{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template deploys two Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Group nodes. This template also deploys the require AD architecture outlined in \"Implementing Active Directory Domain Services in the AWS Cloud\" **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template.", "Metadata": { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "Network Configuration" }, "Parameters": [ "AvailabilityZones", "ThirdAZ", "VPCCIDR", "PublicSubnet1CIDR", "PublicSubnet2CIDR", "PublicSubnet3CIDR", "PrivateSubnet1CIDR", "PrivateSubnet2CIDR", "PrivateSubnet3CIDR" ] }, { "Label": { "default": "Amazon EC2 Configuration" }, "Parameters": [ "KeyPairName", "HostType", "DedicatedHostAMI" ] }, { "Label": { "default": "Standard Active Directory Configuration" }, "Parameters": [ "ADScenarioType", "DomainDNSName", "DomainNetBIOSName", "DomainAdminPassword" ] }, { "Label": { "default": "Self-Managed Active Directory Configuration (for non-AWS Directory Service architecture)" }, "Parameters": [ "DomainAdminUser", "ADServer1InstanceType", "ADServer1NetBIOSName", "ADServer1PrivateIP", "ADServer2InstanceType", "ADServer2NetBIOSName", "ADServer2PrivateIP" ] }, { "Label": { "default": "Remote Desktop Gateway Configuration" }, "Parameters": [ "RDGWCIDR", "NumberOfRDGWHosts", "RDGWInstanceType" ] }, { "Label": { "default": "Microsoft SQL Server Configuration" }, "Parameters": [ "SQLServerVersion", "SQLServiceAccount", "SQLServiceAccountPassword", "SQLLicenseProvided", "VolumeIops", "VolumeSize", "VolumeType" ] }, { "Label": { "default": "Failover Cluster Configuration" }, "Parameters": [ "WSFCNodeInstanceType", "WSFCNode1NetBIOSName", "WSFCNode1PrivateIP1", "WSFCNode1PrivateIP2", "WSFCNode1PrivateIP3", "WSFCNode2NetBIOSName", "WSFCNode2PrivateIP1", "WSFCNode2PrivateIP2", "WSFCNode2PrivateIP3", "WSFCNode3NetBIOSName", "WSFCNode3PrivateIP1", "WSFCNode3PrivateIP2", "WSFCNode3PrivateIP3", "WSFCFileServerInstanceType", "WSFCFileServerPrivateIP" ] }, { "Label": { "default": "AWS Quick Start Configuration" }, "Parameters": [ "QSS3BucketName", "QSS3KeyPrefix" ] } ], "ParameterLabels": { "ADScenarioType": { "default": "AD Scenario Type" }, "ADServer1InstanceType": { "default": "Domain Controller 1 Instance Type" }, "ADServer1NetBIOSName": { "default": "Domain Controller 1 NetBIOS Name" }, "ADServer1PrivateIP": { "default": "Domain Controller 1 Private IP Address" }, "ADServer2InstanceType": { "default": "Domain Controller 2 Instance Type" }, "ADServer2NetBIOSName": { "default": "Domain Controller 2 NetBIOS Name" }, "ADServer2PrivateIP": { "default": "Domain Controller 2 Private IP Address" }, "AvailabilityZones": { "default": "Availability Zones" }, "DedicatedHostAMI": { "default": "BYOL AMI to Use on Dedicated Host" }, "DomainAdminPassword": { "default": "Domain Admin Password" }, "DomainAdminUser": { "default": "Domain Admin User Name" }, "DomainDNSName": { "default": "Domain DNS Name" }, "DomainNetBIOSName": { "default": "Domain NetBIOS Name" }, "HostType": { "default": "Tenancy" }, "KeyPairName": { "default": "Key Pair Name" }, "NumberOfRDGWHosts": { "default": "Number of RDGW hosts" }, "PrivateSubnet1CIDR": { "default": "Private Subnet 1 CIDR" }, "PrivateSubnet2CIDR": { "default": "Private Subnet 2 CIDR" }, "PrivateSubnet3CIDR": { "default": "Private Subnet 3 CIDR" }, "PublicSubnet1CIDR": { "default": "Public Subnet 1 CIDR" }, "PublicSubnet2CIDR": { "default": "Public Subnet 2 CIDR" }, "PublicSubnet3CIDR": { "default": "Public Subnet 3 CIDR" }, "QSS3BucketName": { "default": "Quick Start S3 Bucket Name" }, "QSS3KeyPrefix": { "default": "Quick Start S3 Key Prefix" }, "RDGWInstanceType": { "default": "Remote Desktop Gateway Instance Type" }, "RDGWCIDR": { "default": "Allowed Remote Desktop Gateway External Access CIDR" }, "SQLLicenseProvided": { "default": "Amazon-Provided SQL Server License" }, "SQLServerVersion": { "default": "SQL Server Version" }, "SQLServiceAccount": { "default": "Service Account Name" }, "SQLServiceAccountPassword": { "default": "Service Account Password" }, "ThirdAZ": { "default": "Third AZ" }, "VolumeIops": { "default": "SQL Server Volume IOPS" }, "VolumeSize": { "default": "SQL Server Volume Size" }, "VolumeType": { "default": "SQL Server Volume Type" }, "VPCCIDR": { "default": "VPC CIDR" }, "WSFCFileServerInstanceType": { "default": "File Server Instance Type" }, "WSFCFileServerPrivateIP": { "default": "File Server Private IP Address" }, "WSFCNode1NetBIOSName": { "default": "Cluster Node 1 NetBIOS Name" }, "WSFCNode1PrivateIP1": { "default": "Cluster Node 1 Private IP Address 1" }, "WSFCNode1PrivateIP2": { "default": "Cluster Node 1 Private IP Address 2" }, "WSFCNode1PrivateIP3": { "default": "Cluster Node 1 Private IP Address 3" }, "WSFCNode2NetBIOSName": { "default": "Cluster Node 2 NetBIOS Name" }, "WSFCNode2PrivateIP1": { "default": "Cluster Node 2 Private IP Address 1" }, "WSFCNode2PrivateIP2": { "default": "Cluster Node 2 Private IP Address 2" }, "WSFCNode2PrivateIP3": { "default": "Cluster Node 2 Private IP Address 3" }, "WSFCNode3NetBIOSName": { "default": "Cluster Node 3 NetBIOS Name" }, "WSFCNode3PrivateIP1": { "default": "Cluster Node 3 Private IP Address 1" }, "WSFCNode3PrivateIP2": { "default": "Cluster Node 3 Private IP Address 2" }, "WSFCNode3PrivateIP3": { "default": "Cluster Node 3 Private IP Address 3" }, "WSFCNodeInstanceType": { "default": "Instance Type for Cluster Nodes" } } } }, "Parameters": { "ADScenarioType": { "AllowedValues": [ "AWS Directory Service for Microsoft AD (Enterprise Edition)", "Microsoft AD on Amazon EC2" ], "Default": "AWS Directory Service for Microsoft AD (Enterprise Edition)", "Description": "Select the type of AD DS deployment to use: AWS Directory Service for Microsoft AD or managing your own Amazon EC2 AD instances.", "Type": "String" }, "ADServer1InstanceType": { "AllowedValues": [ "t2.large", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m5.large", "m5.xlarge", "m5.2xlarge", "m5.4xlarge" ], "Default": "m4.xlarge", "Description": "Amazon EC2 instance type for the first Active Directory instance", "Type": "String" }, "ADServer1NetBIOSName": { "AllowedPattern": "[a-zA-Z0-9\\-]+", "Default": "DC1", "Description": "NetBIOS name of the first Active Directory server (up to 15 characters)", "MaxLength": "15", "MinLength": "1", "Type": "String" }, "ADServer1PrivateIP": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.0.10", "Description": "Fixed private IP for the first Active Directory server located in Availability Zone 1", "Type": "String" }, "ADServer2InstanceType": { "AllowedValues": [ "t2.large", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m5.large", "m5.xlarge", "m5.2xlarge", "m5.4xlarge" ], "Default": "m4.xlarge", "Description": "Amazon EC2 instance type for the second Active Directory instance", "Type": "String" }, "ADServer2NetBIOSName": { "AllowedPattern": "[a-zA-Z0-9\\-]+", "Default": "DC2", "Description": "NetBIOS name of the second Active Directory server (up to 15 characters)", "MaxLength": "15", "MinLength": "1", "Type": "String" }, "ADServer2PrivateIP": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.32.10", "Description": "Fixed private IP for the second Active Directory server located in Availability Zone 2", "Type": "String" }, "AvailabilityZones": { "Description": "List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved and that 2 AZ's must be provided unless the Third AZ parameter is specified, in which case 3 AZ's must me provided.", "Type": "List" }, "DedicatedHostAMI": { "Default": "", "Description": "If host type is set to \"Dedicated\" or \"Dedicated Host\", you need to specify your imported BYOL AMI id", "Type": "String" }, "DomainAdminPassword": { "AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*", "Description": "Password for the domain admin user. Must be at least 8 characters containing letters, numbers, and symbols", "MaxLength": "32", "MinLength": "8", "NoEcho": "true", "Type": "String" }, "DomainAdminUser": { "AllowedPattern": "[a-zA-Z0-9]*", "Default": "StackAdmin", "Description": "User name for the account that will be added as Domain Administrator. This is separate from the default \"Administrator\" account. Note: This user will always default to \"Admin\" when using AWS Directory Service regardless of the value provided.", "MaxLength": "25", "MinLength": "5", "Type": "String" }, "DomainDNSName": { "AllowedPattern": "[a-zA-Z0-9\\-]+\\..+", "Default": "example.com", "Description": "Fully qualified domain name (FQDN) of the forest root domain; e.g., example.com", "MaxLength": "255", "MinLength": "2", "Type": "String" }, "DomainNetBIOSName": { "AllowedPattern": "[a-zA-Z0-9\\-]+", "Default": "example", "Description": "NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Windows; e.g., EXAMPLE", "MaxLength": "15", "MinLength": "1", "Type": "String" }, "HostType": { "AllowedValues": [ "Shared", "Dedicated", "Dedicated Host" ], "Default": "Shared", "Description": "Host Type; if Dedicated or Dedicated Host is selected, hosts will be created in each Availability Zone.", "Type": "String" }, "KeyPairName": { "Description": "Public/private key pairs allow you to securely connect to your instance after it launches.", "Type": "AWS::EC2::KeyPair::KeyName" }, "NumberOfRDGWHosts": { "AllowedValues": [ "1", "2", "3", "4" ], "Default": "1", "Description": "Enter the number of Remote Desktop Gateway hosts to create", "Type": "String" }, "PrivateSubnet1CIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", "Default": "10.0.0.0/19", "Description": "CIDR Block for private subnet 1 located in Availability Zone 1.", "Type": "String" }, "PrivateSubnet2CIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", "Default": "10.0.32.0/19", "Description": "CIDR Block for private subnet 2 located in Availability Zone 2.", "Type": "String" }, "PrivateSubnet3CIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", "Default": "10.0.64.0/19", "Description": "(Optional) CIDR Block for optional private subnet 3 located in Availability Zone 3.", "Type": "String" }, "PublicSubnet1CIDR": { "Default": "10.0.128.0/20", "Description": "CIDR Block for the public DMZ subnet 1 located in Availability Zone 1", "Type": "String" }, "PublicSubnet2CIDR": { "Default": "10.0.144.0/20", "Description": "CIDR Block for the optional public DMZ subnet 2 located in Availability Zone 2", "Type": "String" }, "PublicSubnet3CIDR": { "Default": "10.0.160.0/20", "Description": "(Optional) CIDR Block for the optional public DMZ subnet 3 located in Availability Zone 3", "Type": "String" }, "QSS3BucketName": { "AllowedPattern": "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$", "ConstraintDescription": "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", "Default": "aws-quickstart", "Description": "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", "Type": "String" }, "QSS3KeyPrefix": { "AllowedPattern": "^[0-9a-zA-Z-/]*$", "ConstraintDescription": "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", "Default": "quickstart-microsoft-sql/", "Description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", "Type": "String" }, "RDGWInstanceType": { "AllowedValues": [ "t2.large", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge" ], "Default": "t2.large", "Description": "Amazon EC2 instance type for the Remote Desktop Gateway instances", "Type": "String" }, "RDGWCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", "Description": "Allowed CIDR Block for external access to the Remote Desktop Gateways", "Type": "String" }, "SQLLicenseProvided": { "AllowedValues": [ "yes", "no" ], "Default": "yes", "Description": "License SQL Server from AWS Marketplace", "Type": "String" }, "SQLServerVersion": { "AllowedValues": [ "2017", "2016" ], "Default": "2017", "Description": "Version of SQL Server to install on Failover Cluster Nodes", "Type": "String" }, "SQLServiceAccount": { "AllowedPattern": "[a-zA-Z0-9]*", "Default": "sqlsa", "Description": "User name for the SQL Server Service account. This account is a Domain User.", "MaxLength": "25", "MinLength": "5", "Type": "String" }, "SQLServiceAccountPassword": { "AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*", "Description": "Password for the SQL Service account. Must be at least 8 characters containing letters, numbers, and symbols.", "MaxLength": "32", "MinLength": "8", "NoEcho": "true", "Type": "String" }, "ThirdAZ": { "AllowedValues": [ "no", "witness", "full" ], "Default": "no", "Description": "Enable a three-AZ deployment; the third zone can either be used just for the witness, or it can be a full SQL cluster node. Note that if the witness option is chosen, the WFC File Server Private IP Address parameter must be set to an IP in the third subnet range.", "Type": "String" }, "VolumeIops": { "Default": "1000", "Description": "Provisioned IOPS for the SQL Data, Logs, and TempDb volumes. This parameter is only applicable when SQL Server Volume Type is set to \"io1\".", "MaxValue": "20000", "MinValue": "100", "Type": "Number" }, "VolumeSize": { "Default": "500", "Description": "Volume size for the SQL Data, Logs, and TempDb volumes, in GiB", "MaxValue": "16000", "MinValue": "100", "Type": "Number" }, "VolumeType": { "AllowedValues": [ "gp2", "io1" ], "Default": "gp2", "Description": "Volume type for the SQL Data, Logs, and TempDb volumes", "Type": "String" }, "VPCCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.0.0.0/16", "Description": "CIDR Block for the VPC", "Type": "String" }, "WSFCFileServerInstanceType": { "AllowedValues": [ "t2.small", "t3.small" ], "Default": "t2.small", "Description": "Amazon EC2 instance type for a fileserver used to share install media, witness and replication folders", "Type": "String" }, "WSFCFileServerPrivateIP": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.0.200", "Description": "Primary private IP for the fileserver located in Availability Zone 1", "Type": "String" }, "WSFCNode1NetBIOSName": { "AllowedPattern": "[a-zA-Z0-9\\-]+", "Default": "WSFCNode1", "Description": "NetBIOS name of the first WSFC Node (up to 15 characters)", "MaxLength": "15", "MinLength": "1", "Type": "String" }, "WSFCNode1PrivateIP1": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.0.100", "Description": "Primary private IP for WSFC Node 1", "Type": "String" }, "WSFCNode1PrivateIP2": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.0.101", "Description": "Secondary private IP for WSFC Node 1", "Type": "String" }, "WSFCNode1PrivateIP3": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.0.102", "Description": "Third private IP for WSFC Node 1", "Type": "String" }, "WSFCNode2NetBIOSName": { "AllowedPattern": "[a-zA-Z0-9\\-]+", "Default": "WSFCNode2", "Description": "NetBIOS name of the second WSFC Node (up to 15 characters)", "MaxLength": "15", "MinLength": "1", "Type": "String" }, "WSFCNode2PrivateIP1": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.32.100", "Description": "Primary private IP for WSFC Node 2", "Type": "String" }, "WSFCNode2PrivateIP2": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.32.101", "Description": "Secondary private IP for WSFC Node 2", "Type": "String" }, "WSFCNode2PrivateIP3": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.32.102", "Description": "Third private IP for WSFC Node 2", "Type": "String" }, "WSFCNode3NetBIOSName": { "AllowedPattern": "[a-zA-Z0-9\\-]+", "Default": "WSFCNode3", "Description": "NetBIOS name of the optional third WSFC Node (up to 15 characters)", "MaxLength": "15", "MinLength": "1", "Type": "String" }, "WSFCNode3PrivateIP1": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.64.100", "Description": "Primary private IP for optional WSFC Node 3", "Type": "String" }, "WSFCNode3PrivateIP2": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.64.101", "Description": "Secondary private IP for optional WSFC Node 3", "Type": "String" }, "WSFCNode3PrivateIP3": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "Default": "10.0.64.102", "Description": "Third private IP for optional WSFC Node 3", "Type": "String" }, "WSFCNodeInstanceType": { "AllowedValues": [ "r4.xlarge", "r4.2xlarge", "r4.4xlarge", "r4.8xlarge", "r5.large", "r5.xlarge", "r5.2xlarge", "r5.4xlarge", "r5.12xlarge" ], "ConstraintDescription": "Only EBS Optimized instance types r4.xlarge, r4.2xlarge, r4.4xlarge, r4.8xlarge allowed", "Default": "r4.2xlarge", "Description": "Amazon EC2 instance type for the WSFC Nodes", "Type": "String" } }, "Conditions": { "UseAWSDirectoryServiceEE": { "Fn::Equals": [ { "Ref": "ADScenarioType" }, "AWS Directory Service for Microsoft AD (Enterprise Edition)" ] }, "IsTwoAz": { "Fn::Equals": [ { "Ref": "ThirdAZ" }, "no" ] }, "HostTypeIsDefault": { "Fn::Equals": [ { "Ref": "HostType" }, "Shared" ] }, "CreateDediHosts": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "HostType" }, "Shared" ] } ] }, "HostTypeIsDediHost": { "Fn::Equals": [ { "Ref": "HostType" }, "Dedicated Host" ] }, "GovCloudCondition": { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-gov-west-1" ] } }, "Resources": { "VPCStack": { "Type": "AWS::CloudFormation::Stack", "Properties": { "TemplateURL": { "Fn::Sub": [ "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template", { "QSS3Region": { "Fn::If": [ "GovCloudCondition", "s3-us-gov-west-1", "s3" ] } } ] }, "Parameters": { "AvailabilityZones": { "Fn::Join": [ ",", { "Ref": "AvailabilityZones" } ] }, "KeyPairName": { "Ref": "KeyPairName" }, "NumberOfAZs": { "Fn::If": [ "IsTwoAz", "2", "3" ] }, "PrivateSubnet1ACIDR": { "Ref": "PrivateSubnet1CIDR" }, "PrivateSubnet2ACIDR": { "Ref": "PrivateSubnet2CIDR" }, "PrivateSubnet3ACIDR": { "Fn::If": [ "IsTwoAz", { "Ref": "AWS::NoValue" }, { "Ref": "PrivateSubnet3CIDR" } ] }, "PublicSubnet1CIDR": { "Ref": "PublicSubnet1CIDR" }, "PublicSubnet2CIDR": { "Ref": "PublicSubnet2CIDR" }, "PublicSubnet3CIDR": { "Fn::If": [ "IsTwoAz", { "Ref": "AWS::NoValue" }, { "Ref": "PublicSubnet3CIDR" } ] }, "VPCCIDR": { "Ref": "VPCCIDR" } } } }, "ADStack": { "DependsOn": "VPCStack", "Type": "AWS::CloudFormation::Stack", "Properties": { "TemplateURL": { "Fn::Sub": [ "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-activedirectory/templates/${QSADTemplate}", { "QSS3Region": { "Fn::If": [ "GovCloudCondition", "s3-us-gov-west-1", "s3" ] }, "QSADTemplate": { "Fn::If": [ "UseAWSDirectoryServiceEE", "ad-3.template", "ad-1.template" ] } } ] }, "Parameters": { "Fn::If": [ "UseAWSDirectoryServiceEE", { "DomainAdminPassword": { "Ref": "DomainAdminPassword" }, "DomainDNSName": { "Ref": "DomainDNSName" }, "DomainNetBIOSName": { "Ref": "DomainNetBIOSName" }, "PrivateSubnet1CIDR": { "Ref": "PrivateSubnet1CIDR" }, "PrivateSubnet1ID": { "Fn::GetAtt": [ "VPCStack", "Outputs.PrivateSubnet1AID" ] }, "PrivateSubnet2CIDR": { "Ref": "PrivateSubnet2CIDR" }, "PrivateSubnet2ID": { "Fn::GetAtt": [ "VPCStack", "Outputs.PrivateSubnet2AID" ] }, "PublicSubnet1CIDR": { "Ref": "PublicSubnet1CIDR" }, "PublicSubnet2CIDR": { "Ref": "PublicSubnet2CIDR" }, "QSS3BucketName": { "Ref": "QSS3BucketName" }, "QSS3KeyPrefix": { "Fn::Sub": "${QSS3KeyPrefix}submodules/quickstart-microsoft-activedirectory/" }, "VPCCIDR": { "Ref": "VPCCIDR" }, "VPCID": { "Fn::GetAtt": [ "VPCStack", "Outputs.VPCID" ] } }, { "ADServer1InstanceType": { "Ref": "ADServer1InstanceType" }, "ADServer1NetBIOSName": { "Ref": "ADServer1NetBIOSName" }, "ADServer1PrivateIP": { "Ref": "ADServer1PrivateIP" }, "ADServer2InstanceType": { "Ref": "ADServer2InstanceType" }, "ADServer2NetBIOSName": { "Ref": "ADServer2NetBIOSName" }, "ADServer2PrivateIP": { "Ref": "ADServer2PrivateIP" }, "DomainAdminPassword": { "Ref": "DomainAdminPassword" }, "DomainAdminUser": { "Ref": "DomainAdminUser" }, "DomainDNSName": { "Ref": "DomainDNSName" }, "DomainNetBIOSName": { "Ref": "DomainNetBIOSName" }, "KeyPairName": { "Ref": "KeyPairName" }, "PrivateSubnet1ID": { "Fn::GetAtt": [ "VPCStack", "Outputs.PrivateSubnet1AID" ] }, "PrivateSubnet2ID": { "Fn::GetAtt": [ "VPCStack", "Outputs.PrivateSubnet2AID" ] }, "QSS3BucketName": { "Ref": "QSS3BucketName" }, "QSS3KeyPrefix": { "Fn::Sub": "${QSS3KeyPrefix}submodules/quickstart-microsoft-activedirectory/" }, "VPCCIDR": { "Ref": "VPCCIDR" }, "VPCID": { "Fn::GetAtt": [ "VPCStack", "Outputs.VPCID" ] } } ] } } }, "RDGWStack": { "DependsOn": "ADStack", "Type": "AWS::CloudFormation::Stack", "Properties": { "TemplateURL": { "Fn::Sub": [ "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/templates/rdgw-domain.template", { "QSS3Region": { "Fn::If": [ "GovCloudCondition", "s3-us-gov-west-1", "s3" ] } } ] }, "Parameters": { "DomainAdminPassword": { "Ref": "DomainAdminPassword" }, "DomainAdminUser": { "Fn::If": [ "UseAWSDirectoryServiceEE", "admin", { "Ref": "DomainAdminUser" } ] }, "DomainDNSName": { "Ref": "DomainDNSName" }, "DomainMemberSGID": { "Fn::GetAtt": [ "ADStack", "Outputs.DomainMemberSGID" ] }, "DomainNetBIOSName": { "Ref": "DomainNetBIOSName" }, "KeyPairName": { "Ref": "KeyPairName" }, "NumberOfRDGWHosts": { "Ref": "NumberOfRDGWHosts" }, "PublicSubnet1ID": { "Fn::GetAtt": [ "VPCStack", "Outputs.PublicSubnet1ID" ] }, "PublicSubnet2ID": { "Fn::GetAtt": [ "VPCStack", "Outputs.PublicSubnet2ID" ] }, "QSS3BucketName": { "Ref": "QSS3BucketName" }, "QSS3KeyPrefix": { "Fn::Sub": "${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/" }, "RDGWInstanceType": { "Ref": "RDGWInstanceType" }, "RDGWCIDR": { "Ref": "RDGWCIDR" }, "VPCID": { "Fn::GetAtt": [ "VPCStack", "Outputs.VPCID" ] } } } }, "DediHostStack": { "DependsOn": "VPCStack", "Condition": "CreateDediHosts", "Type": "AWS::CloudFormation::Stack", "Properties": { "TemplateURL": { "Fn::Sub": [ "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}templates/dedicated-hosts.template", { "QSS3Region": { "Fn::If": [ "GovCloudCondition", "s3-us-gov-west-1", "s3" ] } } ] }, "Parameters": { "3rdAZ": { "Fn::If": [ "IsTwoAz", "no", "yes" ] }, "AutoPlacement": { "Fn::If": [ "HostTypeIsDediHost", "off", "on" ] }, "AvailabilityZones": { "Fn::Join": [ ",", { "Ref": "AvailabilityZones" } ] }, "WSFCNodeInstanceType": { "Ref": "WSFCNodeInstanceType" } } } }, "SQLStack": { "DependsOn": "ADStack", "Type": "AWS::CloudFormation::Stack", "Properties": { "TemplateURL": { "Fn::Sub": [ "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}templates/sql.template", { "QSS3Region": { "Fn::If": [ "GovCloudCondition", "s3-us-gov-west-1", "s3" ] } } ] }, "Parameters": { "ADScenarioType": { "Ref": "ADScenarioType" }, "DedicatedHostAMI": { "Ref": "DedicatedHostAMI" }, "DedicatedHostIDNode1": { "Fn::If": [ "CreateDediHosts", { "Fn::GetAtt": [ "DediHostStack", "Outputs.DedicatedHost1" ] }, { "Ref": "AWS::NoValue" } ] }, "DedicatedHostIDNode2": { "Fn::If": [ "CreateDediHosts", { "Fn::GetAtt": [ "DediHostStack", "Outputs.DedicatedHost2" ] }, { "Ref": "AWS::NoValue" } ] }, "DedicatedHostIDNode3": { "Fn::If": [ "IsTwoAz", { "Ref": "AWS::NoValue" }, { "Fn::If": [ "CreateDediHosts", { "Fn::GetAtt": [ "DediHostStack", "Outputs.DedicatedHost1" ] }, { "Ref": "AWS::NoValue" } ] } ] }, "DomainAdminPassword": { "Ref": "DomainAdminPassword" }, "DomainAdminUser": { "Fn::If": [ "UseAWSDirectoryServiceEE", "admin", { "Ref": "DomainAdminUser" } ] }, "DomainDNSName": { "Ref": "DomainDNSName" }, "DomainMemberSGID": { "Fn::GetAtt": [ "ADStack", "Outputs.DomainMemberSGID" ] }, "DomainNetBIOSName": { "Ref": "DomainNetBIOSName" }, "HostType": { "Ref": "HostType" }, "KeyPairName": { "Ref": "KeyPairName" }, "PrivateSubnet1ID": { "Fn::GetAtt": [ "VPCStack", "Outputs.PrivateSubnet1AID" ] }, "PrivateSubnet2ID": { "Fn::GetAtt": [ "VPCStack", "Outputs.PrivateSubnet2AID" ] }, "PrivateSubnet3ID": { "Fn::If": [ "IsTwoAz", { "Ref": "AWS::NoValue" }, { "Fn::GetAtt": [ "VPCStack", "Outputs.PrivateSubnet3AID" ] } ] }, "QSS3BucketName": { "Ref": "QSS3BucketName" }, "QSS3KeyPrefix": { "Ref": "QSS3KeyPrefix" }, "SQLLicenseProvided": { "Ref": "SQLLicenseProvided" }, "SQLServerVersion": { "Ref": "SQLServerVersion" }, "SQLServiceAccount": { "Ref": "SQLServiceAccount" }, "SQLServiceAccountPassword": { "Ref": "SQLServiceAccountPassword" }, "ThirdAZ": { "Ref": "ThirdAZ" }, "VPCID": { "Fn::GetAtt": [ "VPCStack", "Outputs.VPCID" ] }, "Volume1Iops": { "Ref": "VolumeIops" }, "Volume1Size": { "Ref": "VolumeSize" }, "Volume1Type": { "Ref": "VolumeType" }, "Volume2Iops": { "Ref": "VolumeIops" }, "Volume2Size": { "Ref": "VolumeSize" }, "Volume2Type": { "Ref": "VolumeType" }, "Volume3Iops": { "Ref": "VolumeIops" }, "Volume3Size": { "Ref": "VolumeSize" }, "Volume3Type": { "Ref": "VolumeType" }, "WSFCFileServerPrivateIP": { "Ref": "WSFCFileServerPrivateIP" }, "WSFCNode1InstanceType": { "Ref": "WSFCNodeInstanceType" }, "WSFCNode1NetBIOSName": { "Ref": "WSFCNode1NetBIOSName" }, "WSFCNode1PrivateIP1": { "Ref": "WSFCNode1PrivateIP1" }, "WSFCNode1PrivateIP2": { "Ref": "WSFCNode1PrivateIP2" }, "WSFCNode1PrivateIP3": { "Ref": "WSFCNode1PrivateIP3" }, "WSFCNode2InstanceType": { "Ref": "WSFCNodeInstanceType" }, "WSFCNode2NetBIOSName": { "Ref": "WSFCNode2NetBIOSName" }, "WSFCNode2PrivateIP1": { "Ref": "WSFCNode2PrivateIP1" }, "WSFCNode2PrivateIP2": { "Ref": "WSFCNode2PrivateIP2" }, "WSFCNode2PrivateIP3": { "Ref": "WSFCNode2PrivateIP3" }, "WSFCNode3NetBIOSName": { "Ref": "WSFCNode3NetBIOSName" }, "WSFCNode3PrivateIP1": { "Fn::If": [ "IsTwoAz", { "Ref": "AWS::NoValue" }, { "Ref": "WSFCNode3PrivateIP1" } ] }, "WSFCNode3PrivateIP2": { "Fn::If": [ "IsTwoAz", { "Ref": "AWS::NoValue" }, { "Ref": "WSFCNode3PrivateIP2" } ] }, "WSFCNode3PrivateIP3": { "Fn::If": [ "IsTwoAz", { "Ref": "AWS::NoValue" }, { "Ref": "WSFCNode3PrivateIP3" } ] } } } } } }