AWSTemplateFormatVersion: 2010-09-09 Description: Main stack that creates all required nested stacks for the Quick Start (qs-1r9regld0) Metadata: QuickStartDocumentation: EntrypointName: "Parameters for launching into a new VPC" Order: "1" "AWS::CloudFormation::Interface": ParameterGroups: - Label: default: Environment details Parameters: - ENVName - Label: default: VPC network configuration for SageMaker Parameters: - VPCCIDR - Subnet1CidrBlock - Subnet2CidrBlock - Label: default: ECR repository details Parameters: - ECRRepositoryName - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion - Label: default: Access to Service Catalog for launching SageMaker Parameters: - EnableIAMGroup - Label: default: '(Optional) Enable SageMaker launch from main template' Parameters: - SageMakerLaunch - Label: default: SageMaker notebook configuration Parameters: - NotebookInstanceName - NotebookInstanceType - DirectInternetAccess - RootAccess - VolumeSizeInGB - Label: default: Push code from S3 bucket to SageMaker Parameters: - S3CodePusher - CodeBucketName - Label: default: Access to SageMaker notebook Parameters: - IAMGroup - Label: default: Project detail Parameters: - ProjectName - ProjectID ParameterLabels: VPCCIDR: default: VPC CIDR block Subnet1CidrBlock: default: Resource subnet CIDR block Subnet2CidrBlock: default: ENI subnet CIDR block ECRRepositoryName: default: ECR repository name EnableIAMGroup: default: (Optional) Enable the IAM group accessing the Service Catalog ENVName: default: Environment name QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix QSS3BucketRegion: default: Quick Start S3 bucket Region SageMakerLaunch: default: Deploy SageMaker DirectInternetAccess: default: Default internet access NotebookInstanceName: default: Notebook instance name NotebookInstanceType: default: Notebook instance type ProjectName: default: Project suffix RootAccess: default: Root access VolumeSizeInGB: default: Volume size for the SageMaker notebook ProjectID: default: SageMaker project ID IAMGroup: default: Enable IAM group access for SageMaker notebook CodeBucketName: default: Code bucket name S3CodePusher: default: Code to push from S3 Parameters: ENVName: Description: Infrastructure naming convention for SageMaker with guardrails. Type: String Default: QuickStart VPCCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/16 Description: CIDR block for the VPC. Type: String ECRRepositoryName: AllowedPattern: '(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*' ConstraintDescription: >- ECR repository name must contain only lowercase letters, numbers, or the following characters (/,-,_,.). Description: ECR repository name. Type: String Default: quickstart-repository Subnet1CidrBlock: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Description: CIDR for subnet 1. Type: String Default: 10.0.1.0/24 Subnet2CidrBlock: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Description: CIDR for subnet 2. Type: String Default: 10.0.2.0/24 QSS3BucketName: AllowedPattern: "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$" ConstraintDescription: >- The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. Type: String Default: aws-quickstart QSS3KeyPrefix: AllowedPattern: "^[0-9a-zA-Z-/]*$" ConstraintDescription: >- The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Description: >- S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. Type: String Default: deployment/ QSS3BucketRegion: Default: 'us-east-2' Description: 'AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.' Type: String EnableIAMGroup: Description: IAM group for launching SageMaker. By default, this IAM role is enabled for launching SageMaker. Default: 'NO' Type: String AllowedValues: - 'YES' - 'NO' SageMakerLaunch: Description: Do you want to launch SageMaker from the main template? Default: 'YES' Type: String AllowedValues: - 'YES' - 'NO' NotebookInstanceName: AllowedPattern: '[A-Za-z0-9-]{1,63}' ConstraintDescription: >- Maximum of 63 alphanumeric characters. Can include hyphens (-) but not spaces. Must be unique within your account in an AWS Region. Description: SageMaker notebook instance name. MaxLength: '63' MinLength: '1' Type: String NotebookInstanceType: AllowedValues: - ml.t2.medium - ml.m4.xlarge - ml.p2.xlarge ConstraintDescription: Must select a valid notebook instance type. Default: ml.t2.medium Description: Select the instance type for the SageMaker notebook. Type: String ProjectName: Description: >- The suffix appended to all resources in the stack. This suffix allows multiple copies of the same stack to be created in the same account. Type: String RootAccess: Description: Root access for the SageMaker notebook user. AllowedValues: - Enabled - Disabled Default: Enabled Type: String VolumeSizeInGB: Description: >- The size (in GB) of the ML storage volume to attach to the notebook instance. The default value is 5 GB. Type: Number Default: '5' DirectInternetAccess: Description: >- When value is Disabled (the default setting), this notebook instance can only access resources in your VPC. Type: String Default: Disabled AllowedValues: - Disabled ConstraintDescription: Must select a valid notebook instance type. ProjectID: Type: String Description: Enter a valid project ID. Default: QuickStart007 S3CodePusher: Description: Do you want to load the code from S3 to the SageMaker notebook? Default: 'NO' AllowedValues: - 'YES' - 'NO' Type: String CodeBucketName: Description: S3 bucket name from which you want to push code. Default: quickstart-code-bucket Type: String IAMGroup: Description: IAM group for accessing the SageMaker notebook. By default, this IAM role is enabled for accessing the SageMaker notebook. Default: 'NO' Type: String AllowedValues: - 'YES' - 'NO' Conditions: UsingDefaultBucket: !Equals - !Ref QSS3BucketName - 'aws-quickstart' IAMGroupCondition: !Not - !Equals - 'NO' - !Ref EnableIAMGroup SageMakerCondition: !Equals - 'YES' - !Ref SageMakerLaunch SageMakerIAMGroup: !Not - !Equals - 'NO' - !Ref IAMGroup Rules: SagemakerQS: Assertions: - AssertDescription: Your AWS Region does not yet support this Quick Start. Assert: 'Fn::Contains': - - us-east-1 - us-east-2 - us-west-1 - us-west-2 - ap-south-1 - ap-northeast-1 - ap-northeast-2 - ap-southeast-1 - ap-southeast-2 - ca-central-1 - eu-central-1 - ca-central-1 - eu-west-1 - eu-west-2 - eu-west-3 - eu-north-1 - sa-east-1 - !Ref 'AWS::Region' Resources: RandomStringStack: Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/random-string.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Type: AWS::CloudFormation::Stack VPCStack: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/vpcstack.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' TimeoutInMinutes: 15 Parameters: ENVName: !Ref ENVName VPCCIDR: !Ref VPCCIDR Subnet1CidrBlock: !Ref Subnet1CidrBlock Subnet2CidrBlock: !Ref Subnet2CidrBlock QSS3BucketName: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' QSS3BucketRegion: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Ref QSS3KeyPrefix RandomStringArn: !GetAtt 'RandomStringStack.Outputs.RandomStringArn' EFSStack: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/efsstack.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' TimeoutInMinutes: 10 Parameters: RandomStringArn: !GetAtt 'RandomStringStack.Outputs.RandomStringArn' ENVName: !Ref ENVName SecurityGroup1Id: !GetAtt - VPCStack - Outputs.SecurityGroup1Id SecurityGroup2Id: !GetAtt - VPCStack - Outputs.SecurityGroup2Id Subnet1Id: !GetAtt - VPCStack - Outputs.Subnet1Id VPCEndPointsStack: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/vpcendpointsstack.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' TimeoutInMinutes: 15 Parameters: VPCId: !GetAtt - VPCStack - Outputs.VPCId Subnet2Id: !GetAtt - VPCStack - Outputs.Subnet2Id RouteTableId: !GetAtt - VPCStack - Outputs.RouteTableId SecurityGroup1Id: !GetAtt - VPCStack - Outputs.SecurityGroup1Id SecurityGroup2Id: !GetAtt - VPCStack - Outputs.SecurityGroup2Id RandomStringArn: !GetAtt 'RandomStringStack.Outputs.RandomStringArn' ECRStack: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/ecrstack.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' TimeoutInMinutes: 15 Parameters: ENVName: !Ref ENVName ECRRepositoryName: !Ref ECRRepositoryName ECREndpoint: !GetAtt - VPCEndPointsStack - Outputs.ECREndpoint RandomStringArn: !GetAtt 'RandomStringStack.Outputs.RandomStringArn' SageMakerLaunchConfigStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/sagemakerlaunchconfigstack.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' TimeoutInMinutes: 15 Parameters: ENVName: !Ref ENVName EFSMountIpAddr: !GetAtt - EFSStack - Outputs.EFSMountIpAddr RandomStringArn: !GetAtt 'RandomStringStack.Outputs.RandomStringArn' LambdaStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/lambdastack.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' TimeoutInMinutes: 15 Parameters: ENVName: !Ref ENVName QSS3BucketName: !GetAtt - VPCStack - Outputs.LambdaBucket QSS3KeyPrefix: !Ref QSS3KeyPrefix RandomStringArn: !GetAtt 'RandomStringStack.Outputs.RandomStringArn' ServiceCatalogStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/servicecatalogstack.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' TimeoutInMinutes: 15 Parameters: ENVName: !Ref ENVName QSS3BucketName: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' QSS3KeyPrefix: !Ref QSS3KeyPrefix QSS3BucketRegion: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' EnableIAMGroup: !Ref EnableIAMGroup RandomStringArn: !GetAtt 'RandomStringStack.Outputs.RandomStringArn' SageMakerStack: Type: 'AWS::CloudFormation::Stack' DependsOn: [VPCStack,EFSStack,VPCEndPointsStack,ECRStack,SageMakerLaunchConfigStack,LambdaStack] Condition: SageMakerCondition Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/sagemakerproduct.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' TimeoutInMinutes: 15 Parameters: ENVName: !Ref ENVName NotebookInstanceName: !Ref NotebookInstanceName NotebookInstanceType: !Ref NotebookInstanceType DirectInternetAccess: !Ref DirectInternetAccess RootAccess: !Ref RootAccess VolumeSizeInGB: !Ref VolumeSizeInGB S3CodePusher: !Ref S3CodePusher CodeBucketName: !Ref CodeBucketName EnableIAMGroup: !Ref IAMGroup ProjectName: !Ref ProjectName ProjectID: !Ref ProjectID RandomStringArn: !GetAtt 'RandomStringStack.Outputs.RandomStringArn' SubnetName1: !GetAtt 'VPCStack.Outputs.SubnetName1' SecurityGroupName1: !GetAtt 'VPCStack.Outputs.SecurityGroupName1' ServiceTokenVal: !GetAtt 'LambdaStack.Outputs.LambdaFunction' Outputs: LambdaFunction: Value: !GetAtt - LambdaStack - Outputs.LambdaFunction Description: Lambda function ARN. LambdaFunctionRole: Value: !GetAtt - LambdaStack - Outputs.LambdaFunctionRole Description: Lambda function role. SageMakerPortfolio: Value: !GetAtt - ServiceCatalogStack - Outputs.SageMakerPortfolio Description: SageMaker portfolio ID. SageMakerProduct: Value: !GetAtt - ServiceCatalogStack - Outputs.SageMakerProduct Description: SageMaker product ID. SCEndUserRole: Value: !GetAtt - ServiceCatalogStack - Outputs.SCEndUserRole Description: Provides user access to launch SageMaker. SCUserGroup: Value: !GetAtt - ServiceCatalogStack - Outputs.SCUserGroup Condition: IAMGroupCondition Description: IAM group for launching SageMaker. NotebookInstanceLifecycleConfig: Value: !GetAtt - SageMakerLaunchConfigStack - Outputs.NbInstanceLifecycleConfig Description: SageMaker notebook instance lifecycle configuration. Message: Description: Execution status Value: !GetAtt - SageMakerStack - Outputs.Message Condition: SageMakerCondition SagemakerKMSKey: Description: KMS key for encrypting SageMaker resource. Value: !GetAtt - SageMakerStack - Outputs.SagemakerKMSKey Condition: SageMakerCondition ExecutionRoleArn: Description: ARN of the Sagemaker execution role. Value: !GetAtt - SageMakerStack - Outputs.ExecutionRoleArn Condition: SageMakerCondition S3BucketName: Description: S3 bucket for SageMaker notebook operation. Value: !GetAtt - SageMakerStack - Outputs.S3BucketName Condition: SageMakerCondition NotebookInstanceName: Description: Name of the Sagemaker notebook instance. Value: !GetAtt - SageMakerStack - Outputs.NotebookInstanceName Condition: SageMakerCondition ProjectName: Description: Project name used for SageMaker deployment. Value: !Ref ProjectName Condition: SageMakerCondition ProjectID: Description: Project ID used for SageMaker deployment. Value: !Ref ProjectID Condition: SageMakerCondition EndUserAccessRole: Value: !GetAtt - SageMakerStack - Outputs.EndUserAccessRole Description: Provides user access to the SageMaker notebook. Condition: SageMakerCondition EndUserIAMGroup: Value: !GetAtt - SageMakerStack - Outputs.EndUserIAMGroup Condition: SageMakerIAMGroup Description: Provides user access to the SageMaker notebook by IAM group.