--- AWSTemplateFormatVersion: '2010-09-09' Description: 'Master Template for Atlassian Services (qs-1p9o4n3sq)' Metadata: QSLint: Exclusions: [W4002, E3012, E1001, E9101, W9006, W9002, W9003, ERDSDBInstancePubliclyAccessible, EIAMPolicyWildcardResource, ERDSStorageEncryptionEnabled] QuickStartDocumentation: EntrypointName: "Launch into a new VPC" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: ' VPC Network Configuration' Parameters: - AccessCIDR - AvailabilityZones - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - VPCCIDR - Label: default: Bastion host provisioning Parameters: - BastionHostRequired - KeyPairName - Label: default: AWS Quick Start Configuration Parameters: - ExportPrefix - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: AccessCIDR: default: Permitted IP Range AvailabilityZones: default: Availability Zones ExportPrefix: default: ASI identifier KeyPairName: default: SSH Key Pair Name BastionHostRequired: default: Deploy Bastion host PrivateSubnet1CIDR: default: Private Subnet 1 CIDR PrivateSubnet2CIDR: default: Private Subnet 2 CIDR PublicSubnet1CIDR: default: Public Subnet 1 CIDR PublicSubnet2CIDR: default: Public Subnet 2 CIDR QSS3BucketName: default: Quick Start S3 Bucket Name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 Key Prefix VPCCIDR: default: VPC CIDR Parameters: AccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Description: CIDR block allowed to access Atlassian Services. This should be set to a trusted IP range; if you want to give public access use '0.0.0.0/0'. Type: String AvailabilityZones: Description: 'List of Availability Zones to use for the subnets in the VPC. Note: You must specify 2 AZs here; if more are specified only the first 2 will be used.' Type: List ExportPrefix: Default: ATL- Description: Identifier used in all variables exported from this deployment’s Atlassian Standard Infrastructure (VPCID, SubnetIDs, KeyName). Use different identifier to deploy multiple Atlassian Standard Infrastructures in the same AWS region. Quickstarts. Type: String KeyPairName: Description: Public/private EC2 Key Pairs (without file extension) to allow you to securely access the Bastion host. Type: String Default: '' BastionHostRequired: Default: "true" AllowedValues: - "true" - "false" Description: Whether to provision a Bastion host instance; if 'true', then you need to provide an EC2 Key Pair. Type: String PrivateSubnet1CIDR: Default: 10.0.0.0/19 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Description: CIDR block for private subnet 1 located in Availability Zone 1. Type: String PrivateSubnet2CIDR: Default: 10.0.32.0/19 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Description: CIDR block for private subnet 2 located in Availability Zone 2. Type: String PublicSubnet1CIDR: Default: 10.0.128.0/20 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Description: CIDR Block for the public DMZ subnet 1 located in Availability Zone 1. Type: String PublicSubnet2CIDR: Default: 10.0.144.0/20 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Description: CIDR Block for the public DMZ subnet 2 located in Availability Zone 2. Type: String QSS3BucketName: Default: 'aws-quickstart' AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3BucketRegion: Default: '' Type: String Description: The AWS Region where the Quick Start S3 bucket is hosted. Do not update it unless you're using a custom Quick Start S3 bucket. QSS3KeyPrefix: Default: 'quickstart-atlassian-services/' AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String VPCCIDR: Default: 10.0.0.0/16 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Description: CIDR Block for the VPC. Type: String Conditions: GovCloudCondition: !Equals - !Ref 'AWS::Region' - us-gov-west-1 UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] NoBucketRegionSuppliedOrBucketPrefixIsDefault: !Or - !Equals [!Ref QSS3BucketRegion, ''] - !Equals [!Ref QSS3KeyPrefix, 'quickstart-atlassian-services/'] KeyPairProvided: !Not [!Equals [!Ref KeyPairName, '']] ProvisionBastion: !And - !Equals [!Ref BastionHostRequired, true] - !Condition KeyPairProvided Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !If # Maintain backward compatibility for non-region support - NoBucketRegionSuppliedOrBucketPrefixIsDefault - !Sub - https://${QSS3BucketName}.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Region: !If ["GovCloudCondition", "s3-us-gov-west-1", "s3"] - !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' VPCCIDR: !Ref 'VPCCIDR' Tags: # NOTE: The leading COMMIT/TIMESTAMP are used to locate the position to update; see scripts/update-tags.py - Key: "atl:quickstart:commit-id" Value: "COMMIT: ebd2820214350ed6bb34df8cc0f7fadbb3ffa5e2" - Key: "atl:quickstart:timestamp" Value: "TIMESTAMP: 2021-06-09T01:26:03Z" BastionStack: Type: AWS::CloudFormation::Stack Condition: ProvisionBastion Properties: TemplateURL: !If # Maintain backward compatibility for non-region support - NoBucketRegionSuppliedOrBucketPrefixIsDefault - !Sub - https://${QSS3BucketName}.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/quickstart-bastion-for-atlassian-services.yaml - S3Region: !If ["GovCloudCondition", "s3-us-gov-west-1", "s3"] - !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-bastion-for-atlassian-services.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] Parameters: AccessCIDR: !Ref AccessCIDR KeyName: !Ref 'KeyPairName' Subnet: !GetAtt VPCStack.Outputs.PublicSubnet1ID VPC: !GetAtt VPCStack.Outputs.VPCID Outputs: DefaultKey: Condition: KeyPairProvided Description: Default EC2 keypair name Value: !Ref 'KeyPairName' Export: Name: !Sub '${ExportPrefix}DefaultKey' PrivateSubnets: Description: A list of 2 Private subnets Value: !Join [ ',', [ !GetAtt VPCStack.Outputs.PrivateSubnet1AID, !GetAtt VPCStack.Outputs.PrivateSubnet2AID ]] Export: Name: !Sub '${ExportPrefix}PriNets' PublicSubnets: Description: A list of 2 Public subnets Value: !Join [ ',', [ !GetAtt VPCStack.Outputs.PublicSubnet1ID, !GetAtt VPCStack.Outputs.PublicSubnet2ID ]] Export: Name: !Sub '${ExportPrefix}PubNets' VPCID: Description: Atlassian Services VPC ID Value: !GetAtt VPCStack.Outputs.VPCID Export: Name: !Sub '${ExportPrefix}VPCID' BastionPubIp: Condition: ProvisionBastion Description: The Public IP to ssh to the Bastion Value: !GetAtt 'BastionStack.Outputs.BastionPubIp' BastionPrivIp: Condition: ProvisionBastion Description: The Private IP of the Bastion within the VPC Value: !GetAtt 'BastionStack.Outputs.BastionPrivateIp' Export: Name: !Sub '${ExportPrefix}BastionPrivIp' NatGatewayIP1: Description: Public IP for NAT gateway in Private Subnet 1 Value: !GetAtt VPCStack.Outputs.NAT1EIP Export: Name: !Sub '${ExportPrefix}NAT1EIP' NatGatewayIP2: Description: Public IP for NAT gateway in Private Subnet 2 Value: !GetAtt VPCStack.Outputs.NAT2EIP Export: Name: !Sub '${ExportPrefix}NAT2EIP' VpcTemplateURL: Description: The URL used to source the VPC template Value: !If - NoBucketRegionSuppliedOrBucketPrefixIsDefault - !Sub - https://${QSS3BucketName}.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template - S3Region: !If ["GovCloudCondition", "s3-us-gov-west-1", "s3"] - !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/submodules/quickstart-aws-vpc/templates/aws-vpc.template - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] BastionTemplateURL: Description: The URL used to source the Bastion template Value: !If - NoBucketRegionSuppliedOrBucketPrefixIsDefault - !Sub - https://${QSS3BucketName}.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/quickstart-bastion-for-atlassian-services.yaml - S3Region: !If ["GovCloudCondition", "s3-us-gov-west-1", "s3"] - !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-bastion-for-atlassian-services.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]