--- AWSTemplateFormatVersion: 2010-09-09 Description: Boomi Molecule Installation Script. This creates a VPC, Public Subnets and Private Subnets, and stages a Boomi Molecule cluster. (qs-1q1tds34t) Metadata: QuickStartDocumentation: EntrypointName: "Launch into a new VPC" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: "Network configuration" Parameters: - AvailabilityZones - VPCCIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - RemoteAccessCIDR - Label: default: "Amazon EC2 configuration" Parameters: - KeyPairName - MoleculeEBSVolume - Label: default: "Boomi Molecule node sizing" Parameters: - NodeInstanceType - Label: default: "Boomi Molecule configuration" Parameters: - MoleculeClusterName - MoleculeLocalPath - MoleculeLocalTemp - BoomiAccountID - BoomiUsername - BoomiPassword - BoomiInstallToken - MoleculeSharedDir - LBListenerPort - PrivateALB - DeployALB - Label: default: "Amazon EFS configuration" Parameters: - EFSEncryption - EFSPerformanceMode - EFSThroughputMode - EFSProvisionedThroughput - Label: default: "DNS or SSL configuration" Parameters: - MoleculeFQDN - HostedZoneID - SSLCertificateArn - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: KeyPairName: default: SSH key name PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 key prefix RemoteAccessCIDR: default: Allowed external access CIDR VPCCIDR: default: VPC CIDR BoomiAccountID: default: Boomi account ID BoomiUsername: default: Boomi user name BoomiPassword: default: Boomi password BoomiInstallToken: default: Boomi installer token LBListenerPort: default: Load Balancer listener port NodeInstanceType: default: Molecule node type MoleculeEBSVolume: default: Volume size for Boomi instances MoleculeLocalTemp: default: Molecule local temp directory EFSEncryption: default: EFS encryption EFSPerformanceMode: default: EFS performance mode EFSProvisionedThroughput: default: EFS provisioned throughput EFSThroughputMode: default: EFS throughput mode MoleculeSharedDir: default: Molecule shared directory MoleculeLocalPath: default: Molecule local path MoleculeClusterName: default: Molecule cluster name SSLCertificateArn: default: SSL certificate ARN AvailabilityZones: default: Availability Zones HostedZoneID: default: Route 53 hosted zone ID MoleculeFQDN: default: Molecule FQDN PrivateALB: default: Private ALB DeployALB: default: DeployALB Conditions: GenerateSSL: !And - !Equals [!Ref SSLCertificateArn, ''] - !Not [!Equals [!Ref MoleculeFQDN, '']] UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] ALBInPublicSubnets: !Equals [!Ref PrivateALB, 'false'] Rules: DomainNamePresentWithHostedID: Assertions: - Assert: !Or - !Equals [!Ref HostedZoneID, ''] - !Not [!Equals [!Ref MoleculeFQDN, '']] AssertDescription: "Please specify a 'Domain Name' if you specify 'Route 53 Hosted Zone ID'" GenerateOrProvideSSL: Assertions: - Assert: !Or - !Not [!Equals [!Ref SSLCertificateArn, '']] - !And - !Not [!Equals [!Ref HostedZoneID, '']] - !Not [!Equals [!Ref MoleculeFQDN, '']] AssertDescription: "Using an SSL certificate is enforced. A CertificateArn or a HostedZoneID and MoleculeFQDN must be provided." PasswordOrMFAToken: Assertions: - Assert: !Or - !And - !Equals [!Ref BoomiPassword, ''] - !Not [!Equals [!Ref BoomiInstallToken, '']] - !And - !Not [!Equals [!Ref BoomiPassword, '']] - !Equals [!Ref BoomiInstallToken, ''] AssertionDescription: You must supply either a password *or* an installation token. Parameters: KeyPairName: Description: A public/private key pair, which allows you to connect securely to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: Must be the name of an existing Keyname NodeInstanceType: Description: The Boomi host instance type. Type: String Default: m5.xlarge AllowedValues: - m4.xlarge - m5.xlarge - r4.xlarge - r5.xlarge MoleculeLocalTemp: Description: The local temporary path for the Molecule installation. Type: String Default: /mnt/tmp MoleculeSharedDir: Description: A shared directory for the EFS volume that the Molecules will mount. Type: String Default: /mnt/molecule MoleculeLocalPath: Description: The local Path for the Molecule installation. Type: String Default: /opt/molecule/local/ MoleculeClusterName: Description: The name for your Boomi Molecule cluster. Type: String Default: molecule1 AllowedPattern: "[a-zA-Z0-9_]*" EFSEncryption: Description: EFS volumes can be encrypted. Choose either "true" or "false". Type: String Default: 'true' AllowedValues: - 'true' - 'false' EFSPerformanceMode: Description: The performance mode for the EFS volume. Type: String Default: generalPurpose AllowedValues: - generalPurpose - maxIO EFSProvisionedThroughput: Description: The provisioned throughput value for the EFS volume. Type: Number Default: 10 MaxValue: 1024 ConstraintDescription: "Value must be between 1-1024" EFSThroughputMode: Description: The throughput mode for the EFS volume. Type: String Default: bursting AllowedValues: - provisioned - bursting MoleculeEBSVolume: Description: The size of the Amazon EBS volume attached to the Molecule instances. Size range is 1 GiB - 16 TiB. Type: Number Default: 100 LBListenerPort: Type: String Description: The listener port of the Load Balancer. Default: '9093' VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: The CIDR block for the VPC. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/24 Description: The CIDR block used for the public subnet located in Availability Zone 1. Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.64.0/24 Description: The CIDR block used for the public subnet located in Availability Zone 2. Type: String PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/24 Description: The CIDR block used for the private subnet located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.192.0/24 Description: The CIDR block used for the private subnet located in Availability Zone 2. Type: String AvailabilityZones: Description: List of Availability Zones to use for the subnets in the VPC. This deployment uses two Availability Zones, and the logical order of your selections is preserved. Type: List BoomiUsername: Description: The email account associated with the Boomi account. Type: String BoomiPassword: Description: The password associated with the Boomi account. Type: String NoEcho: true Default: '' BoomiInstallToken: Description: A Boomi Install Token generated from within the AtomSphere console. Type: String NoEcho: true Default: '' BoomiAccountID: Description: The Boomi account ID that you want to associate with the new Molecule cluster. Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3BucketRegion: Default: 'us-east-1' Description: "The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value." Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-boomi-molecule/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String RemoteAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: The CIDR IP range that is permitted to access the instances. We recommend that you set this value to a trusted IP range. Type: String SSLCertificateArn: Description: The ARN of the SSL certificate to use for the load balancer. Use 'SSLCertificateArn' if you are not using 'MoleculeFQDN' and 'HostedZoneID'. Type: String Default: '' HostedZoneID: Description: Route 53 Hosted Zone ID of the domain name. Used in conjunction with a 'MoleculeFQDN'. Type: String MaxLength: 32 Default: '' MoleculeFQDN: Description: The fully qualified domain name for the Boomi Molecule cluster. Use with 'HostedZoneID' if you are not using SSL. Type: String Default: '' PrivateALB: Default: 'false' Description: "The ALB can be placed in the Private subnets. Choose either 'yes' or 'no'" Type: String AllowedValues: - 'true' - 'false' DeployALB: Default: 'true' Description: "Do you wish to deploy the ALB entirely? Choose either 'true' or 'false'" Type: String AllowedValues: - 'true' - 'false' Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: AvailabilityZones: !Join [',', !Ref 'AvailabilityZones'] NumberOfAZs: '2' VPCCIDR: !Ref VPCCIDR PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR PublicSubnet1CIDR: !Ref PublicSubnet1CIDR PublicSubnet2CIDR: !Ref PublicSubnet2CIDR # CreatePublicSubnets: !If # - ALBInPublicSubnets # - 'true' # - 'false' # CreateNATGateways: !If # - ALBInPublicSubnets # - 'true' # - 'false' BastionStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: BastionAMIOS: 'Amazon-Linux2-HVM' KeyPairName: !Ref 'KeyPairName' PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Sub "${QSS3KeyPrefix}submodules/quickstart-linux-bastion/" QSS3BucketRegion: !Ref QSS3BucketRegion RemoteAccessCIDR: !Ref RemoteAccessCIDR VPCID: !GetAtt VPCStack.Outputs.VPCID MoleculeStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/boomi-molecule.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix PublicSubnet1ID: !If - ALBInPublicSubnets - !GetAtt VPCStack.Outputs.PublicSubnet1ID - !Ref AWS::NoValue PublicSubnet2ID: !If - ALBInPublicSubnets - !GetAtt VPCStack.Outputs.PublicSubnet2ID - !Ref AWS::NoValue PrivateSubnet1ID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID PrivateSubnet2ID: !GetAtt VPCStack.Outputs.PrivateSubnet2AID BoomiUsername: !Ref BoomiUsername BoomiPassword: !Ref BoomiPassword BoomiAccountID: !Ref BoomiAccountID BoomiInstallToken: !Ref BoomiInstallToken BastionSecurityGroupID: !If - ALBInPublicSubnets - !GetAtt BastionStack.Outputs.BastionSecurityGroupID - !Ref AWS::NoValue VPCID: !GetAtt VPCStack.Outputs.VPCID KeyPairName: !Ref KeyPairName NodeInstanceType: !Ref NodeInstanceType MoleculeEBSVolume: !Ref MoleculeEBSVolume MoleculeLocalTemp: !Ref MoleculeLocalTemp MoleculeSharedDir: !Ref MoleculeSharedDir MoleculeLocalPath: !Ref MoleculeLocalPath MoleculeClusterName: !Ref MoleculeClusterName EFSEncryption: !Ref EFSEncryption EFSPerformanceMode: !Ref EFSPerformanceMode EFSProvisionedThroughput: !Ref EFSProvisionedThroughput EFSThroughputMode: !Ref EFSThroughputMode LBListenerPort: !Ref LBListenerPort SSLCertificateArn: !If - GenerateSSL - !GetAtt ConfigureSSLStack.Outputs.ACMCertificate - !Ref SSLCertificateArn PrivateALB: !Ref PrivateALB DeployALB: !Ref DeployALB ConfigureSSLStack: Condition: GenerateSSL Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-acm-certificate/templates/quickstart-aws-acm-certificate.template.yml" - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Sub "${QSS3KeyPrefix}submodules/quickstart-aws-acm-certificate/" DomainName: !Ref MoleculeFQDN HostedZoneID: !Ref HostedZoneID