--- AWSTemplateFormatVersion: 2010-09-09 Description: "This template creates lambda function required to configure 2 ADCs in HA pair across Availability Zones" Parameters: ADCInstanceID: Description: ADC Instance ID Type: String ManagementPrivateIP: Description: Management Private IP Type: String ManagementSecurityGroupID: Type: String ManagementPrivateSubnetID: Type: AWS::EC2::Subnet::Id Description: >- Private Subnet ID of an existing subnet dedicated for Management ENI. LicensingMode: Description: "[OPTIONAL] Select the Licensing Mode" Type: String Default: "" AllowedValues: - "" - "Pooled-Licensing" - "CICO-Licensing" - "CPU-Licensing" ADMIP: Description: "[OPTIONAL] Reachable ADM / ADM Agent IP" Type: String Default: "" Bandwidth: Description: >- Initial bandwidth of the license in Mbps to be allocated after BYOL ADCs are created. Should be multiple of 10 Mbps. Default is 0 Mbps Type: Number Default: 0 PooledEdition: Description: "[OPTIONAL] License Edition for Pooled Capacity Licensing Mode" Type: String Default: Premium AllowedValues: - Premium VCPUEdition: Description: "[OPTIONAL] License Edition for vCPU Licensing Mode" Type: String Default: Premium AllowedValues: - Premium Platform: Description: "[OPTIONAL] License Platform" Type: String Default: "" AllowedValues: - "" - VPX-200 - VPX-1000 - VPX-3000 - VPX-5000 QSS3BucketName: AllowedPattern: "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$" ConstraintDescription: >- Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Description: >- S3 bucket name for the Quick Start assets. This bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-), but should not start or end with a hyphen. You can specify your own bucket if you copy all of the assets and submodules into it, if you want to override the Quick Start behavior for your specific implementation. Type: String QSS3KeyPrefix: AllowedPattern: "^[0-9a-zA-Z-/]*/$" ConstraintDescription: >- Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-citrix-adc-waf/ Description: >- [Note] The QSS3KeyPrefix should have to end with forward slash (/). S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String Resources: AllocatePooledLicense: Properties: ADCInstanceID: !Ref ADCInstanceID ADCPrivateNSIP: !Ref ManagementPrivateIP ADMIP: !Ref ADMIP Bandwidth: !Ref Bandwidth LicensingMode: !Ref LicensingMode Platform: !Ref Platform PooledEdition: !Ref PooledEdition ServiceToken: !GetAtt PooledLicenseFunction.Arn VCPUEdition: !Ref VCPUEdition Type: AWS::CloudFormation::CustomResource PooledLicenseFunction: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !Ref QSS3BucketName S3Key: !Sub ${QSS3KeyPrefix}functions/packages/waf/lambda-waf.zip Handler: lambda_pooled_license.lambda_handler Role: !GetAtt "PooledLicenseRole.Arn" Runtime: python3.6 Tags: - Key: Name Value: !Sub ${AWS::StackName}-PooledLicenseFunction Timeout: 900 VpcConfig: SecurityGroupIds: - !Ref ManagementSecurityGroupID SubnetIds: - !Ref ManagementPrivateSubnetID PooledLicenseRole: Properties: AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com Version: 2012-10-17 Description: "" ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Path: / Policies: - PolicyDocument: Statement: - Action: - ec2:DescribeInstances - ec2:DescribeNetworkInterfaces - ec2:DescribeSubnets - ec2:DescribeVpcs - ec2:DescribeAvailabilityZones - ec2:DescribeInstanceStatus - ec2:CreateNetworkInterface - ec2:DeleteNetworkInterface - ec2:AttachNetworkInterface - ec2:DetachNetworkInterface - ec2:ModifyNetworkInterfaceAttribute - ec2:ResetNetworkInterfaceAttribute - ec2:AssignPrivateIpAddresses - ec2:UnassignPrivateIpAddresses Effect: Allow Resource: "*" Version: 2012-10-17 PolicyName: citrixadc-lambda-policy Type: AWS::IAM::Role