AWSTemplateFormatVersion: "2010-09-09" Description: Cribl LogStream Free Distributed Deployment (x86_64)(qs-1tgmlqpf2) Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Cribl configuration Parameters: - workerCount - webAccessCidr - leaderInstanceType - workerInstanceType - Label: default: Network configuration Parameters: - AvailabilityZones - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - VPCTenancy - Label: default: Advanced settings Parameters: - AdditionalPolicies - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: AvailabilityZones: default: Availability Zones PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR VPCTenancy: default: VPC tenancy VPCCIDR: default: VPC CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix QSS3BucketRegion: default: Quick Start S3 bucket Region workerCount: default: Number of Cribl worker nodes webAccessCidr: default: Cribl Stream leader web access CIDR leaderInstanceType: default: Cribl Stream leader EC2 instance type workerInstanceType: default: Cribl Stream workers EC2 instance type AdditionalPolicies: default: Additional policies Parameters: AvailabilityZones: Description: List of Availability Zones to use for the subnets in the VPC. Type: 'List' PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form "x.x.x.x/16-28". Default: 10.0.0.0/19 Description: CIDR block for private subnet 1, located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form "x.x.x.x/16-28". Default: 10.0.32.0/19 Description: CIDR block for private subnet 2, located in Availability Zone 2. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form "x.x.x.x/16-28". Default: 10.0.128.0/20 Description: CIDR Block for the public subnet 1, located in Availability Zone 1. Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form "x.x.x.x/16-28". Default: 10.0.144.0/20 Description: CIDR Block for the public subnet 2, located in Availability Zone 2. Type: String VPCTenancy: AllowedValues: - default - dedicated Default: default Description: The allowed tenancy of EC2 instances launched into the VPC. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form "x.x.x.x/16-28". Default: 10.0.0.0/16 Description: CIDR block for the VPC. Type: String QSS3BucketName: AllowedPattern: ^[0-9a-z]+([0-9a-z-\.]*[0-9a-z])*$ ConstraintDescription: >- The S3 bucket name can include numbers, lowercase letters, and hyphens (-), but it cannot start or end with a hyphen. Default: aws-quickstart Description: >- Name of the S3 bucket for your copy of the deployment assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new location. MinLength: 3 MaxLength: 63 Type: String QSS3KeyPrefix: AllowedPattern: ^([0-9a-zA-Z!-_\.\*'\(\)/]+/)*$ ConstraintDescription: >- The S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), underscores (_), periods (.), asterisks (*), single quotes ('), open parenthesis ((), close parenthesis ()), and forward slashes (/). End the prefix with a forward slash. Default: quickstart-cribl-stream-privatelink-ami/ Description: >- S3 key prefix that is used to simulate a folder for your copy of the deployment assets. Keep the default prefix unless you are customizing the template. Changing the prefix updates code references to point to a new location. Type: String QSS3BucketRegion: Default: us-east-1 Description: >- AWS Region where the S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing the Region updates code references to point to a new location. When using your own bucket, specify the Region. Type: String workerCount: Description: (Required) Number of desired Cribl Stream worker nodes. Type: String Default: '2' webAccessCidr: Type: String AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: (Required) CIDR IP range permitted to access the Cribl Stream web console. We recommend you set this value to a trusted IP range. Default: 10.0.144.0/20 leaderInstanceType: Description: EC2 instance type for the Cribl Stream leader. Type: String Default: c5.2xlarge AllowedValues: - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge - c5d.large - c5d.xlarge - c5d.2xlarge - c5d.4xlarge - c5a.large - c5a.xlarge - c5a.2xlarge - c5a.4xlarge - c5ad.large - c5ad.xlarge - c5ad.2xlarge - c5ad.4xlarge ConstraintDescription: Must contain valid instance type workerInstanceType: Description: EC2 instance type for Cribl Stream workers. Type: String Default: c5.2xlarge AllowedValues: - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge - c5d.large - c5d.xlarge - c5d.2xlarge - c5d.4xlarge - c5a.large - c5a.xlarge - c5a.2xlarge - c5a.4xlarge - c5ad.large - c5ad.xlarge - c5ad.2xlarge - c5ad.4xlarge ConstraintDescription: Must contain a valid instance type. AdditionalPolicies: Default: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore,arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy" Description: Additional policy ARNs to attach to the IAM role used by the Cribl Stream instances, in a comma-separated list format. Do not remove default policies. Type: CommaDelimitedList Rules: SubnetsInVPC: Assertions: - Assert: !EachMemberIn - !ValueOfAll - AWS::EC2::Subnet::Id - VpcId - !RefAll "AWS::EC2::VPC::Id" AssertDescription: All subnets must in the VPC Conditions: UsingDefaultBucket: !Equals - !Ref QSS3BucketName - 'aws-quickstart' Resources: VPCStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR PublicSubnet1CIDR: !Ref PublicSubnet1CIDR PublicSubnet2CIDR: !Ref PublicSubnet2CIDR VPCCIDR: !Ref VPCCIDR VPCTenancy: !Ref VPCTenancy CriblStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/free_x86_64.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' Parameters: leaderInstanceType: !Ref leaderInstanceType workerInstanceType: !Ref workerInstanceType webAccessCidr: !Ref webAccessCidr workerCount: !Ref workerCount vpcId: !GetAtt VPCStack.Outputs.VPCID subnetIds: !Join - ',' - - !GetAtt VPCStack.Outputs.PublicSubnet1ID - !GetAtt VPCStack.Outputs.PublicSubnet2ID AdditionalPolicies: !Join - ',' - !Ref AdditionalPolicies Outputs: logstreamWebUrlPublic: Value: !GetAtt CriblStack.Outputs.logstreamWebUrlPublic Description: Cribl Stream web console URL. logstreamWebAccessCreds: Value: !GetAtt CriblStack.Outputs.logstreamWebAccessCreds Description: Default web access credentials. Postdeployment: Description: See the deployment guide for postdeployment steps. Value: https://fwd.aws/9Jq7J?