application Load Balancer Certificate DeployLoadBalancer: default: Deploy Application Load Balancer DomainAdminPassword: default: Domain Admin password DomainAdminUser: default: Domain Admin user name DomainDNSName: default: Domain DNS name DomainNetBIOSName: default: Domain NetBIOS name KeyPairName: default: Key pair name PrivateSubnet1CIDR: default: Private Subnet 1 CIDR PrivateSubnet2CIDR: default: Private Subnet 2 CIDR PrivateSubnet3CIDR: default: Private Subnet 3 CIDR PublicSubnet1CIDR: default: Public Subnet 1 CIDR PublicSubnet2CIDR: default: Public Subnet 2 CIDR PublicSubnet3CIDR: default: Public Subnet 3 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix RDGWInstanceType: default: Remote Desktop Gateway instance type NumberOfRDGWHosts: default: Number of RDGW Hosts RDGWCIDR: default: Allowed Remote Desktop Gateway external access CIDR ExchangeServerVersion: default: Exchange Server version Exchange2019Source: default: Exchange Server 2019 source (ISO) IncludeEdgeTransportRole: default: Deploy Edge servers EdgeInstanceType: default: Edge Role instance type EdgeNode1NetBIOSName: default: Edge Node 1 NetBIOS name EdgeNode1PrivateIP1: default: Edge Node 1 private IP address EdgeNode2NetBIOSName: default: Edge Node 2 NetBIOS name EdgeNode2PrivateIP1: default: Edge Node 2 private IP address EnableReFSVolumes: default: Enable or disable ReFS EncryptDataVolumes: default: Encrypt data volumes EncryptionKmsKey: default: KMS key to encrypt volumes ThirdAZ: default: Third Availability Zone NumberOfAZs: default: Number of Availability Zones VolumeIops: default: Exchange Server volume IOPS VolumeSize: default: Exchange Server volume size (GiB) VolumeType: default: Exchange Server volume type VPCCIDR: default: VPC CIDR FileServerInstanceType: default: File Server instance type FileServerNetBIOSName: default: File Server NetBIOS name FileServerPrivateIP: default: File Server private IP address ExchangeNode1NetBIOSName: default: Exchange Node 1 NetBIOS name ExchangeNode1PrivateIP1: default: Exchange Node 1 private IP address 1 ExchangeNode1PrivateIP2: default: Exchange Node 1 private IP address 2 ExchangeNode2NetBIOSName: default: Exchange Node 2 NetBIOS name ExchangeNode2PrivateIP1: default: Exchange Node 2 private IP address 1 ExchangeNode2PrivateIP2: default: Exchange Node 2 private IP address 2 ExchangeNode3NetBIOSName: default: Exchange Node 3 NetBIOS name ExchangeNode3PrivateIP1: default: Exchange Node 3 private IP address 1 ExchangeNode3PrivateIP2: default: Exchange Node 3 private IP address 2 ExchangeNodeInstanceType: default: Instance type for Exchange nodes Parameters: ADServer1InstanceType: AllowedValues: - t2.large - t3.large - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: m5.xlarge Description: The Amazon EC2 instance type for the first Active Directory instance. Type: String ADServer1NetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: DC1 Description: The NetBIOS name of the first Active Directory server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ADServer1PrivateIP: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.0.10 Description: The private IP for the first Active Directory server located in Availability Zone 1. Type: String ADServer2InstanceType: AllowedValues: - t2.large - t3.large - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: m5.xlarge Description: The Amazon EC2 instance type for the second Active Directory instance. Type: String ADServer2NetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: DC2 Description: The NetBIOS name of the second Active Directory server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ADServer2PrivateIP: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.32.10 Description: The private IP for the second Active Directory server located in Availability Zone 2. Type: String AvailabilityZones: Description: 'List of Availability Zones to use for the subnets in the VPC. Note: You must specify two Availability Zones, unless you specify the Third AZ parameter. In this case, you must specify three Availability Zones. The Quick Start preserves the logical order you specify.' Type: List EncryptionKmsKey: Default: '' Description: (Optional) Specify the KMS encryption arn in format arn:aws:kms:[REGION]:[ACCOUNTNUMBER]:key/[GUID]. Leave blank to use default EBS encryption key. MaxLength: '90' Type: String DomainAdminPassword: AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: The password for the domain admin user. Must be at least 8 characters containing letters, numbers and symbols. MaxLength: '32' MinLength: '8' NoEcho: 'true' Type: String DomainAdminUser: AllowedPattern: '[a-zA-Z0-9]*' Default: StackAdmin Description: The user name for the account that will be added as Domain Administrator. This is separate from the default Administrator account. MaxLength: '25' MinLength: '5' Type: String DomainDNSName: AllowedPattern: '[a-zA-Z0-9]+\..+' Default: example.com Description: The fully qualified domain name (FQDN) of the forest root domain e.g. example.com. MaxLength: '25' MinLength: '3' Type: String DomainNetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: example Description: The NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Windows e.g. EXAMPLE. MaxLength: '15' MinLength: '1' Type: String DeployLoadBalancer: AllowedValues: - 'false' - 'true' Default: 'false' Description: Choose true to deploy an Application Load Balancer (ALB). Type: String EdgeInstanceType: Description: The Amazon EC2 instance type for the Exchange Edge Transport servers. Type: String Default: m5.large AllowedValues: - t3.large - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge ConstraintDescription: Select a general purpose instance type EdgeNode1NetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: EdgeNode1 Description: The NetBIOS name of the first Edge server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String EdgeNode1PrivateIP1: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.128.12 Description: The primary private IP for the first Edge server located in Availability Zone 1. Type: String EdgeNode2NetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: EdgeNode2 Description: The NetBIOS name of the second Edge server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String EdgeNode2PrivateIP1: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.144.12 Description: The primary private IP for the second Edge server located in Availability Zone 1. Type: String EncryptDataVolumes: AllowedValues: - 'false' - 'true' Default: 'false' Description: Choose true to encrypt the data and log volumes on Exchange nodes. Type: String EnableReFSVolumes: AllowedValues: - 'false' - 'true' Default: 'true' Description: Choose false to format the data and log volumes on Exchange nodes using NTFS instead of ReFS. Type: String CertificateArn: Default: '' Description: (Conditional) If 'true' was chosen in Deploy Application Load Balancer option, specify the Certificate arn to be used by load balancer in arn:aws:acm:[REGION]:[ACCOUNTNUMBER]:certificate/[GUID] format. MaxLength: '90' Type: String ExchangeServerVersion: AllowedValues: - '2016' - '2019' Default: '2016' Description: Version of Exchange Server to install. Options include either "2016" or "2019". Type: String IncludeEdgeTransportRole: AllowedValues: - 'yes' - 'no' Default: 'no' Description: Choose yes to deploy Exchange Edge Transport servers in the public subnets. Type: String NumberOfAZs: AllowedValues: - "2" - "3" Default: "2" Description: Number of Availability Zones to use in the VPC. This must match your selections in the list of Availability Zones parameter. Type: String KeyPairName: Description: Public/private key pairs allow you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName NumberOfRDGWHosts: AllowedValues: - '1' - '2' - '3' - '4' Default: '1' Description: The number of Remote Desktop Gateway hosts to create. Type: String PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.0.0/19 Description: CIDR Block for private subnet 1 located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.32.0/19 Description: CIDR Block for private subnet 2 located in Availability Zone 2. Type: String PrivateSubnet3CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.64.0/19 Description: (Optional) CIDR Block for private subnet 3 located in Availability Zone 3. Type: String PublicSubnet1CIDR: Default: 10.0.128.0/20 Description: CIDR Block for the public DMZ subnet 1 located in Availability Zone 1. Type: String PublicSubnet2CIDR: Default: 10.0.144.0/20 Description: CIDR Block for the public DMZ subnet 2 located in Availability Zone 2. Type: String PublicSubnet3CIDR: Default: 10.0.160.0/20 Description: (Optional) CIDR Block for the public DMZ subnet 3 located in Availability Zone 3. Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: The S3 bucket you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen. Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-microsoft-exchange/ Description: The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes, but should not start or end with a forward slash (which is automatically added). Type: String RDGWCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: The allowed CIDR Block for external access to the Remote Desktop Gateways. Type: String RDGWInstanceType: AllowedValues: - t2.large - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: t2.large Description: The Amazon EC2 instance type for the Remote Desktop Gateway instances. Type: String ThirdAZ: AllowedValues: - 'no' - witness - full Default: 'no' Description: Enable a 3 AZ deployment, the 3rd AZ can either be used just for the witness, or can be a full Exchange node. Note that if witness is chosen, the WFC File Server Private IP Address parameter must be set to an IP in the 3rd subnet range. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR Block for the VPC. Type: String VolumeIops: Default: '1000' Description: The provisioned IOPS for the Exchange Data and Logs volumes. This parameter is only applicable when Exchange Server Volume Type is set to "io1". MaxValue: '20000' MinValue: '100' Type: Number VolumeSize: Default: '500' Description: The volume size for the Exchange Data and Logs volumes. MaxValue: '16000' MinValue: '100' Type: Number VolumeType: AllowedValues: - gp2 - io1 Default: gp2 Description: The volume type for the Exchange Data and Logs volumes. Type: String FileServerInstanceType: Default: t3.small AllowedValues: - t3.small - t3.large - m5.xlarge Description: The Amazon EC2 instance type for the file-share witness server. Type: String FileServerNetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: FileServer Description: The NetBIOS name of the file-share witness server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String FileServerPrivateIP: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.0.200 Description: The primary private IP for the file-share witness server. Type: String ExchangeNode1NetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: ExchangeNode1 Description: The NetBIOS name of the first Exchange node (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ExchangeNode1PrivateIP1: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.0.100 Description: The primary private IP for Exchange node 1. Type: String ExchangeNode1PrivateIP2: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.0.101 Description: The secondary private IP for Exchange node 1. Type: String ExchangeNode2NetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: ExchangeNode2 Description: The NetBIOS name of the second Exchange node (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ExchangeNode2PrivateIP1: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.32.100 Description: The primary private IP for Exchange node 2. Type: String ExchangeNode2PrivateIP2: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.32.101 Description: The secondary private IP for Exchange node 2. Type: String ExchangeNode3NetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: ExchangeNode3 Description: (Optional) The NetBIOS name of the third Exchange node (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ExchangeNode3PrivateIP1: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.64.100 Description: (Optional) The primary private IP for the Exchange node 3. Type: String ExchangeNode3PrivateIP2: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.64.101 Description: (Optional) The secondary private IP for the Exchange node 3. Type: String ExchangeNodeInstanceType: AllowedValues: - m5.xlarge - r4.xlarge - r4.2xlarge - r4.4xlarge - r4.8xlarge - r5.xlarge - r5.2xlarge - r5.4xlarge - r5.8xlarge ConstraintDescription: Only EBS Optimized instance types r4.*, r5.* allowed Default: r5.xlarge Description: The Amazon EC2 instance type for the Exchange nodes. Type: String Exchange2019Source: Default: 'https://' Description: (Optional) Full URL (including https://) for Exchange 2019 ISO. MaxLength: '2000' MinLength: '1' Type: String Conditions: IsTwoAz: !Equals - !Ref 'ThirdAZ' - 'no' GovCloudCondition: !Equals - !Ref 'AWS::Region' - us-gov-west-1 Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template - QSS3Region: !If - GovCloudCondition - s3-us-gov-west-1 - s3 Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' KeyPairName: !Ref 'KeyPairName' NumberOfAZs: !Ref NumberOfAZs PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' PrivateSubnet3ACIDR: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'PrivateSubnet3CIDR' PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' PublicSubnet3CIDR: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'PublicSubnet3CIDR' VPCCIDR: !Ref 'VPCCIDR' ADStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-activedirectory/templates/ad-1.template - QSS3Region: !If - GovCloudCondition - s3-us-gov-west-1 - s3 Parameters: ADServer1InstanceType: !Ref 'ADServer1InstanceType' ADServer1NetBIOSName: !Ref 'ADServer1NetBIOSName' ADServer1PrivateIP: !Ref 'ADServer1PrivateIP' ADServer2InstanceType: !Ref 'ADServer2InstanceType' ADServer2NetBIOSName: !Ref 'ADServer2NetBIOSName' ADServer2PrivateIP: !Ref 'ADServer2PrivateIP' DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-microsoft-activedirectory/' VPCCIDR: !Ref 'VPCCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' RDGWStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/templates/rdgw-domain.template - QSS3Region: !If - GovCloudCondition - s3-us-gov-west-1 - s3 Parameters: DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainMemberSGID: !GetAtt 'ADStack.Outputs.DomainMemberSGID' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' NumberOfRDGWHosts: !Ref 'NumberOfRDGWHosts' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/' RDGWInstanceType: !Ref 'RDGWInstanceType' RDGWCIDR: !Ref 'RDGWCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' ExchangeStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}templates/exchange.template - QSS3Region: !If - GovCloudCondition - s3-us-gov-west-1 - s3 Parameters: ADServer1NetBIOSName: !Ref 'ADServer1NetBIOSName' ADServer1PrivateIP: !Ref 'ADServer1PrivateIP' ADServer2NetBIOSName: !Ref 'ADServer2NetBIOSName' CertificateArn: !Ref 'CertificateArn' DeployLoadBalancer: !Ref 'DeployLoadBalancer' DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainMemberSGID: !GetAtt 'ADStack.Outputs.DomainMemberSGID' DomainNetBIOSName: !Ref 'DomainNetBIOSName' EdgeInstanceType: !Ref 'EdgeInstanceType' EdgeNode1NetBIOSName: !Ref 'EdgeNode1NetBIOSName' EdgeNode1PrivateIP1: !Ref 'EdgeNode1PrivateIP1' EdgeNode2NetBIOSName: !Ref 'EdgeNode2NetBIOSName' EdgeNode2PrivateIP1: !Ref 'EdgeNode2PrivateIP1' EncryptionKmsKey: !Ref 'EncryptionKmsKey' Exchange2019Source: !Ref 'Exchange2019Source' ExchangeServerVersion: !Ref 'ExchangeServerVersion' EnableReFSVolumes: !Ref 'EnableReFSVolumes' EncryptDataVolumes: !Ref 'EncryptDataVolumes' FileServerInstanceType: !Ref 'FileServerInstanceType' FileServerPrivateIP: !Ref 'FileServerPrivateIP' FileServerNetBIOSName: !Ref 'FileServerNetBIOSName' IncludeEdgeTransportRole: !Ref 'IncludeEdgeTransportRole' KeyPairName: !Ref 'KeyPairName' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet1CIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' PrivateSubnet2CIDR: !Ref 'PrivateSubnet2CIDR' PrivateSubnet3ID: !If - IsTwoAz - !Ref 'AWS::NoValue' - !GetAtt 'VPCStack.Outputs.PrivateSubnet3AID' PrivateSubnet3CIDR: !Ref 'PrivateSubnet3CIDR' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' ThirdAZ: !Ref 'ThirdAZ' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' VPCCidrBlock: !GetAtt 'VPCStack.Outputs.VPCCIDR' VolumeSize: !Ref 'VolumeSize' VolumeType: !Ref 'VolumeType' VolumeIops: !Ref 'VolumeIops' ExchangeNodeInstanceType: !Ref 'ExchangeNodeInstanceType' ExchangeNode1NetBIOSName: !Ref 'ExchangeNode1NetBIOSName' ExchangeNode1PrivateIP1: !Ref 'ExchangeNode1PrivateIP1' ExchangeNode1PrivateIP2: !Ref 'ExchangeNode1PrivateIP2' ExchangeNode2NetBIOSName: !Ref 'ExchangeNode2NetBIOSName' ExchangeNode2PrivateIP1: !Ref 'ExchangeNode2PrivateIP1' ExchangeNode2PrivateIP2: !Ref 'ExchangeNode2PrivateIP2' ExchangeNode3NetBIOSName: !Ref 'ExchangeNode3NetBIOSName' ExchangeNode3PrivateIP1: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'ExchangeNode3PrivateIP1' ExchangeNode3PrivateIP2: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'ExchangeNode3PrivateIP2'