AWSTemplateFormatVersion: 2010-09-09 Description: >- This master template creates a VPC infrastructure for a multi-AZ, multi-tier deployment of TIBCO Data Science on AWS. It deploys a VPC with bastions. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1p2ma2up0) Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: - Label: default: VPC & Bastion configuration Parameters: - AvailabilityZones - AdminConsoleAccessCIDR - BastionAMIOS - BastionInstanceType - Label: default: TIBCO Data Science configuration Parameters: - KeyPairName - TSDSowner - TSDSInstanceName - TSDSInstanceType - TSDSInstancePassword - Label: default: Amazon RDS configuration Parameters: - RDSPassword - DBMultiAZ - Label: default: Amazon EMR configuration Parameters: - EMRMasterInstanceType - EMRCoreInstanceType - EMRClusterName - EMRCoreNodes - EMRLogBucket - Label: default: TIBCO Data Science Site Domain configuration (Optional) Parameters: - TSDSSiteDomain - ALBSSLCertificateARN - Route53HostedZoneId - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3KeyPrefix ParameterLabels: TSDSInstancePassword: default: TDS siteadmin password RDSPassword: default: RDS database password DBMultiAZ: default: Multi-AZ database EMRClusterName: default: EMR cluster name EMRCoreInstanceType: default: EMR core instance type EMRCoreNodes: default: EMR core nodes EMRLogBucket: default: EMR logs bucket name EMRMasterInstanceType: default: EMR master instance type AdminConsoleAccessCIDR: default: Allowed external access CIDR AvailabilityZones: default: Availability Zones BastionAMIOS: default: Bastion AMI Operating System BastionInstanceType: default: Bastion instance type TSDSowner: default: TDS instance owner TSDSInstanceName: default: TDS instance name TSDSInstanceType: default: TDS instance type KeyPairName: default: Key pair name QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix TSDSSiteDomain: default: TDS Site domain ALBSSLCertificateARN: default: ALB SSL certificate ARN Route53HostedZoneId: default: Route 53 hosted zone ID Parameters: TSDSInstancePassword: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* ConstraintDescription: >- Must be 8 characters or more containing at least one uppercase letter, one lowercase letter, and one number. Description: >- The password for the siteadmin user to access the TIBCO Data Science web console. Must be 8 characters or more containing at least one uppercase letter, one lowercase letter and one number. It can use any printable ASCII characters (ASCII code 33 to 126) except ' (single quote), " (double quote) , \, /, @, or space. MaxLength: '16' MinLength: '8' NoEcho: 'true' Type: String ALBSSLCertificateARN: Default: '' Description: '(Optional) The Amazon Resource Name (ARN) of the SSL certificate to be used for the Application Load Balancer.' Type: String Route53HostedZoneId: Description: '(Optional) The Route53 hosted zone ID where the DNS record for TIBCO Data Science site domain will be added.' Type: String Default: '' TSDSSiteDomain: Description: '(Optional) The domain name of the TIBCO Data Science site; e.g. example.com. A valid Fully Qualified Domain Name is required when using SSL.' AllowedPattern: (?!-)[a-zA-Z0-9-.]*(?- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* ConstraintDescription: >- Must be 8 characters or more containing at least one uppercase letter, one lowercase letter, and one number. Description: >- Database password for Amazon RDS Aurora database. Must be 8 characters or more containing at least one uppercase letter, one lowercase letter and one number. It can use any printable ASCII characters (ASCII code 33 to 126) except ' (single quote), " (double quote) , \, /, @, or space. MaxLength: '16' MinLength: '8' NoEcho: 'true' Type: String DBMultiAZ: AllowedValues: - 'true' - 'false' Default: 'true' Description: Specifies that the database instance is a multiple Availability Zone deployment. Type: String EMRClusterName: Description: The name for your EMR cluster. Type: String EMRCoreInstanceType: AllowedValues: - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.10xlarge Default: m4.xlarge Description: The instance type for the EMR core nodes. Type: String EMRCoreNodes: Description: The number of core nodes. The minimum is 1; the maximum is 500. Default: '1' MaxValue: '500' MinValue: '1' Type: Number EMRLogBucket: Description: '(Optional) The name of a pre-existing S3 bucket for the EMR logs.' Default: '' Type: String EMRMasterInstanceType: AllowedValues: - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.10xlarge Default: m4.xlarge Description: The instance type for the EMR master node. Type: String AdminConsoleAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: The CIDR IP range that is permitted to access the TIBCO Data Science web console via the Application Load Balancer. We recommend that you set this value to a trusted IP range. Type: String AvailabilityZones: Description: >- List of Availability Zones to use for the subnets in the VPC. Only two Availability Zones are used for this deployment, and the logical order of your selections is preserved. Type: 'List' BastionAMIOS: AllowedValues: - Amazon-Linux-HVM - CentOS-7-HVM - Ubuntu-Server-14.04-LTS-HVM - Ubuntu-Server-16.04-LTS-HVM Default: Amazon-Linux-HVM Description: The Linux distribution for the AMI to be used for the bastion instances. Type: String BastionInstanceType: AllowedValues: - t2.nano - t2.micro - t2.small - t2.medium - t2.large - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m3.large - m3.xlarge - m3.2xlarge Default: t2.micro Description: Amazon EC2 instance type for the bastion instances. Type: String KeyPairName: Description: >- The name of an existing public/private key pair, which allows you to securely connect to your instance after it launches. Type: 'AWS::EC2::KeyPair::KeyName' TSDSInstanceType: AllowedValues: - m5.2xlarge - m5.4xlarge ConstraintDescription: Must contain valid instance type Default: m5.2xlarge Description: The type of EC2 instance for the TIBCO Data Science 6.4 AMI. Type: String TSDSInstanceName: Description: The name for the TIBCO Data Science instance that is deployed to EC2. Type: String Default: TIBCO-DS TSDSowner: Description: The Owner tag for the TIBCO Data Science instance. Default: tibco-ds-owner Type: String QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: >- Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: >- S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: >- Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-tibco-data-science/ Description: >- S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String Rules: KeyPairsNotEmpty: Assertions: - Assert: !Not - Fn::EachMemberEquals: - Fn::RefAll: AWS::EC2::KeyPair::KeyName - '' AssertDescription: All key pair parameters must not be empty EFSSupportedRegionRule: Assertions: - Assert: Fn::Contains: - - us-east-1 - us-east-2 - us-west-2 - us-west-1 - eu-west-1 - ap-southeast-2 - ap-southeast-1 - ap-northeast-1 - ap-northeast-2 - eu-central-1 - !Ref AWS::Region AssertDescription: This Quick Start utilizes Amazon EFS which is only available in the us-east-1 (N. Virginia), us-east-2 (Ohio), us-west-1 (N. California), us-west-2 (Oregon), eu-west-1 (Ireland), eu-central-1 (Frankfurt), ap-northeast-1 (Tokyo), ap-northeast-2 (Seoul), and ap-southeast-2 (Sydney) regions. Please launch the stack in one of these regions Resources: VPCStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub >- https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template Parameters: AvailabilityZones: Fn::Join: - ',' - Ref: AvailabilityZones KeyPairName: !Ref KeyPairName NumberOfAZs: '2' BastionStack: DependsOn: VPCStack Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub >- https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template Parameters: BastionAMIOS: !Ref BastionAMIOS BastionInstanceType: !Ref BastionInstanceType KeyPairName: !Ref KeyPairName PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-linux-bastion/' RemoteAccessCIDR: !Ref AdminConsoleAccessCIDR VPCID: !GetAtt VPCStack.Outputs.VPCID TSDSStack: DependsOn: - VPCStack - BastionStack Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub >- https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/tibco-data-science.yaml Parameters: AdminConsoleAccessCIDR: !Ref AdminConsoleAccessCIDR BastionSecurityGroupID: !GetAtt BastionStack.Outputs.BastionSecurityGroupID KeyPairName: !Ref KeyPairName TSDSInstanceName: !Ref TSDSInstanceName TSDSowner: !Ref TSDSowner TSDSInstanceType: !Ref TSDSInstanceType PrivateSubnet1ID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID PrivateSubnet2ID: !GetAtt VPCStack.Outputs.PrivateSubnet2AID PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID VPCID: !GetAtt VPCStack.Outputs.VPCID QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix EMRMasterInstanceType: !Ref EMRMasterInstanceType EMRCoreInstanceType: !Ref EMRCoreInstanceType EMRClusterName: !Ref EMRClusterName EMRCoreNodes: !Ref EMRCoreNodes EMRLogBucket: !Ref EMRLogBucket RDSPassword: !Ref RDSPassword DBMultiAZ: !Ref DBMultiAZ ALBSSLCertificateARN: !Ref ALBSSLCertificateARN Route53HostedZoneId: !Ref Route53HostedZoneId TSDSSiteDomain: !Ref TSDSSiteDomain TSDSInstancePassword: !Ref TSDSInstancePassword Outputs: BastionSSH: Description: SSH command for accessing bastion with SSH agent forwarding enabled. Remove .pem if needed Value: !Sub 'ssh -i ~/.ssh/${KeyPairName}.pem -A ec2-user@${BastionStack.Outputs.EIP1}' TDSWebConsoleURL: Description: URL to connect to TDS Web Console Value: !GetAtt TSDSStack.Outputs.TDSWebConsoleURL TDSConfigurationLogs: Description: TDS Configuration Log Location Value: !GetAtt TSDSStack.Outputs.TDSConfigurationLogs EMRPublicDNS: Description: EMR DNS used to connect TDS to EMR Cluster Value: !GetAtt TSDSStack.Outputs.EMRPublicDNS EMRHiveURL: Description: EMR Hive thrift URL Value: !GetAtt TSDSStack.Outputs.EMRHiveURL