{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "(000E) - This template deploys two Exchange Server 2013 servers. This template is intended to be installed into an existing VPC that was built using the sample reference architecture titled: \"Implementing Active Directory Domain Services in the AWS Cloud\" **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template.",
"Metadata": {
"AWS::CloudFormation::Interface": {
"ParameterGroups": [
{
"Label": {
"default": "Network Configuration"
},
"Parameters": [
"PrivateSubnet1CIDR",
"PrivateSubnet1ID",
"PrivateSubnet2CIDR",
"PrivateSubnet2ID",
"PublicSubnet1ID",
"PublicSubnet2ID",
"VPCCIDR",
"VPCID"
]
},
{
"Label": {
"default": "Amazon EC2 Configuration"
},
"Parameters": [
"KeyPairName"
]
},
{
"Label": {
"default": "Microsoft Active Directory Configuration"
},
"Parameters": [
"ADServer1NetBIOSName",
"ADServer1PrivateIP",
"ADServer2NetBIOSName",
"ADServer2PrivateIP",
"DomainDNSName",
"DomainNetBIOSName",
"DomainAdminUser",
"DomainAdminPassword",
"DomainMemberSGID"
]
},
{
"Label": {
"default": "Microsoft Exchange Configuration"
},
"Parameters": [
"EXCHInstanceType",
"EXCH1PrivateIP1",
"EXCH1PrivateIP2",
"EXCH2PrivateIP1",
"EXCH2PrivateIP2",
"IncludeEdge",
"EdgeInstanceType"
]
},
{
"Label": {
"default": "AWS Quick Start Configuration"
},
"Parameters": [
"QSS3BucketName",
"QSS3KeyPrefix"
]
}
],
"ParameterLabels": {
"ADServer1NetBIOSName": {
"default": "Domain Controller 1 NetBIOS Name"
},
"ADServer1PrivateIP": {
"default": "Domain Controller 1 Private IP Address"
},
"ADServer2NetBIOSName": {
"default": "Domain Controller 2 NetBIOS Name"
},
"ADServer2PrivateIP": {
"default": "Domain Controller 2 Private IP Address"
},
"DomainAdminPassword": {
"default": "Domain Admin Password"
},
"DomainAdminUser": {
"default": "Domain Admin User Name"
},
"DomainDNSName": {
"default": "Domain DNS Name"
},
"DomainMemberSGID": {
"default": "Security Group ID for AD Domain Members"
},
"DomainNetBIOSName": {
"default": "Domain NetBIOS Name"
},
"EXCH1PrivateIP1": {
"default": "Exchange 1 Private IP"
},
"EXCH1PrivateIP2": {
"default": "Exchange 1 Private IP"
},
"EXCH2PrivateIP1": {
"default": "Exchange 2 Private IP"
},
"EXCH2PrivateIP2": {
"default": "Exchange 2 Private IP"
},
"EXCHInstanceType": {
"default": "Exchange Instance Type"
},
"EdgeInstanceType": {
"default": "Edge Instance Type"
},
"IncludeEdge": {
"default": "Edge Instance Type"
},
"KeyPairName": {
"default": "Key Pair Name"
},
"PrivateSubnet1CIDR": {
"default": "Private Subnet 1 CIDR"
},
"PrivateSubnet1ID": {
"default": "Private Subnet 1 ID"
},
"PrivateSubnet2CIDR": {
"default": "Private Subnet 2 CIDR"
},
"PrivateSubnet2ID": {
"default": "Private Subnet 2 ID"
},
"PublicSubnet1ID": {
"default": "Public Subnet 1 ID"
},
"PublicSubnet2ID": {
"default": "Public Subnet 2 ID"
},
"QSS3BucketName": {
"default": "Quick Start S3 Bucket Name"
},
"QSS3KeyPrefix": {
"default": "Quick Start S3 Key Prefix"
},
"VPCCIDR": {
"default": "VPC CIDR"
},
"VPCID": {
"default": "VPC ID"
}
}
}
},
"Parameters": {
"ADServer1NetBIOSName": {
"AllowedPattern": "[a-zA-Z0-9\\-]+",
"Default": "DC1",
"Description": "NetBIOS name of the existing Domain Controller in AZ1",
"MaxLength": "15",
"MinLength": "1",
"Type": "String"
},
"ADServer1PrivateIP": {
"Default": "10.0.0.10",
"Description": "Fixed private IP for the first existing Active Directory server located in AZ1",
"Type": "String"
},
"ADServer2NetBIOSName": {
"AllowedPattern": "[a-zA-Z0-9\\-]+",
"Default": "DC2",
"Description": "NetBIOS name of the existing Domain Controller in AZ2",
"MaxLength": "15",
"MinLength": "1",
"Type": "String"
},
"ADServer2PrivateIP": {
"Default": "10.0.64.10",
"Description": "Fixed private IP for the second existing Active Directory serverr located in AZ2",
"Type": "String"
},
"DomainAdminPassword": {
"AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
"Description": "Password for the domain admin user. Must be at least 8 characters containing letters, numbers and symbols",
"MaxLength": "32",
"MinLength": "8",
"NoEcho": "true",
"Type": "String"
},
"DomainAdminUser": {
"AllowedPattern": "[a-zA-Z0-9]*",
"Default": "StackAdmin",
"Description": "User name for the account that will be added as Domain Administrator. This is separate from the default \"Administrator\" account",
"MaxLength": "25",
"MinLength": "5",
"Type": "String"
},
"DomainDNSName": {
"AllowedPattern": "[a-zA-Z0-9\\-]+\\..+",
"Default": "example.com",
"Description": "Fully qualified domain name (FQDN) of the forest root domain e.g. corp.example.com",
"MaxLength": "255",
"MinLength": "2",
"Type": "String"
},
"DomainMemberSGID": {
"Description": "ID of the Domain Member Security Group (e.g., sg-7f16e910)",
"Type": "AWS::EC2::SecurityGroup::Id"
},
"DomainNetBIOSName": {
"AllowedPattern": "[a-zA-Z0-9\\-]+",
"Default": "example",
"Description": "NetBIOS name of the domain (upto 15 characters) for users of earlier versions of Windows e.g. CORP",
"MaxLength": "15",
"MinLength": "1",
"Type": "String"
},
"EXCH1PrivateIP1": {
"Default": "10.0.0.150",
"Description": "Primary private IP for the first Exchange Server",
"Type": "String"
},
"EXCH1PrivateIP2": {
"Default": "10.0.0.151",
"Description": "Secondary private IP for the first Exchange Server",
"Type": "String"
},
"EXCH2PrivateIP1": {
"Default": "10.0.64.150",
"Description": "Primary private IP for the second Exchange Server",
"Type": "String"
},
"EXCH2PrivateIP2": {
"Default": "10.0.64.151",
"Description": "Secondary private IP for the second Exchange Server",
"Type": "String"
},
"EXCHInstanceType": {
"AllowedValues": [
"r4.xlarge",
"r4.2xlarge",
"r4.4xlarge"
],
"Default": "r4.xlarge",
"Description": "Amazon EC2 instance type for the Exchange Servers",
"Type": "String"
},
"EdgeInstanceType": {
"AllowedValues": [
"m4.large",
"m4.xlarge",
"m4.2xlarge"
],
"Default": "m4.large",
"Description": "Amazon EC2 instance type for the Exchange Edge Transport Servers",
"Type": "String"
},
"IncludeEdge": {
"AllowedValues": [
"true",
"false"
],
"Default": "false",
"Description": "Set this parameter to true to include Exchange Edge Transport servers in the public subnets",
"Type": "String"
},
"KeyPairName": {
"Description": "Public/private key pairs allow you to securely connect to your instance after it launches",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"PrivateSubnet1CIDR": {
"AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$",
"ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28",
"Default": "10.0.0.0/19",
"Description": "CIDR block for private subnet 1 located in Availability Zone 1.",
"Type": "String"
},
"PrivateSubnet1ID": {
"Description": "ID of the subnet you want to provision the first Exchange Server into (e.g., subnet-a0246dcd)",
"Type": "AWS::EC2::Subnet::Id"
},
"PrivateSubnet2CIDR": {
"AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$",
"ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28",
"Default": "10.0.32.0/19",
"Description": "CIDR block for private subnet 2 located in Availability Zone 2.",
"Type": "String"
},
"PrivateSubnet2ID": {
"Description": "ID of the subnet you want to provision the second Exchange Server into (e.g., subnet-e3246d8e)",
"Type": "AWS::EC2::Subnet::Id"
},
"PublicSubnet1ID": {
"Description": "ID of the public subnet you want to provision the first Edge Server into (e.g., subnet-a0246dcd)",
"Type": "AWS::EC2::Subnet::Id"
},
"PublicSubnet2ID": {
"Description": "ID of the public subnet you want to provision the second Edge Server into (e.g., subnet-e3246d8e)",
"Type": "AWS::EC2::Subnet::Id"
},
"QSS3BucketName": {
"AllowedPattern": "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$",
"ConstraintDescription": "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).",
"Default": "aws-quickstart",
"Description": "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).",
"Type": "String"
},
"QSS3KeyPrefix": {
"AllowedPattern": "^[0-9a-zA-Z-/]*$",
"ConstraintDescription": "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).",
"Default": "quickstart-microsoft-exchange/",
"Description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).",
"Type": "String"
},
"VPCCIDR": {
"AllowedPattern": "[a-zA-Z0-9]+\\..+",
"Default": "10.0.0.0/16",
"Description": "CIDR Block used by the VPC",
"Type": "String"
},
"VPCID": {
"Description": "ID of the VPC (e.g., vpc-0343606e)",
"Type": "AWS::EC2::VPC::Id"
}
},
"Mappings": {
"AWSAMIRegionMap": {
"AMI": {
"WS2012R2": "Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.04.11"
},
"ap-northeast-1": {
"WS2012R2": "ami-84dccef8"
},
"ap-northeast-2": {
"WS2012R2": "ami-67da7409"
},
"ap-northeast-3": {
"WS2012R2": "ami-d1c1cfac"
},
"ap-south-1": {
"WS2012R2": "ami-47b69228"
},
"ap-southeast-1": {
"WS2012R2": "ami-49a78135"
},
"ap-southeast-2": {
"WS2012R2": "ami-a762abc5"
},
"ca-central-1": {
"WS2012R2": "ami-f234b296"
},
"eu-central-1": {
"WS2012R2": "ami-ab520a40"
},
"eu-west-1": {
"WS2012R2": "ami-768dd70f"
},
"eu-west-2": {
"WS2012R2": "ami-25d13142"
},
"eu-west-3": {
"WS2012R2": "ami-bbfb4ac6"
},
"sa-east-1": {
"WS2012R2": "ami-2162334d"
},
"us-east-1": {
"WS2012R2": "ami-bf934bc0"
},
"us-east-2": {
"WS2012R2": "ami-0a84b46f"
},
"us-west-1": {
"WS2012R2": "ami-d0d0c3b0"
},
"us-west-2": {
"WS2012R2": "ami-10375468"
}
}
},
"Conditions": {
"DeployEdge": {
"Fn::Equals": [
{
"Ref": "IncludeEdge"
},
"true"
]
},
"GovCloudCondition": {
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"us-gov-west-1"
]
}
},
"Resources": {
"EXCH1WaitCondition": {
"Type": "AWS::CloudFormation::WaitCondition",
"DependsOn": "EXCH1",
"Properties": {
"Handle": {
"Ref": "EXCH1WaitHandle"
},
"Timeout": "5400"
}
},
"EXCH1WaitHandle": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
"EXCH2WaitCondition": {
"Type": "AWS::CloudFormation::WaitCondition",
"DependsOn": "EXCH2",
"Properties": {
"Handle": {
"Ref": "EXCH2WaitHandle"
},
"Timeout": "9000"
}
},
"EXCH2WaitHandle": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
"EDGE1WaitCondition": {
"Type": "AWS::CloudFormation::WaitCondition",
"Condition": "DeployEdge",
"DependsOn": "EDGE1",
"Properties": {
"Handle": {
"Ref": "EDGE1WaitHandle"
},
"Timeout": "4500"
}
},
"EDGE1WaitHandle": {
"Condition": "DeployEdge",
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
"EDGE2WaitCondition": {
"Type": "AWS::CloudFormation::WaitCondition",
"Condition": "DeployEdge",
"DependsOn": "EDGE2",
"Properties": {
"Handle": {
"Ref": "EDGE2WaitHandle"
},
"Timeout": "4500"
}
},
"EDGE2WaitHandle": {
"Condition": "DeployEdge",
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
"ExchangeHostRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"Policies": [
{
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Resource": {
"Fn::Sub": [
"arn:${Partition}:s3:::${QSS3BucketName}/${QSS3KeyPrefix}*",
{
"Partition": {
"Fn::If": [
"GovCloudCondition",
"aws-us-gov",
"aws"
]
}
}
]
},
"Effect": "Allow"
}
]
},
"PolicyName": "aws-quick-start-s3-policy"
}
],
"Path": "/",
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Effect": "Allow"
}
],
"Version": "2012-10-17"
}
}
},
"ExchangeHostProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Roles": [
{
"Ref": "ExchangeHostRole"
}
],
"Path": "/"
}
},
"EXCH1": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Authentication": {
"S3AccessCreds": {
"type": "S3",
"roleName": {
"Ref": "ExchangeHostRole"
},
"buckets": [
{
"Ref": "QSS3BucketName"
}
]
}
},
"AWS::CloudFormation::Init": {
"configSets": {
"config": [
"setup",
"rename",
"join",
"installexch",
"finalize"
]
},
"setup": {
"files": {
"c:\\cfn\\cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.EXCH1.Metadata.AWS::CloudFormation::Init\n",
"action=cfn-init.exe -v -s ",
{
"Ref": "AWS::StackId"
},
" -r EXCH1",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"C:\\cfn\\modules\\AWSQuickStart.zip": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/modules/AWSQuickStart.zip",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Create-Share.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Create-Share.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Create-Folder.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Create-Folder.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Disable-AutoLogon.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Disable-AutoLogon.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Download-File.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Download-File.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Enable-AutoLogon.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Enable-AutoLogon.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Expand-ExchangeFiles.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Expand-ExchangeFiles.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"c:\\cfn\\scripts\\Install.bat": {
"content": {
"Fn::Join": [
"",
[
"powershell.exe -command c:\\cfn\\scripts\\Install-UcmaRuntime.ps1\n",
"powershell.exe -command c:\\cfn\\scripts\\Install-Exch2013Org.ps1 -InstallPath \\\\",
{
"Ref": "ADServer1NetBIOSName"
},
"\\exchinstall",
"\n",
"powershell.exe -command c:\\cfn\\scripts\\Install-Exch2013.ps1 -InstallPath \\\\",
{
"Ref": "ADServer1NetBIOSName"
},
"\\exchinstall ",
"-Server 1",
"\n"
]
]
}
},
"C:\\cfn\\scripts\\Initialize-ExchangeVolume.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Initialize-ExchangeVolume.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-ExchPreReq.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-ExchPreReq.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-UcmaRuntime.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-UcmaRuntime.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-Exch2013Org.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-Exch2013Org.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-Exch2013.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-Exch2013.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Invoke-ADReplication.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Invoke-ADReplication.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Join-Domain.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Join-Domain.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"c:\\cfn\\downloads\\UcmaRuntimeSetup.exe": {
"source": "http://download.microsoft.com/download/2/C/4/2C47A5C1-A1F3-4843-B9FE-84C0032C61EC/UcmaRuntimeSetup.exe"
},
"C:\\cfn\\scripts\\Unzip-Archive.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Unzip-Archive.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
}
},
"commands": {
"a-set-execution-policy": {
"command": "powershell.exe -command Set-ExecutionPolicy RemoteSigned -Force",
"waitAfterCompletion": "0"
},
"b-unpack-quickstart-module": {
"command": "powershell.exe -command c:\\cfn\\scripts\\Unzip-Archive.ps1 -Source c:\\cfn\\modules\\AWSQuickStart.zip -Destination C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\",
"waitAfterCompletion": "0"
},
"c-create-waithandle": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command \"",
"New-AWSQuickStartWaitHandle -Handle '",
{
"Ref": "EXCH1WaitHandle"
},
"'\""
]
]
},
"waitAfterCompletion": "0"
},
"d-initialize-db-volume": {
"command": "powershell.exe -command c:\\cfn\\scripts\\Initialize-ExchangeVolume.ps1 -DriveLetter d",
"waitAfterCompletion": "0"
}
},
"services": {
"windows": {
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"c:\\cfn\\cfn-hup.conf",
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf"
]
}
}
}
},
"rename": {
"commands": {
"a-execute-powershell-script-RenameComputer": {
"command": "powershell.exe -Command Rename-Computer -NewName EXCH1 -Restart",
"waitAfterCompletion": "forever"
}
}
},
"join": {
"commands": {
"a-set-dns-servers": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses ",
{
"Ref": "ADServer1PrivateIP"
},
",",
{
"Ref": "ADServer2PrivateIP"
},
"\""
]
]
},
"waitAfterCompletion": "30"
},
"b-join-domain": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Join-Domain.ps1 -DomainName ",
{
"Ref": "DomainDNSName"
},
" -UserName ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
}
]
]
},
"waitAfterCompletion": "forever"
}
}
},
"installexch": {
"commands": {
"a-create-folder": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Create-Folder.ps1 -ComputerName ",
{
"Ref": "ADServer1NetBIOSName"
},
" -UserName ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
},
" -FolderName exchinstall"
]
]
},
"waitAfterCompletion": "0"
},
"b-create-share": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Create-Share.ps1 -ComputerName ",
{
"Ref": "ADServer1NetBIOSName"
},
" -UserName ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
},
" -FolderName c:\\exchinstall",
" -ShareName exchinstall"
]
]
},
"waitAfterCompletion": "0"
},
"c-download-exch": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Download-File.ps1 -Source https://download.microsoft.com/download/3/A/4/3A4E9E23-E698-477D-B1E3-CA235CE3DB7C/Exchange2013-x64-cu19.exe",
" -Destination \\\\",
{
"Ref": "ADServer1NetBIOSName"
},
"\\exchinstall\\Exchange2013-x64.exe"
]
]
},
"waitAfterCompletion": "0"
},
"d-expand-exch": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Expand-ExchangeFiles.ps1 -ComputerName ",
{
"Ref": "ADServer1NetBIOSName"
},
" -UserName ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
}
]
]
},
"waitAfterCompletion": "0"
},
"e-install-prereq": {
"command": "powershell.exe -Command c:\\cfn\\scripts\\Install-ExchPreReq.ps1",
"waitAfterCompletion": "forever"
},
"f-enable-autologon": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Enable-AutoLogon.ps1",
" -UserName ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
},
" -StartupScript c:\\cfn\\scripts\\Install.bat"
]
]
},
"waitAfterCompletion": "0"
},
"g-reboot": {
"command": "powershell.exe -command Restart-Computer -Force",
"waitAfterCompletion": "forever"
},
"h-wait": {
"command": "powershell.exe -command Start-Sleep -Seconds 1800",
"waitAfterCompletion": "0"
},
"i-invoke-ad-replication": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Invoke-ADReplication.ps1",
" -UserName ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
},
" -DomainController ",
{
"Ref": "ADServer1NetBIOSName"
}
]
]
},
"waitAfterCompletion": "0"
},
"j-disable-autologon": {
"command": "powershell.exe -command c:\\cfn\\scripts\\Disable-AutoLogon.ps1",
"waitAfterCompletion": "0"
}
}
},
"finalize": {
"commands": {
"a-write-status": {
"command": "powershell.exe -command Write-AWSQuickStartStatus",
"waitAfterCompletion": "0"
}
}
}
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"AWSAMIRegionMap",
{
"Ref": "AWS::Region"
},
"WS2012R2"
]
},
"InstanceType": {
"Ref": "EXCHInstanceType"
},
"IamInstanceProfile": {
"Ref": "ExchangeHostProfile"
},
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "PrivateSubnet1ID"
},
"PrivateIpAddresses": [
{
"Primary": "true",
"PrivateIpAddress": {
"Ref": "EXCH1PrivateIP1"
}
},
{
"Primary": "false",
"PrivateIpAddress": {
"Ref": "EXCH1PrivateIP2"
}
}
],
"GroupSet": [
{
"Ref": "DomainMemberSGID"
},
{
"Ref": "EXCHSecurityGroup"
},
{
"Ref": "EXCHClientSecurityGroup"
}
]
}
],
"Tags": [
{
"Key": "Name",
"Value": "EXCH1"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "300",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvdb",
"VirtualName": "ephemeral0"
},
{
"DeviceName": "/dev/xvdf",
"Ebs": {
"VolumeSize": "1000",
"VolumeType": "gp2"
}
}
],
"KeyName": {
"Ref": "KeyPairName"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
""
]
]
}
}
}
},
"EXCH2": {
"Type": "AWS::EC2::Instance",
"DependsOn": "EXCH1WaitCondition",
"Metadata": {
"AWS::CloudFormation::Authentication": {
"S3AccessCreds": {
"type": "S3",
"roleName": {
"Ref": "ExchangeHostRole"
},
"buckets": [
{
"Ref": "QSS3BucketName"
}
]
}
},
"AWS::CloudFormation::Init": {
"configSets": {
"config": [
"setup",
"rename",
"join",
"installexch",
"finalize"
]
},
"setup": {
"files": {
"c:\\cfn\\cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.EXCH2.Metadata.AWS::CloudFormation::Init\n",
"action=cfn-init.exe -v -s ",
{
"Ref": "AWS::StackId"
},
" -r EXCH2",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"c:\\cfn\\scripts\\Install.bat": {
"content": {
"Fn::Join": [
"",
[
"powershell.exe -command c:\\cfn\\scripts\\Install-UcmaRuntime.ps1\n",
"\n",
"powershell.exe -command c:\\cfn\\scripts\\Install-Exch2013.ps1 -InstallPath \\\\",
{
"Ref": "ADServer1NetBIOSName"
},
"\\exchinstall ",
"-Server 2",
"\n"
]
]
}
},
"C:\\cfn\\modules\\AWSQuickStart.zip": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/modules/AWSQuickStart.zip",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Disable-AutoLogon.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Disable-AutoLogon.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Enable-AutoLogon.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Enable-AutoLogon.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Expand-ExchangeFiles.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Expand-ExchangeFiles.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-Exch2013.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-Exch2013.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Initialize-ExchangeVolume.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Initialize-ExchangeVolume.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-ExchPreReq.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-ExchPreReq.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-UcmaRuntime.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-UcmaRuntime.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Invoke-ADReplication.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Invoke-ADReplication.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Join-Domain.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Join-Domain.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"c:\\cfn\\downloads\\UcmaRuntimeSetup.exe": {
"source": "http://download.microsoft.com/download/2/C/4/2C47A5C1-A1F3-4843-B9FE-84C0032C61EC/UcmaRuntimeSetup.exe"
},
"C:\\cfn\\scripts\\Unzip-Archive.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Unzip-Archive.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
}
},
"commands": {
"a-set-execution-policy": {
"command": "powershell.exe -command Set-ExecutionPolicy RemoteSigned -Force",
"waitAfterCompletion": "0"
},
"b-unpack-quickstart-module": {
"command": "powershell.exe -command c:\\cfn\\scripts\\Unzip-Archive.ps1 -Source c:\\cfn\\modules\\AWSQuickStart.zip -Destination C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\",
"waitAfterCompletion": "0"
},
"c-create-waithandle": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command \"",
"New-AWSQuickStartWaitHandle -Handle '",
{
"Ref": "EXCH2WaitHandle"
},
"'\""
]
]
},
"waitAfterCompletion": "0"
},
"d-initialize-db-volume": {
"command": "powershell.exe -command c:\\cfn\\scripts\\Initialize-ExchangeVolume.ps1 -DriveLetter d",
"waitAfterCompletion": "0"
}
},
"services": {
"windows": {
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"c:\\cfn\\cfn-hup.conf",
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf"
]
}
}
}
},
"rename": {
"commands": {
"a-execute-powershell-script-RenameComputer": {
"command": "powershell.exe -Command Rename-Computer -NewName EXCH2 -Restart",
"waitAfterCompletion": "forever"
}
}
},
"join": {
"commands": {
"a-set-dns-servers": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses ",
{
"Ref": "ADServer1PrivateIP"
},
",",
{
"Ref": "ADServer2PrivateIP"
},
"\""
]
]
},
"waitAfterCompletion": "30"
},
"b-join-domain": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Join-Domain.ps1 -DomainName ",
{
"Ref": "DomainDNSName"
},
" -UserName ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
}
]
]
},
"waitAfterCompletion": "forever"
}
}
},
"installexch": {
"commands": {
"a-install-prereq": {
"command": "powershell.exe -Command c:\\cfn\\scripts\\Install-ExchPreReq.ps1",
"waitAfterCompletion": "forever"
},
"b-enable-autologon": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Enable-AutoLogon.ps1",
" -UserName ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
},
" -StartupScript c:\\cfn\\scripts\\Install.bat"
]
]
},
"waitAfterCompletion": "0"
},
"c-reboot": {
"command": "powershell.exe -command Restart-Computer -Force",
"waitAfterCompletion": "forever"
},
"d-wait": {
"command": "powershell.exe -command Start-Sleep -Seconds 2100",
"waitAfterCompletion": "0"
},
"e-invoke-ad-replication": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Invoke-ADReplication.ps1",
" -UserName ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
},
" -DomainController ",
{
"Ref": "ADServer2NetBIOSName"
}
]
]
},
"waitAfterCompletion": "0"
},
"f-disable-autologon": {
"command": "powershell.exe -command c:\\cfn\\scripts\\Disable-AutoLogon.ps1",
"waitAfterCompletion": "0"
}
}
},
"finalize": {
"commands": {
"a-write-status": {
"command": "powershell.exe -command Write-AWSQuickStartStatus",
"waitAfterCompletion": "0"
}
}
}
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"AWSAMIRegionMap",
{
"Ref": "AWS::Region"
},
"WS2012R2"
]
},
"InstanceType": {
"Ref": "EXCHInstanceType"
},
"IamInstanceProfile": {
"Ref": "ExchangeHostProfile"
},
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "PrivateSubnet2ID"
},
"PrivateIpAddresses": [
{
"Primary": "true",
"PrivateIpAddress": {
"Ref": "EXCH2PrivateIP1"
}
},
{
"Primary": "false",
"PrivateIpAddress": {
"Ref": "EXCH2PrivateIP2"
}
}
],
"GroupSet": [
{
"Ref": "DomainMemberSGID"
},
{
"Ref": "EXCHSecurityGroup"
},
{
"Ref": "EXCHClientSecurityGroup"
}
]
}
],
"Tags": [
{
"Key": "Name",
"Value": "EXCH2"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "300",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvdb",
"VirtualName": "ephemeral0"
},
{
"DeviceName": "/dev/xvdf",
"Ebs": {
"VolumeSize": "1000",
"VolumeType": "gp2"
}
}
],
"KeyName": {
"Ref": "KeyPairName"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
""
]
]
}
}
}
},
"EDGE1": {
"Type": "AWS::EC2::Instance",
"DependsOn": "EXCH1WaitCondition",
"Condition": "DeployEdge",
"Metadata": {
"AWS::CloudFormation::Authentication": {
"S3AccessCreds": {
"type": "S3",
"roleName": {
"Ref": "ExchangeHostRole"
},
"buckets": [
{
"Ref": "QSS3BucketName"
}
]
}
},
"AWS::CloudFormation::Init": {
"configSets": {
"config": [
"setup",
"rename",
"dns",
"installEdge",
"finalize"
]
},
"setup": {
"files": {
"c:\\cfn\\cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.EDGE1.Metadata.AWS::CloudFormation::Init\n",
"action=cfn-init.exe -v -s ",
{
"Ref": "AWS::StackId"
},
" -r EDGE1",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"c:\\cfn\\scripts\\Install.bat": {
"content": {
"Fn::Join": [
"",
[
"powershell.exe -command c:\\cfn\\scripts\\Install-Edge2013.ps1 -InstallPath \\\\",
{
"Ref": "ADServer1PrivateIP"
},
"\\exchinstall ",
" -Username ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
},
"\n",
"powershell.exe -command c:\\cfn\\scripts\\New-EdgeDnsRecord.ps1 -Name EDGE1 -DnsServer ",
{
"Ref": "ADServer1PrivateIP"
},
" -ZoneName ",
{
"Ref": "DomainDNSName"
},
" -Username ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
}
]
]
}
},
"C:\\cfn\\modules\\AWSQuickStart.zip": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/modules/AWSQuickStart.zip",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Disable-AutoLogon.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Disable-AutoLogon.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Enable-AutoLogon.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Enable-AutoLogon.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-EdgePreReq.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-EdgePreReq.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-Edge2013.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-Edge2013.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\New-EdgeDnsRecord.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/New-EdgeDnsRecord.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Set-PrimaryDNSSuffix.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Set-PrimaryDNSSuffix.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Reset-LocalAdminPassword.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Reset-LocalAdminPassword.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Unzip-Archive.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Unzip-Archive.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
}
},
"commands": {
"a-set-execution-policy": {
"command": "powershell.exe -command Set-ExecutionPolicy RemoteSigned -Force",
"waitAfterCompletion": "0"
},
"b-unpack-quickstart-module": {
"command": "powershell.exe -command c:\\cfn\\scripts\\Unzip-Archive.ps1 -Source c:\\cfn\\modules\\AWSQuickStart.zip -Destination C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\",
"waitAfterCompletion": "0"
},
"c-create-waithandle": {
"command": "powershell.exe -command Write-AWSQuickStartStatus",
"waitAfterCompletion": "0"
},
"d-reset-local-admin": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -command C:\\cfn\\scripts\\Reset-LocalAdminPassword.ps1 -password '",
{
"Ref": "DomainAdminPassword"
},
"'"
]
]
},
"waitAfterCompletion": "0"
}
},
"services": {
"windows": {
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"c:\\cfn\\cfn-hup.conf",
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf"
]
}
}
}
},
"rename": {
"commands": {
"a-execute-powershell-script-RenameComputer": {
"command": "powershell.exe -Command Rename-Computer -NewName EDGE1 -Restart",
"waitAfterCompletion": "forever"
},
"b-execute-powershell-script-SetDNSSuffix": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -command \"c:\\cfn\\scripts\\Set-PrimaryDNSSuffix.ps1 -Suffix '",
{
"Ref": "DomainDNSName"
},
"'\""
]
]
},
"waitAfterCompletion": "forever"
}
}
},
"dns": {
"commands": {
"a-set-dns-servers": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses ",
{
"Ref": "ADServer1PrivateIP"
},
",",
{
"Ref": "ADServer2PrivateIP"
},
"\""
]
]
},
"waitAfterCompletion": "30"
}
}
},
"installEdge": {
"commands": {
"a-install-prereq": {
"command": "powershell.exe -Command c:\\cfn\\scripts\\Install-EdgePreReq.ps1",
"waitAfterCompletion": "0"
},
"b-enable-autologon": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Enable-AutoLogon.ps1",
" -UserName edge1\\administrator",
" -Password ",
{
"Ref": "DomainAdminPassword"
},
" -StartupScript c:\\cfn\\scripts\\Install.bat"
]
]
},
"waitAfterCompletion": "0"
},
"c-reboot": {
"command": "powershell.exe -command Restart-Computer -Force",
"waitAfterCompletion": "forever"
},
"d-wait": {
"command": "powershell.exe -command Start-Sleep -Seconds 900",
"waitAfterCompletion": "0"
},
"f-disable-autologon": {
"command": "powershell.exe -command c:\\cfn\\scripts\\Disable-AutoLogon.ps1",
"waitAfterCompletion": "0"
}
}
},
"finalize": {
"commands": {
"a-write-status": {
"command": "powershell.exe -command Write-AWSQuickStartStatus",
"waitAfterCompletion": "0"
}
}
}
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"AWSAMIRegionMap",
{
"Ref": "AWS::Region"
},
"WS2012R2"
]
},
"InstanceType": {
"Ref": "EdgeInstanceType"
},
"IamInstanceProfile": {
"Ref": "ExchangeHostProfile"
},
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "PublicSubnet1ID"
},
"GroupSet": [
{
"Ref": "DomainMemberSGID"
},
{
"Ref": "EXCHEdgeSecurityGroup"
}
]
}
],
"Tags": [
{
"Key": "Name",
"Value": "EDGE1"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "100",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvdb",
"VirtualName": "ephemeral0"
}
],
"KeyName": {
"Ref": "KeyPairName"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
""
]
]
}
}
}
},
"EDGE2": {
"Type": "AWS::EC2::Instance",
"DependsOn": "EXCH1WaitCondition",
"Condition": "DeployEdge",
"Metadata": {
"AWS::CloudFormation::Authentication": {
"S3AccessCreds": {
"type": "S3",
"roleName": {
"Ref": "ExchangeHostRole"
},
"buckets": [
{
"Ref": "QSS3BucketName"
}
]
}
},
"AWS::CloudFormation::Init": {
"configSets": {
"config": [
"setup",
"rename",
"dns",
"installEdge",
"finalize"
]
},
"setup": {
"files": {
"c:\\cfn\\cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.EDGE2.Metadata.AWS::CloudFormation::Init\n",
"action=cfn-init.exe -v -s ",
{
"Ref": "AWS::StackId"
},
" -r EDGE2",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"c:\\cfn\\scripts\\Install.bat": {
"content": {
"Fn::Join": [
"",
[
"powershell.exe -command c:\\cfn\\scripts\\Install-Edge2013.ps1 -InstallPath \\\\",
{
"Ref": "ADServer1PrivateIP"
},
"\\exchinstall ",
" -Username ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
},
"\n",
"powershell.exe -command c:\\cfn\\scripts\\New-EdgeDnsRecord.ps1 -Name EDGE2 -DnsServer ",
{
"Ref": "ADServer1PrivateIP"
},
" -ZoneName ",
{
"Ref": "DomainDNSName"
},
" -Username ",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
" -Password ",
{
"Ref": "DomainAdminPassword"
}
]
]
}
},
"C:\\cfn\\modules\\AWSQuickStart.zip": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/modules/AWSQuickStart.zip",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Disable-AutoLogon.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Disable-AutoLogon.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Enable-AutoLogon.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Enable-AutoLogon.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-EdgePreReq.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-EdgePreReq.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Install-Edge2013.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/Install-Edge2013.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\New-EdgeDnsRecord.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/New-EdgeDnsRecord.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Set-PrimaryDNSSuffix.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Set-PrimaryDNSSuffix.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Reset-LocalAdminPassword.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Reset-LocalAdminPassword.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
},
"C:\\cfn\\scripts\\Unzip-Archive.ps1": {
"source": {
"Fn::Sub": [
"https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Unzip-Archive.ps1",
{
"QSS3Region": {
"Fn::If": [
"GovCloudCondition",
"s3-us-gov-west-1",
"s3"
]
}
}
]
},
"authentication": "S3AccessCreds"
}
},
"commands": {
"a-set-execution-policy": {
"command": "powershell.exe -command Set-ExecutionPolicy RemoteSigned -Force",
"waitAfterCompletion": "0"
},
"b-unpack-quickstart-module": {
"command": "powershell.exe -command c:\\cfn\\scripts\\Unzip-Archive.ps1 -Source c:\\cfn\\modules\\AWSQuickStart.zip -Destination C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\",
"waitAfterCompletion": "0"
},
"c-create-waithandle": {
"command": "powershell.exe -command Write-AWSQuickStartStatus",
"waitAfterCompletion": "0"
},
"d-reset-local-admin": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -command C:\\cfn\\scripts\\Reset-LocalAdminPassword.ps1 -password '",
{
"Ref": "DomainAdminPassword"
},
"'"
]
]
},
"waitAfterCompletion": "0"
}
},
"services": {
"windows": {
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"c:\\cfn\\cfn-hup.conf",
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf"
]
}
}
}
},
"rename": {
"commands": {
"a-execute-powershell-script-RenameComputer": {
"command": "powershell.exe -Command Rename-Computer -NewName EDGE2 -Restart",
"waitAfterCompletion": "forever"
},
"b-execute-powershell-script-SetDNSSuffix": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -command \"c:\\cfn\\scripts\\Set-PrimaryDNSSuffix.ps1 -Suffix '",
{
"Ref": "DomainDNSName"
},
"'\""
]
]
},
"waitAfterCompletion": "forever"
}
}
},
"dns": {
"commands": {
"a-set-dns-servers": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses ",
{
"Ref": "ADServer2PrivateIP"
},
",",
{
"Ref": "ADServer1PrivateIP"
},
"\""
]
]
},
"waitAfterCompletion": "30"
}
}
},
"installEdge": {
"commands": {
"a-install-prereq": {
"command": "powershell.exe -Command c:\\cfn\\scripts\\Install-EdgePreReq.ps1",
"waitAfterCompletion": "0"
},
"b-enable-autologon": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command c:\\cfn\\scripts\\Enable-AutoLogon.ps1",
" -UserName edge1\\administrator",
" -Password ",
{
"Ref": "DomainAdminPassword"
},
" -StartupScript c:\\cfn\\scripts\\Install.bat"
]
]
},
"waitAfterCompletion": "0"
},
"c-reboot": {
"command": "powershell.exe -command Restart-Computer -Force",
"waitAfterCompletion": "forever"
},
"d-wait": {
"command": "powershell.exe -command Start-Sleep -Seconds 900",
"waitAfterCompletion": "0"
},
"f-disable-autologon": {
"command": "powershell.exe -command c:\\cfn\\scripts\\Disable-AutoLogon.ps1",
"waitAfterCompletion": "0"
}
}
},
"finalize": {
"commands": {
"a-write-status": {
"command": "powershell.exe -command Write-AWSQuickStartStatus",
"waitAfterCompletion": "0"
}
}
}
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"AWSAMIRegionMap",
{
"Ref": "AWS::Region"
},
"WS2012R2"
]
},
"InstanceType": {
"Ref": "EdgeInstanceType"
},
"IamInstanceProfile": {
"Ref": "ExchangeHostProfile"
},
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "PublicSubnet2ID"
},
"GroupSet": [
{
"Ref": "DomainMemberSGID"
},
{
"Ref": "EXCHEdgeSecurityGroup"
}
]
}
],
"Tags": [
{
"Key": "Name",
"Value": "EDGE2"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "100",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvdb",
"VirtualName": "ephemeral0"
}
],
"KeyName": {
"Ref": "KeyPairName"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
""
]
]
}
}
}
},
"EdgeEIP": {
"Condition": "DeployEdge",
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"InstanceId": {
"Ref": "EDGE1"
}
}
},
"Edge2EIP": {
"Condition": "DeployEdge",
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"InstanceId": {
"Ref": "EDGE2"
}
}
},
"EXCHSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable communications between Exchange Servers",
"VpcId": {
"Ref": "VPCID"
},
"SecurityGroupIngress": [
{
"IpProtocol": "-1",
"FromPort": "1",
"ToPort": "65535",
"CidrIp": "10.0.2.150/32"
},
{
"IpProtocol": "-1",
"FromPort": "1",
"ToPort": "65535",
"CidrIp": "10.0.2.151/32"
},
{
"IpProtocol": "-1",
"FromPort": "1",
"ToPort": "65535",
"CidrIp": "10.0.2.160/32"
},
{
"IpProtocol": "-1",
"FromPort": "1",
"ToPort": "65535",
"CidrIp": "10.0.2.161/32"
}
]
}
},
"EXCHClientSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable communications from clients to Exchange Servers",
"VpcId": {
"Ref": "VPCID"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": {
"Ref": "VPCCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "VPCCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "143",
"ToPort": "143",
"CidrIp": {
"Ref": "VPCCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "993",
"ToPort": "993",
"CidrIp": {
"Ref": "VPCCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "110",
"ToPort": "110",
"CidrIp": {
"Ref": "VPCCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "995",
"ToPort": "995",
"CidrIp": {
"Ref": "VPCCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "25",
"ToPort": "25",
"CidrIp": {
"Ref": "VPCCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "587",
"ToPort": "587",
"CidrIp": {
"Ref": "VPCCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "5075",
"ToPort": "5077",
"CidrIp": {
"Ref": "VPCCIDR"
}
}
]
}
},
"EXCHEdgeSecurityGroup": {
"Condition": "DeployEdge",
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable communications for Exchange Edge Transport Servers",
"VpcId": {
"Ref": "VPCID"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "50389",
"ToPort": "50389",
"CidrIp": {
"Ref": "PrivateSubnet1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "50389",
"ToPort": "50389",
"CidrIp": {
"Ref": "PrivateSubnet2CIDR"
}
},
{
"IpProtocol": "udp",
"FromPort": "50636",
"ToPort": "50636",
"CidrIp": {
"Ref": "PrivateSubnet1CIDR"
}
},
{
"IpProtocol": "udp",
"FromPort": "50636",
"ToPort": "50636",
"CidrIp": {
"Ref": "PrivateSubnet2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "25",
"ToPort": "25",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "25",
"ToPort": "25",
"CidrIp": "0.0.0.0/0"
}
]
}
}
},
"Outputs": {
"EDGE1ElasticIP": {
"Value": {
"Ref": "EdgeEIP"
},
"Condition": "DeployEdge",
"Description": "Elastic IP address of the Edge Server in AZ1"
}
}
}