--- # © Copyright 2021 BMC Software, Inc. or one of its affiliates # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # AWSTemplateFormatVersion: 2010-09-09 Description: >- This template deploys a BMC Track-It! BYOL/90 Day Trial stack into a new VPC. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. License: Apache 2.0 (Please do not remove) Sept,29,2020. BMC Track-It! is licensed separately, please review the terms and conditions here (https://www.bmc.com/about/legal/) for further details. (qs-1r6abo8ti) Metadata: QuickStartDocumentation: EntrypointName: Parameters for deploying into a new VPC Order: 1 LintSpellExclude: - Active - Admin - Application Load Balancer - BMC Client Management - Directory - Domain - Edition - Elastic Load Balancing - Email - Managed - Microsoft - NetBIOS - Route53 Hosted Zone ID - Self-signed - Server - Site - Track-It - Windows - example.com - x.x.x.x/16-28 - (Optional) Enter 'AWS::CloudFormation::Interface': ParameterGroups: - Label: default: Network configuration Parameters: - VPCCIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PrivateSubnet1ACIDR - PrivateSubnet2ACIDR - AvailabilityZones - Label: default: Microsoft Active Directory configuration Parameters: - DSMicrosoftADEdition - DomainDNSName - DomainNetBIOSName - DomainAdminPassword - DomainAdminPasswordConfirm - Label: default: Track-It! server configuration Parameters: - TrackItEnvironmentSize - KeyPairName - TrackItEndUserWebAccessCIDR - OperatorEmail - TrackItInstanceDomainComputerName - TrackItAdminPassword - TrackItAdminPasswordConfirm - TrackItBcmAdminPassword - TrackItBcmAdminPasswordConfirm - Label: default: Track-It! site registered domain configuration Parameters: - Route53HostedZoneId - TrackItSiteDomain - TrackItRealSSLCertificateARN - Label: default: Track-It! site self-signed domain configuration Parameters: - TrackItSelfSignSSLCertificateOptions - TrackItSelfSignSSLCertificateExpiresOn - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: AvailabilityZones: default: Availability Zones DomainAdminPassword: default: Domain administrator account password DomainAdminPasswordConfirm: default: Re-enter the domain administrator account password DomainDNSName: default: Domain DNS name DomainNetBIOSName: default: Domain NetBIOS name DSMicrosoftADEdition: default: AWS Managed Microsoft AD edition KeyPairName: default: Key pair name OperatorEmail: default: Operator email address PrivateSubnet1ACIDR: default: Private subnet 1 CIDR PrivateSubnet2ACIDR: default: Private subnet 2 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket Region QSS3KeyPrefix: default: Quick Start S3 key prefix Route53HostedZoneId: default: Route 53 hosted zone ID TrackItEndUserWebAccessCIDR: default: Track-It! end-user web access permitted IP range TrackItInstanceDomainComputerName: default: Track-It! instance server name TrackItEnvironmentSize: default: Track-It! 'all-in-one' environment size TrackItSiteDomain: default: Track-It! site domain TrackItRealSSLCertificateARN: default: Track-It! SSL certificate ARN TrackItSelfSignSSLCertificateOptions: default: Track-It! self-signed SSL certificate options TrackItSelfSignSSLCertificateExpiresOn: default: Track-It! self-signed SSL certificate expiration date TrackItAdminPassword: default: Track-It! database administrator account password TrackItAdminPasswordConfirm: default: Re-enter Track-It! database administrator account password TrackItBcmAdminPassword: default: BMC Client Management admin account password TrackItBcmAdminPasswordConfirm: default: Re-enter BMC Client Management admin account password VPCCIDR: default: VPC CIDR Parameters: AvailabilityZones: Description: >- Availability Zones to use for the subnets in the VPC. Two Availability Zones are used for this deployment. Type: 'List' DomainAdminPassword: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Mandatory password for the domain administrator account. Must be at least 8 characters containing letters, numbers, and symbols. Make note of the password. You need it to manage the account. MaxLength: '32' MinLength: '8' NoEcho: true Type: String DomainAdminPasswordConfirm: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Confirm the mandatory password for the domain administrator account. Must be at least 8 characters containing letters, numbers, and symbols. Make note of the password. You need it to manage the account. MaxLength: '32' MinLength: '8' NoEcho: true Type: String TrackItAdminPassword: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Mandatory password for the database account (_SMSYSADMIN_) used by Track-It! to connect to the database. Must be at least 8 characters containing letters, numbers, and symbols. Make note of the password. You need it to manage the account. MaxLength: '15' MinLength: '8' NoEcho: true Type: String TrackItAdminPasswordConfirm: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Confirm the mandatory password for the database account (_SMSYSADMIN_) used by Track-It! to connect to the database. Must be at least 8 characters containing letters, numbers, and symbols. Make note of the password. You need it to manage the account. MaxLength: '15' MinLength: '8' NoEcho: true Type: String TrackItBcmAdminPassword: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Mandatory password for the BMC Client Management administrator account. Must be at least 8 characters containing letters, numbers, and symbols. Make note of the password. You need it to manage the account. MaxLength: '15' MinLength: '8' NoEcho: true Type: String TrackItBcmAdminPasswordConfirm: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Confirm the mandatory password for the BMC Client Management administrator account. Must be at least 8 characters containing letters, numbers, and symbols. Make note of the password. You need it to manage the account. MaxLength: '15' MinLength: '8' NoEcho: true Type: String DomainDNSName: AllowedPattern: '[a-zA-Z0-9\-]+\..+' Default: example.internal Description: >- Fully qualified domain name (FQDN) of 2–255 characters, such as example.com. MaxLength: '255' MinLength: '2' Type: String DomainNetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: example Description: >- NetBIOS name of the domain for users of earlier versions of Microsoft Windows (up to 15 characters). MaxLength: '15' Type: String DSMicrosoftADEdition: Type: String Description: >- Edition of AWS Managed Microsoft AD. Standard Edition includes 1GB of storage for objects. Enterprise Edition includes 17GB. The total number of objects supported depends on the types of objects, size of data stored in attributes, and your transaction rates. Add domain controllers to scale your workload. AllowedValues: - Standard - Enterprise Default: Standard KeyPairName: Description: >- Name of an existing EC2 key pair. All EC2 instances launch with this key pair. Type: "AWS::EC2::KeyPair::KeyName" ConstraintDescription: Must be one an existing EC2 key pair. OperatorEmail: AllowedPattern: >- (?i)^None$|([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?) ConstraintDescription: Must be a valid email address. Description: >- (Optional) Email address to receive notifications of events such as database or virtual machine (VM) failures. Type: String Default: None PrivateSubnet1ACIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/19 Description: >- CIDR block for the private subnet 1, located in Availability Zone 1. CIDR block must be in the form x.x.x.x/16-28. Type: String PrivateSubnet2ACIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form *x.x.x.x/16-28*. Default: 10.0.32.0/19 Description: >- CIDR block for the private subnet 2, located in Availability Zone 2. CIDR block must be in the form x.x.x.x/16-28. Type: String PublicSubnet1CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.128.0/20 Description: >- CIDR block for the public subnet 1, located in Availability Zone 1. CIDR block must be in the form x.x.x.x/16-28. Type: String PublicSubnet2CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.144.0/20 Description: >- CIDR block for the public subnet 2, located in Availability Zone 2. CIDR block must be in the form x.x.x.x/16-28. Type: String QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.' Type: String QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). The prefix should end with a forward slash (/). Default: quickstart-bmc-track-it/ Description: S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. Type: String Route53HostedZoneId: Description: >- (Optional) ID of the Route53 hosted zone where the Track-It! site domain DNS record is added. Type: String TrackItEndUserWebAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: Must be a valid IP range in x.x.x.x/x notation. Description: >- CIDR IP range that is permitted to access the Track-It web portal. **Note:** A value of 0.0.0.0/0 allows access from any IP address. Type: String TrackItInstanceDomainComputerName: Description: >- Track-It! instance server name. The default setting is optimal for most use cases. Do not change this setting without understanding the impact of doing so. Type: String Default: TrackIt01 TrackItEnvironmentSize: Description: >- Select a Track-It! environment size based on your average number of active users on a typical work day. Server costs increase with environment size. Type: String AllowedValues: - Small (Up to 5 active technicians) - Medium (Up to 15 active technicians) - Large (More than 15 active technicians) Default: Small (Up to 5 active technicians) TrackItSiteDomain: Type: String Description: >- (Optional) Domain name of the Track-It! site, such as example.com. A valid FQDN is required when using Secure Sockets Layer (SSL) protocol. AllowedPattern: (?!-)[a-zA-Z0-9-.]*(?- (Optional) Amazon Resource Name (ARN) of the SSL certificate used for the Application Load Balancer. TrackItSelfSignSSLCertificateOptions: Type: String Description: (Optional) Self-signed certificate options. Not used if you configure a registered domain. Default: CN=trackit.com;C=US;L=Texas;ST=TX;O=trackit;OU=sales;E=customer_support@bmc.com TrackItSelfSignSSLCertificateExpiresOn: Type: String Description: >- (Optional) Enter an expiration date for the self-signed SSL certificate. Date must be at least one day in the future, in the form YYYY-MM-DD. If left blank, the default expiration date of one year from today applies. Not used if you configure a registered domain. AllowedPattern: ^$|^\d{4}\-(0[1-9]|1[012])\-(0[1-9]|[12][0-9]|3[01])$ ConstraintDescription: >- Expiration date must be empty or a date at least one day in the future, in the form YYYY-MM-DD. VPCCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/16 Description: CIDR block for the VPC. The CIDR block must be in the form x.x.x.x/16-28. Type: String Rules: DomainAdminPasswordsMatchRule: Assertions: - Assert: !Equals - !Ref DomainAdminPassword - !Ref DomainAdminPasswordConfirm AssertDescription: Domain administrator account password values do not match. TrackItAdminPasswordsMatchRule: Assertions: - Assert: !Equals - !Ref TrackItAdminPassword - !Ref TrackItAdminPasswordConfirm AssertDescription: _SMSYSADMIN_ account password values do not match. TrackItBcmAdminPasswordsMatchRule: Assertions: - Assert: !Equals - !Ref TrackItBcmAdminPassword - !Ref TrackItBcmAdminPasswordConfirm AssertDescription: BMC Client Management administrator account password values do not match. TISupportedRegionRule: Assertions: - Assert: !Contains - - af-south-1 # Africa (Cape Town) # - ap-east-1 # Asia Pacific (Hong Kong) # - ap-northeast-1 # Asia Pacific (Tokyo) # - ap-northeast-2 # Asia Pacific (Seoul) # - ap-northeast-3 # Asia Pacific (Osaka) # - ap-south-1 # Asia Pacific (Mumbai) # - ap-southeast-1 # Asia Pacific (Singapore) # - ap-southeast-2 # Asia Pacific (Sydney) - ca-central-1 # Canada (Central) # - cn-north-1 # China (Beijing) # - cn-northwest-1 # China (Ningxia) - eu-central-1 # Europe (Frankfurt) - eu-north-1 # Europe (Stockholm) - eu-south-1 # Europe (Milan) - eu-west-1 # Europe (Ireland) - eu-west-2 # Europe (London) - eu-west-3 # Europe (Paris) # - me-south-1 # Middle East (Bahrain) # - sa-east-1 # South America (Sao Paulo) - us-east-1 # US East (N. Virginia) - us-east-2 # US East (Ohio) # - us-gov-east-1 # AWS GovCloud (US-East) --> GovCloud not supported # - us-gov-west-1 # AWS GovCloud (US-West) --> GovCloud not supported - us-west-1 # US West (N. California) - us-west-2 # US West (Oregon) - !Ref AWS::Region AssertDescription: BMC Software does not support this Quick Start in the chosen Region. For more information, see the list of supported Regions in the deployment guide. Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: VPCStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones KeyPairName: !Ref KeyPairName NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref PrivateSubnet1ACIDR PrivateSubnet2ACIDR: !Ref PrivateSubnet2ACIDR PublicSubnet1CIDR: !Ref PublicSubnet1CIDR PublicSubnet2CIDR: !Ref PublicSubnet2CIDR VPCCIDR: !Ref VPCCIDR DSMicrosoftAD: # See https://aws.amazon.com/blogs/database/integrate-amazon-rds-for-sql-server-db-instances-with-an-existing-active-directory-domain/ Type: 'AWS::DirectoryService::MicrosoftAD' Properties: Edition: !Ref DSMicrosoftADEdition Name: !Ref DomainDNSName ShortName: !Ref DomainNetBIOSName Password: !Ref DomainAdminPassword VpcSettings: VpcId: !GetAtt VPCStack.Outputs.VPCID SubnetIds: - !GetAtt VPCStack.Outputs.PrivateSubnet1AID - !GetAtt VPCStack.Outputs.PrivateSubnet2AID ADDNSInDDHCPOptions: Type: 'AWS::EC2::DHCPOptions' Properties: DomainName: !Ref DomainDNSName DomainNameServers: !GetAtt DSMicrosoftAD.DnsIpAddresses Tags: - Key: Domain Value: !Ref DomainDNSName VPCDHCPOptionsAssociation: Type: 'AWS::EC2::VPCDHCPOptionsAssociation' Properties: VpcId: !GetAtt VPCStack.Outputs.VPCID DhcpOptionsId: !Ref ADDNSInDDHCPOptions VPCDHCPOptionsAssociationCreateWaitHandle: DependsOn: DSMicrosoftAD Type: 'AWS::CloudFormation::WaitConditionHandle' VPCDHCPOptionsAssociationWaitCondition: Type: 'AWS::CloudFormation::WaitCondition' Properties: Handle: !Ref VPCDHCPOptionsAssociationCreateWaitHandle Timeout: '1' Count: 0 DomainMemberSG: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Security group for Windows Domain Member communication SecurityGroupIngress: - Description: Direct-hosted SMB traffic without a (NetBIOS) system IpProtocol: udp FromPort: 445 ToPort: 445 CidrIp: !Ref VPCCIDR - Description: Direct-hosted SMB traffic without a (NetBIOS) system IpProtocol: tcp FromPort: 445 ToPort: 445 CidrIp: !Ref VPCCIDR - Description: Microsoft file sharing SMB IpProtocol: udp FromPort: 135 ToPort: 13955 CidrIp: !Ref VPCCIDR - Description: Microsoft file sharing SMB IpProtocol: tcp FromPort: 135 ToPort: 139 CidrIp: !Ref VPCCIDR - Description: Domain Name System (DNS) IpProtocol: tcp FromPort: 53 ToPort: 53 CidrIp: !Ref VPCCIDR - Description: Domain Name System (DNS) IpProtocol: udp FromPort: 53 ToPort: 53 CidrIp: !Ref VPCCIDR - Description: 'WinRM, Windows PowerShell Default psSession Port' IpProtocol: tcp FromPort: 5985 ToPort: 5985 CidrIp: !Ref VPCCIDR - Description: Windows dynamic TCP ports IpProtocol: tcp FromPort: 49152 ToPort: 65535 CidrIp: !Ref VPCCIDR - Description: Windows dynamic UDP ports IpProtocol: udp FromPort: 49152 ToPort: 65535 CidrIp: !Ref VPCCIDR - Description: nfs communications IpProtocol: tcp FromPort: 2049 ToPort: 2049 CidrIp: !Ref VPCCIDR - Description: nfs communications IpProtocol: udp FromPort: 2049 ToPort: 2049 CidrIp: !Ref VPCCIDR - Description: RPC for nfs communications IpProtocol: tcp FromPort: 111 ToPort: 111 CidrIp: !Ref VPCCIDR - Description: RPC for nfs communications IpProtocol: udp FromPort: 111 ToPort: 111 CidrIp: !Ref VPCCIDR - Description: MFDS IpProtocol: udp FromPort: 86 ToPort: 86 CidrIp: !Ref VPCCIDR - Description: MFDS IpProtocol: tcp FromPort: 86 ToPort: 86 CidrIp: !Ref VPCCIDR - Description: ESCWA IpProtocol: tcp FromPort: 10004 ToPort: 10004 CidrIp: !Ref VPCCIDR - Description: ElastiCache-Redis IpProtocol: tcp FromPort: 6379 ToPort: 6379 CidrIp: !Ref VPCCIDR - Description: ESMAC Ports for the differnet BankDemos IpProtocol: tcp FromPort: 5558 ToPort: 5560 CidrIp: !Ref VPCCIDR VpcId: !GetAtt VPCStack.Outputs.VPCID TrackItWorkloadStack: DependsOn: - VPCDHCPOptionsAssociationWaitCondition Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/bmc-trackit-workload.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: DomainAdminPassword: !Ref DomainAdminPassword DomainAdminPasswordConfirm: !Ref DomainAdminPasswordConfirm TrackItAdminPassword: !Ref TrackItAdminPassword TrackItAdminPasswordConfirm: !Ref TrackItAdminPasswordConfirm TrackItBcmAdminPassword: !Ref TrackItBcmAdminPassword TrackItBcmAdminPasswordConfirm: !Ref TrackItBcmAdminPasswordConfirm DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !Ref DomainMemberSG DomainNetBIOSName: !Ref DomainNetBIOSName KeyPairName: !Ref KeyPairName OperatorEmail: !Ref OperatorEmail PrivateSubnet1AID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix Route53HostedZoneId: !Ref Route53HostedZoneId TrackItEndUserWebAccessCIDR: !Ref TrackItEndUserWebAccessCIDR TrackItInstanceDomainComputerName: !Ref TrackItInstanceDomainComputerName TrackItEnvironmentSize: !Ref TrackItEnvironmentSize TrackItRealSSLCertificateARN: !Ref TrackItRealSSLCertificateARN TrackItSelfSignSSLCertificateOptions: !Ref TrackItSelfSignSSLCertificateOptions TrackItSelfSignSSLCertificateExpiresOn: !Ref TrackItSelfSignSSLCertificateExpiresOn TrackItSiteDomain: !Ref TrackItSiteDomain VPCID: !GetAtt VPCStack.Outputs.VPCID Outputs: # MS Active Directory Service ID DirectoryServiceID: Description: Microsoft directory service ID Value: !Ref DSMicrosoftAD # Track-It! Tech portal Public URL (https/443) TrackItTechnicianPortalPublicURL: Description: Track-It! technician portal public URL (https/443) Value: !GetAtt TrackItWorkloadStack.Outputs.TrackItTechnicianPortalPublicURL # Track-It! Self-service portal Public URL (https/443) TrackItSelfServicePortalPublicURL: Description: Track-It! self-service portal public URL (https/443) Value: !GetAtt TrackItWorkloadStack.Outputs.TrackItSelfServicePortalPublicURL # Track-It! Web API Public URL (https/443) TrackItWebApiPublicURL: Description: Track-It! web API public URL (https/443) Value: !GetAtt TrackItWorkloadStack.Outputs.TrackItWebApiPublicURL # BMC CM Rollout Agent Public URL (tcp/1610) BCMRolloutPublicURL: Description: BMC Client Management rollout agent public URL (tcp/1610) Value: !GetAtt TrackItWorkloadStack.Outputs.BCMRolloutPublicURL # BMC CM Web Console Public URL (tcp/1610) BCMConsolePublicURL: Description: BMC Client Management web console public URL (tcp/1610) Value: !GetAtt TrackItWorkloadStack.Outputs.BCMConsolePublicURL Postdeployment: Description: See the deployment guide for post-deployment steps. Value: https://aws.amazon.com/quickstart/?quickstart-all.sort-by=item.additionalFields.sortDate&quickstart-all.sort-order=desc&awsm.page-quickstart-all=5