AWSTemplateFormatVersion: "2010-09-09" Transform: "AWS::Serverless-2016-10-31" Description: Cribl Stream free deployment on ARM64 with AWS Cloudtrail logging (qs-1ti330r8b). Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: AWS CloudTrail configuration Parameters: - ExternalLogBucket - Label: default: Cribl configuration Parameters: - webAccessCidr - instanceType - Label: default: Network configuration Parameters: - AvailabilityZones - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - VPCTenancy - Label: default: AWS Partner Solution configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: AvailabilityZones: default: Availability Zones PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR VPCTenancy: default: VPC tenancy VPCCIDR: default: VPC CIDR QSS3BucketName: default: Partner Solution S3 bucket name QSS3KeyPrefix: default: Partner Solution S3 key prefix QSS3BucketRegion: default: Partner Solution S3 bucket Region webAccessCidr: default: Cribl Stream leader web-access CIDR instanceType: default: Cribl Stream leader EC2 instance type ExternalLogBucket: default: CloudTrail logs S3 bucket Parameters: AvailabilityZones: Description: List of Availability Zones to use for the subnets in the VPC. Type: 'List' PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Description: CIDR block for private subnet 1, located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Description: CIDR block for private subnet 2, located in Availability Zone 2. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/20 Description: CIDR Block for the public subnet 1, located in Availability Zone 1. Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.144.0/20 Description: CIDR Block for the public subnet 2, located in Availability Zone 2. Type: String VPCTenancy: AllowedValues: - default - dedicated Default: default Description: The allowed tenancy of instances launched into the VPC. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form "x.x.x.x/16-28". Default: 10.0.0.0/16 Description: CIDR Block for the VPC. Type: String QSS3BucketName: AllowedPattern: ^[0-9a-z]+([0-9a-z-\.]*[0-9a-z])*$ ConstraintDescription: >- The S3 bucket name can include numbers, lowercase letters, and hyphens (-), but it cannot start or end with a hyphen. Default: aws-quickstart Description: >- Name of the S3 bucket for your copy of the deployment assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new location. MinLength: 3 MaxLength: 63 Type: String QSS3KeyPrefix: AllowedPattern: ^([0-9a-zA-Z!-_\.\*'\(\)/]+/)*$ ConstraintDescription: >- The S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), underscores (_), periods (.), asterisks (*), single quotes ('), open parenthesis ((), close parenthesis ()), and forward slashes (/). End the prefix with a forward slash. Default: quickstart-cribl-cloudtrail/ Description: >- S3 key prefix that is used to simulate a folder for your copy of the deployment assets. Keep the default prefix unless you are customizing the template. Changing the prefix updates code references to point to a new location. Type: String QSS3BucketRegion: Default: us-east-1 Description: >- AWS Region where the S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing the Region updates code references to point to a new location. When using your own bucket, specify the Region. Type: String webAccessCidr: Type: String AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form "x.x.x.x/x". Description: (Required) CIDR IP range permitted to access the Cribl Stream web console. We recommend you set this value to a trusted IP range. Default: 10.0.144.0/20 instanceType: Description: EC2 instance type to provision the Cribl Stream leader instance. Type: String Default: c6g.xlarge AllowedValues: - c6g.large - c6g.xlarge - c6g.2xlarge - c6g.4xlarge - c6gd.large - c6gd.xlarge - c6gd.2xlarge - c6gd.4xlarge - m6g.large - m6g.xlarge - m6g.2xlarge - m6g.4xlarge - m6gd.large - m6gd.xlarge - m6gd.2xlarge - m6gd.4xlarge ConstraintDescription: Must contain valid instance type. ExternalLogBucket: Description: >- (Optional) Name of an existing S3 bucket to store flow logs. If you leave this blank, the deployment creates an Amazon S3 bucket for you. Type: String Default: '' Rules: SubnetsInVPC: Assertions: - Assert: !EachMemberIn - !ValueOfAll - AWS::EC2::Subnet::Id - VpcId - !RefAll "AWS::EC2::VPC::Id" AssertDescription: All subnets must in the VPC Conditions: InternalBucket: !Equals - !Ref ExternalLogBucket - '' UsingDefaultBucket: !Equals - !Ref QSS3BucketName - 'aws-quickstart' Resources: S3Bucket: Condition: InternalBucket Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/aws_s3bucket.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' CloudTrail: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/aws_cloudtrail.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' Parameters: BucketArn: !If - InternalBucket - !GetAtt S3Bucket.Outputs.S3BucketArn - !Join - '' - - 'arn:aws:s3:::' - !Ref ExternalLogBucket BucketName: !If - InternalBucket - !GetAtt S3Bucket.Outputs.S3BucketName - !Ref ExternalLogBucket VPCStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR PublicSubnet1CIDR: !Ref PublicSubnet1CIDR PublicSubnet2CIDR: !Ref PublicSubnet2CIDR VPCCIDR: !Ref VPCCIDR VPCTenancy: !Ref VPCTenancy CriblStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/quickstart-cribl-logstream/templates/cribl-single-arm64.workload.template.yaml - S3Bucket: aws-quickstart S3Region: us-east-1 Parameters: instanceType: !Ref instanceType webAccessCidr: !Ref webAccessCidr vpcId: !GetAtt VPCStack.Outputs.VPCID subnetIds: !Join - ',' - - !GetAtt VPCStack.Outputs.PublicSubnet1ID - !GetAtt VPCStack.Outputs.PublicSubnet2ID EmptyBucketLambda: Condition: InternalBucket Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/aws_lambda_emptybucket.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' Parameters: BucketArn2Empty: !GetAtt S3Bucket.Outputs.S3BucketArn Bucket2Empty: !GetAtt S3Bucket.Outputs.S3BucketName Outputs: StreamWebUrlPublic: Value: !GetAtt CriblStack.Outputs.logstreamWebUrlPublic Description: Cribl Stream web console URL. StreamWebAccessCreds: Value: !GetAtt CriblStack.Outputs.logstreamWebAccessCreds Description: Default Cribl Stream web console access credentials. S3SQSArn: Value: !GetAtt S3Bucket.Outputs.SQSArn Description: ARN of the SQS queue (used to configure S3 input in Cribl Stream). Condition: InternalBucket S3AccessRoleArn: Value: !GetAtt S3Bucket.Outputs.AccessRoleArn Description: ARN for the IAM Role to access the SQS queue and S3 bucket (used to configure the S3 input in Cribl Stream). Condition: InternalBucket S3BucketArn: Value: !GetAtt S3Bucket.Outputs.S3BucketArn Description: ARN for the CloudTrail data S3 bucket. Condition: InternalBucket