AWSTemplateFormatVersion: 2010-09-09 Description: This main template creates a VPC infrastructure for a multi-AZ, multi-tier deployment of Autodesk Forge on AWS. It deploys a VPC with bastions and a Forge cluster behind an ALB. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1q4sbh1su) Metadata: LintSpellExclude: - Application - Autodesk - Balancer - Forge - Load cfn-lint: config: ignore_checks: - W9006 # temporary to get rid of warnings AWS::CloudFormation::Interface: ParameterGroups: - Label: default: VPC network configuration Parameters: - AvailabilityZones - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - RemoteAccessCIDR - Label: default: Bastion host configuration Parameters: - KeyPairName - BastionAMIOS - BastionInstanceType - Label: default: BIM 360 integration nodes configuration Parameters: - NodeInstanceType - NodesMinSize - NodesMaxSize - NodesDesiredCapacity - OperatorEmail - Label: default: BIM 360 integration application runtime configuration Parameters: - ApplicationRuntime - Label: default: Autodesk Forge credentials Parameters: - ForgeClientId - ForgeClientSecret - ForgeCallbackUrl - Label: default: "[Optional] BIM 360 integration site domain configuration" Parameters: - SiteDomain - ALBSSLCertificateARN - Route53HostedZoneId - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: AvailabilityZones: default: Availability Zones BastionAMIOS: default: Bastion AMI operating system BastionInstanceType: default: Bastion instance type KeyPairName: default: Key pair name OperatorEmail: default: Operator email ApplicationRuntime: default: BIM 360 integration application runtime ForgeClientId: default: Forge client ID ForgeClientSecret: default: Forge client secret PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR QSS3BucketName: default: Quick Start S3 Bucket Name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 Key Prefix RemoteAccessCIDR: default: Allowed external access CIDR VPCCIDR: default: VPC CIDR NodeInstanceType: default: BIM 360 integration nodes instance type NodesDesiredCapacity: default: BIM 360 integration nodes desired capacity NodesMaxSize: default: BIM 360 integration nodes max size NodesMinSize: default: BIM 360 integration nodes min size SiteDomain: default: BIM 360 integration site domain ForgeCallbackUrl: default: Forge callback URL ALBSSLCertificateARN: default: ALB SSL certificate ARN Route53HostedZoneId: default: Route 53 hosted zone ID Parameters: ALBSSLCertificateARN: Default: "" Description: "[Optional] The ARN of the SSL certificate to be used for the Application Load Balancer." Type: String AvailabilityZones: Description: The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify. Type: List BastionAMIOS: AllowedValues: - Amazon-Linux2-HVM - CentOS-7-HVM - Ubuntu-Server-20.04-LTS-HVM - SUSE-SLES-15-HVM Default: Amazon-Linux2-HVM Description: The Linux distribution for the AMI to be used for the bastion instances. Type: String BastionInstanceType: AllowedValues: - t2.nano - t2.micro - t2.small - t2.medium - t2.large Default: t2.micro Description: Amazon EC2 instance type for the bastion instances. Type: String KeyPairName: Description: The name of an existing public/private key pair, which allows you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName OperatorEmail: AllowedPattern: ([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?) ConstraintDescription: Must be a valid email address. Description: Email address that notifications of any scaling operations will be sent to. Type: String ApplicationRuntime: AllowedValues: - Node.js - .NET Core Default: Node.js Description: Defines what kind of server-side BIM 360 integration application you will be deploying Type: String ForgeClientId: ConstraintDescription: Input your Forge Client ID Description: The client ID of your Forge application. You can obtain it on the Forge Developer Platform at https://developer.autodesk.com/myapps. NoEcho: "True" Type: String ForgeClientSecret: ConstraintDescription: Input your Forge Client Secret Description: The client secret of your Forge application. You can obtain it on the Forge Developer Platform at https://developer.autodesk.com/myapps. NoEcho: "True" Type: String PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Description: The CIDR block for the private subnet located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Description: The CIDR block for the private subnet located in Availability Zone 2. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/20 Description: The CIDR block for the public (DMZ) subnet located in Availability Zone 1. Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.144.0/20 Description: The CIDR block for the public (DMZ) subnet located in Availability Zone 2. Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen(-). Default: aws-quickstart Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3BucketRegion: Default: "us-east-1" Description: "The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value." Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-bim360-integration/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String RemoteAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: The CIDR IP range that is permitted to access the bastions and BIM 360 integration application. We recommend that you set this value to a trusted IP range. Type: String Route53HostedZoneId: Description: "[Optional] Route53 Hosted Zone ID where DNS record for Forge Site Domain will be added." Type: String Default: "" VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: The CIDR block for the VPC. Type: String NodeInstanceType: AllowedValues: - t2.nano - t2.micro - t2.small - t2.medium - t2.large - t2.xlarge - t2.2xlarge - t3.nano - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge ConstraintDescription: Must contain valid instance type Default: t3.large Description: Amazon EC2 instance type for the BIM 360 integration instances. Type: String NodesDesiredCapacity: Default: "2" Description: The desired capacity for BIM 360 integration nodes in the Auto Scaling group. Type: String NodesMaxSize: Default: "4" Description: The maximum number of BIM 360 integration nodes in the Auto Scaling group. Type: String NodesMinSize: Default: "2" Description: The minimum number of BIM 360 integration nodes in the Auto Scaling group. Type: String SiteDomain: Description: "[Optional] Domain name of the BIM 360 integration site. e.g. example.com. Valid FQDN required when using SSL." AllowedPattern: (?!-)[a-zA-Z0-9-.]*(?/api/forge/callback/oauth). You can obtain it on the Forge Developer Platform at https://developer.autodesk.com/myapps. If you don't have one, you must modify the value in the Forge portal with the ForgeCallbackURL output after." ConstraintDescription: Must be a valid fully-qualified callback url. Type: String Default: "" Rules: KeyPairsNotEmpty: Assertions: - Assert: Fn::Not: - Fn::EachMemberEquals: - Fn::RefAll: AWS::EC2::KeyPair::KeyName - "" AssertDescription: All key pair parameters must not be empty SubnetsInVPC: Assertions: - Assert: Fn::EachMemberIn: - Fn::ValueOfAll: - AWS::EC2::Subnet::Id - VpcId - Fn::RefAll: AWS::EC2::VPC::Id AssertDescription: All subnets must in the VPC SslAndRoute53Rule: RuleCondition: Fn::Or: - Fn::Not: - Fn::Equals: - Ref: ALBSSLCertificateARN - "" - Fn::Not: - Fn::Equals: - Ref: Route53HostedZoneId - "" Assertions: - Assert: Fn::Not: - Fn::Equals: - Ref: SiteDomain - "" AssertDescription: Parameter SiteDomain cannot be empty and must provide FQDN e.g. example.com, when ALBSSLCertificateARN or Route53HostedZoneId values are provided. T3InstanceSupportedRegionRule: Assertions: - Assert: Fn::Not: - Fn::And: - Fn::Contains: - - ap-northeast-2 - ap-northeast-3 - ap-south-1 - eu-west-3 - Ref: AWS::Region - Fn::Contains: - - t3.nano - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - Ref: NodeInstanceType AssertDescription: T3 instances are not supported in Seoul (ap-northeast-2), Osaka-Local (ap-northeast-3), Mumbai (ap-south-1) and Paris (eu-west-3) regions. Please launch the stack with another instance type. TwoAZsRequiredRegionRule: Assertions: - Assert: Fn::Not: - Fn::Contains: - - ap-northeast-3 - Ref: AWS::Region AssertDescription: This Quick Start requires two Availability Zones and not supported in Osaka-Local (ap-northeast-3) region. Please launch the stack in another region to continue. Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, "aws-quickstart"] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml" - S3Region: !If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion] S3Bucket: !If [ UsingDefaultBucket, !Sub "${QSS3BucketName}-${AWS::Region}", !Ref QSS3BucketName, ] Parameters: AvailabilityZones: Fn::Join: - "," - Ref: AvailabilityZones NumberOfAZs: "2" PrivateSubnet1ACIDR: Ref: PrivateSubnet1CIDR PrivateSubnet2ACIDR: Ref: PrivateSubnet2CIDR PublicSubnet1CIDR: Ref: PublicSubnet1CIDR PublicSubnet2CIDR: Ref: PublicSubnet2CIDR VPCCIDR: Ref: VPCCIDR BastionStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template" - S3Region: !If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion] S3Bucket: !If [ UsingDefaultBucket, !Sub "${QSS3BucketName}-${AWS::Region}", !Ref QSS3BucketName, ] Parameters: BastionAMIOS: Ref: BastionAMIOS BastionInstanceType: Ref: BastionInstanceType KeyPairName: Ref: KeyPairName PublicSubnet1ID: Fn::GetAtt: - VPCStack - Outputs.PublicSubnet1ID PublicSubnet2ID: Fn::GetAtt: - VPCStack - Outputs.PublicSubnet2ID QSS3BucketName: Ref: QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: Fn::Sub: ${QSS3KeyPrefix}submodules/quickstart-linux-bastion/ RemoteAccessCIDR: Ref: RemoteAccessCIDR VPCID: Fn::GetAtt: - VPCStack - Outputs.VPCID BIM360IntegrationStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/autodesk-forge-bim360.template.yaml" - S3Region: !If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion] S3Bucket: !If [ UsingDefaultBucket, !Sub "${QSS3BucketName}-${AWS::Region}", !Ref QSS3BucketName, ] Parameters: NodeInstanceType: Ref: NodeInstanceType NodesDesiredCapacity: Ref: NodesDesiredCapacity NodesMaxSize: Ref: NodesMaxSize NodesMinSize: Ref: NodesMinSize BastionSecurityGroupID: Fn::GetAtt: - BastionStack - Outputs.BastionSecurityGroupID KeyPairName: Ref: KeyPairName OperatorEmail: Ref: OperatorEmail ApplicationRuntime: Ref: ApplicationRuntime ForgeClientId: Ref: ForgeClientId ForgeClientSecret: Ref: ForgeClientSecret PrivateSubnet1ID: Fn::GetAtt: - VPCStack - Outputs.PrivateSubnet1AID PrivateSubnet2ID: Fn::GetAtt: - VPCStack - Outputs.PrivateSubnet2AID PublicSubnet1ID: Fn::GetAtt: - VPCStack - Outputs.PublicSubnet1ID PublicSubnet2ID: Fn::GetAtt: - VPCStack - Outputs.PublicSubnet2ID RemoteAccessCIDR: Ref: RemoteAccessCIDR QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix ALBSSLCertificateARN: Ref: ALBSSLCertificateARN Route53HostedZoneId: Ref: Route53HostedZoneId SiteDomain: Ref: SiteDomain ForgeCallbackUrl: Ref: ForgeCallbackUrl VPCID: Fn::GetAtt: - VPCStack - Outputs.VPCID Outputs: ALBDNSName: Value: Fn::GetAtt: - BIM360IntegrationStack - Outputs.ALBDNSName Description: ALB DNS Name BIM360IntegrationAppURL: Value: Fn::GetAtt: - BIM360IntegrationStack - Outputs.BIM360IntegrationAppURL Description: BIM 360 integration application URL ForgeCallbackURL: Value: Fn::GetAtt: - BIM360IntegrationStack - Outputs.ForgeCallbackURL Description: Forge Callback URL ForgeCallbackURLParameter: Value: Fn::GetAtt: - BIM360IntegrationStack - Outputs.ForgeCallbackURLParameter Description: Forge Callback URL SSM Parameter