{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template deploys two Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Group nodes. This template also deploys the require AD architecture outlined in \"Implementing Active Directory Domain Services in the AWS Cloud\" **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template.", "Parameters": { "KeyPairName": { "Description": "Public/private key pairs allow you to securely connect to your instance after it launches", "Type": "AWS::EC2::KeyPair::KeyName" }, "ADInstanceType": { "Description": "Amazon EC2 instance type for the first Active Directory Instance", "Type": "String", "Default": "m4.xlarge", "AllowedValues": [ "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge" ] }, "AD2InstanceType": { "Description": "Amazon EC2 instance type for the second Active Directory Instance", "Type": "String", "Default": "m4.xlarge", "AllowedValues": [ "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge" ] }, "NATInstanceType": { "Description": "Amazon EC2 instance type for the NAT Instances", "Type": "String", "Default": "t2.small", "AllowedValues": [ "t2.small", "t2.medium" ] }, "RDGWInstanceType": { "Description": "Amazon EC2 instance type for the Remote Desktop Gatweway Instance", "Type": "String", "Default": "m4.xlarge", "AllowedValues": [ "m5.large", "m5.xlarge", "m5.2xlarge", "m5.4xlarge" ] }, "WSFCNode1InstanceType": { "Description": "Amazon EC2 instance type for the 1st WSFC Node", "Type": "String", "Default": "r3.2xlarge", "AllowedValues": [ "r3.xlarge", "r3.2xlarge", "r3.4xlarge" ], "ConstraintDescription": "Only EBS Optimized instance types r3.xlarge, r3.2xlarge, r3.4xlarge allowed" }, "WSFCNode2InstanceType": { "Description": "Amazon EC2 instance type for the 1st WSFC Node", "Type": "String", "Default": "r3.2xlarge", "AllowedValues": [ "r3.xlarge", "r3.2xlarge", "r3.4xlarge" ], "ConstraintDescription": "Only EBS Optimized instance types r3.xlarge, r3.2xlarge, r3.4xlarge allowed" }, "DomainDNSName": { "Description": "Fully qualified domain name (FQDN) of the forest root domain e.g. example.com", "Type": "String", "Default": "example.com", "MinLength": "3", "MaxLength": "25", "AllowedPattern": "[a-zA-Z0-9\\-]+\\..+" }, "DomainNetBIOSName": { "Description": "NetBIOS name of the domain (upto 15 characters) for users of earlier versions of Windows e.g. EXAMPLE", "Type": "String", "Default": "example", "MinLength": "1", "MaxLength": "15", "AllowedPattern": "[a-zA-Z0-9\\-]+" }, "ADServerNetBIOSName1": { "Description": "NetBIOS name of the 1st AD Server (upto 15 characters)", "Type": "String", "Default": "DC1", "MinLength": "1", "MaxLength": "15", "AllowedPattern": "[a-zA-Z0-9\\-]+" }, "ADServerNetBIOSName2": { "Description": "NetBIOS name of the 2nd AD Server (upto 15 characters)", "Type": "String", "Default": "DC2", "MinLength": "1", "MaxLength": "15", "AllowedPattern": "[a-zA-Z0-9\\-]+" }, "WSFCNode1NetBIOSName": { "Description": "NetBIOS name of the 1st WSFC Node (up to 15 characters)", "Type": "String", "Default": "WSFCNode1", "MinLength": "1", "MaxLength": "15", "AllowedPattern": "[a-zA-Z0-9\\-]+" }, "WSFCNode2NetBIOSName": { "Description": "NetBIOS name of the 2nd WSFC Node (up to 15 characters)", "Type": "String", "Default": "WSFCNode2", "MinLength": "1", "MaxLength": "15", "AllowedPattern": "[a-zA-Z0-9\\-]+" }, "RestoreModePassword": { "Description": "Password for a separate Administrator account when the domain controller is in Restore Mode. Must be at least 8 characters containing letters, numbers and symbols", "Type": "String", "MinLength": "8", "MaxLength": "32", "AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*", "NoEcho": "True" }, "DomainAdminUser": { "Description": "User name for the account that will be added as Domain Administrator. This is separate from the default \"Administrator\" account", "Type": "String", "Default": "StackAdmin", "MinLength": "5", "MaxLength": "25", "AllowedPattern": "[a-zA-Z0-9]*" }, "DomainAdminPassword": { "Description": "Password for the domain admin user. Must be at least 8 characters containing letters, numbers and symbols", "Type": "String", "MinLength": "8", "MaxLength": "32", "AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*", "NoEcho": "true" }, "SQLServiceAccount": { "Description": "User name for the SQL Server Service Account. This Account is a Domain User.", "Type": "String", "Default": "sqlsa", "MinLength": "5", "MaxLength": "25", "AllowedPattern": "[a-zA-Z0-9]*" }, "SQLServiceAccountPassword": { "Description": "Password for the SQL Service account. Must be at least 8 characters containing letters, numbers and symbols", "Type": "String", "MinLength": "8", "MaxLength": "32", "AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*", "NoEcho": "true" }, "UserCount": { "Description": "Total number of test user accounts to create in Active Directory", "Type": "Number", "Default": "25" }, "DMZ1CIDR": { "Description": "CIDR Block for the Public DMZ Subnet located in AZ1", "Type": "String", "Default": "10.0.32.0/20", "AllowedPattern": "[a-zA-Z0-9]+\\..+" }, "DMZ2CIDR": { "Description": "CIDR Block for the Public DMZ Subnet located in AZ2", "Type": "String", "Default": "10.0.96.0/20", "AllowedPattern": "[a-zA-Z0-9]+\\..+" }, "PrivSub1CIDR": { "Description": "CIDR block for the AD Server tier located in AZ1.", "Type": "String", "Default": "10.0.0.0/19", "AllowedPattern": "[a-zA-Z0-9]+\\..+" }, "PrivSub2CIDR": { "Description": "CIDR block for the AD Server tier located in AZ2.", "Type": "String", "Default": "10.0.64.0/19", "AllowedPattern": "[a-zA-Z0-9]+\\..+" }, "VPCCIDR": { "Description": "CIDR Block for the VPC", "Type": "String", "Default": "10.0.0.0/16", "AllowedPattern": "[a-zA-Z0-9]+\\..+" }, "AD1PrivateIp": { "Description": "Fixed private IP for the first Active Directory server located in AZ1", "Type": "String", "Default": "10.0.0.10" }, "AD2PrivateIp": { "Description": "Fixed private IP for the second Active Directory serverr located in AZ2", "Type": "String", "Default": "10.0.64.10" }, "WSFCNode1PrivateIp": { "Description": "Primary private IP for the 1st WSFC Node located in AZ1", "Type": "String", "Default": "10.0.0.100" }, "WSFCNode1PrivateIp2": { "Description": "Secondary private IP for WSFC cluster on 1st WSFC Node", "Type": "String", "Default": "10.0.0.101" }, "WSFCNode1PrivateIp3": { "Description": "Third private IP for Availability Group Listner on 1st WSFC Node", "Type": "String", "Default": "10.0.0.102" }, "WSFCNode2PrivateIp": { "Description": "Primary private IP for the 2nd WSFC Node located in AZ2", "Type": "String", "Default": "10.0.64.100" }, "WSFCNode2PrivateIp2": { "Description": "Secondary private IP for WSFC cluster on 2nd WSFC Node", "Type": "String", "Default": "10.0.64.101" }, "WSFCNode2PrivateIp3": { "Description": "Third private IP for Availability Group Listner on 2nd WSFC Node", "Type": "String", "Default": "10.0.64.102" }, "SQLServerVersion": { "Description": "Version of SQL Server to install on WSFC Nodes. Options include either \"2014\" or \"2012\"", "Type": "String", "AllowedValues": [ "2014", "2012" ], "Default": "2014" } }, "Resources": { "ADStack": { "Type": "AWS::CloudFormation::Stack", "Properties": { "TemplateURL": "https://s3.amazonaws.com/aws-quickstart/quickstart-microsoft-activedirectory/templates/Template_1_AD_2012.template", "Parameters": { "AD1PrivateIp": { "Ref": "AD1PrivateIp" }, "AD2InstanceType": { "Ref": "AD2InstanceType" }, "AD2PrivateIp": { "Ref": "AD2PrivateIp" }, "ADInstanceType": { "Ref": "ADInstanceType" }, "ADServerNetBIOSName1": { "Ref": "ADServerNetBIOSName1" }, "ADServerNetBIOSName2": { "Ref": "ADServerNetBIOSName2" }, "DMZ1CIDR": { "Ref": "DMZ1CIDR" }, "DMZ2CIDR": { "Ref": "DMZ2CIDR" }, "DomainAdminPassword": { "Ref": "DomainAdminPassword" }, "DomainAdminUser": { "Ref": "DomainAdminUser" }, "DomainDNSName": { "Ref": "DomainDNSName" }, "DomainNetBIOSName": { "Ref": "DomainNetBIOSName" }, "KeyPairName": { "Ref": "KeyPairName" }, "NATInstanceType": { "Ref": "NATInstanceType" }, "PrivSub1CIDR": { "Ref": "PrivSub1CIDR" }, "PrivSub2CIDR": { "Ref": "PrivSub2CIDR" }, "RDGWInstanceType": { "Ref": "RDGWInstanceType" }, "RestoreModePassword": { "Ref": "RestoreModePassword" }, "UserCount": { "Ref": "UserCount" }, "VPCCIDR": { "Ref": "VPCCIDR" } } } }, "SQLStack": { "Type": "AWS::CloudFormation::Stack", "DependsOn": "ADStack", "Properties": { "TemplateURL": "https://s3.amazonaws.com/aws-quickstart/quickstart-microsoft-sql/templates/Template_1_SQL_AlwaysOn.template", "Parameters": { "ADServer1PrivateIp": { "Ref": "AD1PrivateIp" }, "ADServer2PrivateIp": { "Ref": "AD2PrivateIp" }, "ADServerNetBIOSName1": { "Ref": "ADServerNetBIOSName1" }, "ADServerNetBIOSName2": { "Ref": "ADServerNetBIOSName2" }, "SQLServerVersion": { "Ref": "SQLServerVersion" }, "DomainAdminPassword": { "Ref": "DomainAdminPassword" }, "DomainAdminUser": { "Ref": "DomainAdminUser" }, "DomainDNSName": { "Ref": "DomainDNSName" }, "DomainMemberSGID": { "Fn::GetAtt": [ "ADStack", "Outputs.DomainMemberSGID" ] }, "DomainNetBIOSName": { "Ref": "DomainNetBIOSName" }, "KeyPairName": { "Ref": "KeyPairName" }, "SQLServiceAccount": { "Ref": "SQLServiceAccount" }, "SQLServiceAccountPassword": { "Ref": "SQLServiceAccountPassword" }, "VPC": { "Fn::GetAtt": [ "ADStack", "Outputs.VPC" ] }, "PrivSub1CIDR": { "Ref": "PrivSub1CIDR" }, "WSFCNode1InstanceType": { "Ref": "WSFCNode1InstanceType" }, "WSFCNode1NetBIOSName": { "Ref": "WSFCNode1NetBIOSName" }, "WSFCNode1PrivateIp": { "Ref": "WSFCNode1PrivateIp" }, "WSFCNode1PrivateIp2": { "Ref": "WSFCNode1PrivateIp2" }, "WSFCNode1PrivateIp3": { "Ref": "WSFCNode1PrivateIp3" }, "PrivateSubnet1Id": { "Fn::GetAtt": [ "ADStack", "Outputs.PrivateSubnet1Id" ] }, "PrivSub2CIDR": { "Ref": "PrivSub2CIDR" }, "WSFCNode2InstanceType": { "Ref": "WSFCNode2InstanceType" }, "WSFCNode2NetBIOSName": { "Ref": "WSFCNode2NetBIOSName" }, "WSFCNode2PrivateIp": { "Ref": "WSFCNode2PrivateIp" }, "WSFCNode2PrivateIp2": { "Ref": "WSFCNode2PrivateIp2" }, "WSFCNode2PrivateIp3": { "Ref": "WSFCNode2PrivateIp3" }, "PrivateSubnet2Id": { "Fn::GetAtt": [ "ADStack", "Outputs.PrivateSubnet2Id" ] }, "VPCCIDR": { "Fn::GetAtt": [ "ADStack", "Outputs.VPCCIDR" ] } } } } } }