AWSTemplateFormatVersion: 2010-09-09
Description:
"QuickStart for Cherwell, License: Apache 2.0 (Please do not remove)
March,4,2019 (qs-1pcd8k5ae)"
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Cherwell Configuration
Parameters:
- Url
- Username
- Password
- Grant
- ClientID
- Label:
default: AWS Config Recorder Configuration
Parameters:
- DeployAWSConfigSupport
- EnableAWSConfigRecorder
- IncludeGlobalResourceTypes
- Label:
default: AWS Config Rules Configuration
Parameters:
- ConfigRules
- Label:
default: AWS Quick Start Configuration
Parameters:
- QSS3BucketName
- QSS3BucketRegion
- QSS3KeyPrefix
ParameterLabels:
QSS3BucketName:
default: Quick Start S3 Bucket Name
QSS3BucketRegion:
default: Quick Start S3 bucket region
QSS3KeyPrefix:
default: Quick Start S3 Key Prefix
Username:
default: Cherwell username
Password:
default: Cherwell password
Url:
default: Cherwell Url
Grant:
default: Cherwell grant
ClientID:
default: Client ID
DeployAWSConfigSupport:
default: Deploy AWS Config Support
ConfigRules:
default: Enable AWS Config rules
EnableAWSConfigRecorder:
default: Turn AWS Config recording on
IncludeGlobalResourceTypes:
default: Include all supported types of global resources
Parameters:
QSS3BucketName:
AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z\-]*[0-9a-zA-Z])*$
ConstraintDescription:
Quick Start bucket name can include numbers, lowercase letters, uppercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Description:
S3 bucket name for the Quick Start assets. Quick Start bucket name can
include numbers, lowercase letters, uppercase letters, and hyphens (-). It
cannot start or end with a hyphen (-)
Type: String
Default: aws-quickstart
QSS3BucketRegion:
Default: "us-east-1"
Description: "The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value."
Type: String
QSS3KeyPrefix:
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription:
Quick Start key prefix can include numbers, lowercase letters, uppercase
letters, hyphens (-), and forward slash (/).
Description:
S3 key prefix for the Quick Start assets. Quick Start key prefix can
include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
Type: String
Default: quickstart-cherwell/
Username:
Description:
The user name of the user on the Cherwell instance who is authorized to
make REST requests.
Type: String
Default: CSDAdmin
Password:
Description:
The password for the user on the Cherwell instance who is authorized to
make REST requests.
Type: String
Default: CSDAdmin
Url:
AllowedPattern: ^https?:\/\/(?!.*:\/\/)\S+
ConstraintDescription: The URL of the Cherwell instance. The URL must start with HTTPS.
Description: Url of the Cherwell instance.
Type: String
Default: https://yourserver
Grant:
Description:
'For token operation requests, the type of token being requested: password
or refresh token. For most customers, "password" is the default. For more
information, see the Cherwell AWS connector documentation.'
Type: String
Default: password
ClientID:
Description:
For token operation requests, the API client ID for the client that is
making the token request. For more information, see the Cherwell AWS
connector documentation
Type: String
DeployAWSConfigSupport:
Description:
Choose 'False' if you don't want to enable AWS Config; the remaining
parameters in this section will be ignored.
Type: String
AllowedValues:
- "True"
- "False"
Default: "True"
ConfigRules:
Description:
Change this parameter to False if you don't want to enable AWS Config
rules. By default, this service is enabled for monitoring storage
encryption (Amazon EBS, Amazon S3, and Amazon RDS), IAM password policy,
root account multi-factor authentication (MFA), Amazon S3 public read and
write, and insecure security group rules. AWS Config must be enabled for
this setting to take effect.
Type: String
AllowedValues:
- "True"
- "False"
Default: "True"
IncludeGlobalResourceTypes:
Type: String
Description:
Choose 'True' to enable AWS Config to include all supported types of
global resources (for example, IAM resources) with the resources that it
records.
AllowedValues:
- "True"
- "False"
Default: "False"
EnableAWSConfigRecorder:
Description:
Choose 'False' if the AWS Config configuration recording is already turned
on in this account.
Type: String
AllowedValues:
- "True"
- "False"
Default: "True"
Conditions:
UsingDefaultBucket: !Equals [!Ref QSS3BucketName, "aws-quickstart"]
DoDeployAWSConfigSupport:
Fn::Equals:
- Ref: DeployAWSConfigSupport
- "True"
Resources:
LambdaFunctionStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub
- "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/lambda-stack.template.yaml"
- S3Region:
!If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion]
S3Bucket:
!If [
UsingDefaultBucket,
!Sub "${QSS3BucketName}-${AWS::Region}",
!Ref QSS3BucketName,
]
Parameters:
QSS3BucketName: !Ref QSS3BucketName
QSS3BucketRegion: !Ref QSS3BucketRegion
QSS3KeyPrefix: !Ref QSS3KeyPrefix
Username:
Ref: Username
Password:
Ref: Password
Url:
Ref: Url
Grant:
Ref: Grant
ClientID:
Ref: ClientID
APIAccessStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub
- "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/apigateway-stack.template.yaml"
- S3Region:
!If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion]
S3Bucket:
!If [
UsingDefaultBucket,
!Sub "${QSS3BucketName}-${AWS::Region}",
!Ref QSS3BucketName,
]
Parameters:
GetEstimateFunction:
Fn::GetAtt:
- LambdaFunctionStack
- Outputs.estimateLambdaFunctionQualifiedArn
NotificationStack:
DependsOn: APIAccessStack
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub
- "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/notification-stack.template.yaml"
- S3Region:
!If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion]
S3Bucket:
!If [
UsingDefaultBucket,
!Sub "${QSS3BucketName}-${AWS::Region}",
!Ref QSS3BucketName,
]
Parameters:
IncidentFunction:
Fn::GetAtt:
- LambdaFunctionStack
- Outputs.incidentLambdaFunctionQualifiedArn
CMDBFunction:
Fn::GetAtt:
- LambdaFunctionStack
- Outputs.CmdbLambdaFunctionQualifiedArn
CatalogStack:
DependsOn: NotificationStack
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub
- "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/service-catalog-stack.template.yaml"
- S3Region:
!If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion]
S3Bucket:
!If [
UsingDefaultBucket,
!Sub "${QSS3BucketName}-${AWS::Region}",
!Ref QSS3BucketName,
]
Parameters:
QSS3BucketName: !Ref QSS3BucketName
QSS3BucketRegion: !Ref QSS3BucketRegion
QSS3KeyPrefix: !Ref QSS3KeyPrefix
GatewayRole:
Fn::GetAtt:
- APIAccessStack
- Outputs.GatewayRole
ConfigStack:
DependsOn: CatalogStack
Type: AWS::CloudFormation::Stack
Condition: DoDeployAWSConfigSupport
Properties:
TemplateURL: !Sub
- "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/config-stack.template.yaml"
- S3Region:
!If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion]
S3Bucket:
!If [
UsingDefaultBucket,
!Sub "${QSS3BucketName}-${AWS::Region}",
!Ref QSS3BucketName,
]
Parameters:
EnableAWSConfigRecorder:
Ref: EnableAWSConfigRecorder
IncludeGlobalResourceTypes:
Ref: IncludeGlobalResourceTypes
ConfigRules:
Ref: ConfigRules
Outputs:
ServiceEndPoint:
Description: API gateway endpoint URL
Value:
Fn::GetAtt:
- APIAccessStack
- Outputs.ServiceEndPoint
APIKey:
Description: API key ID
Value:
Fn::GetAtt:
- APIAccessStack
- Outputs.APIKey
IncidentSNSTopic:
Description: The name of the SNS incident topic.
Value:
Fn::GetAtt:
- NotificationStack
- Outputs.IncidentSNSTopicName