--- AWSTemplateFormatVersion: 2010-09-09 ###################################### ## Stack Description ###################################### Description: >- This main template creates a VPC for deployment of HVR on AWS. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1roo3sq66) ###################################### ## Stack Metadata ###################################### Metadata: QuickStartDocumentation: EntrypointName: "Parameters for deploying into a new VPC" Order: 1 AWS::CloudFormation::Interface: ParameterGroups: - Label: default: End-user license agreement (EULA) for HVR CDC Parameters: - AcceptedEULA - Label: default: "VPC network configuration" Parameters: - AvailabilityZones - VPCCIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - RemoteAccessCIDR - Label: default: "HVR EC2 configuration" Parameters: - HVRInstanceTypeHUB - HVRInstanceTypeAgent - KeyName - Label: default: Tag identifiers Parameters: - TagEnvironment - Label: default: HVR license key (secret parameter ARN) Parameters: - HVRLicenseSecret - Label: default: HVR Aurora/PostgreSQL configuration Parameters: - EnablePGStack - DBAccessCIDR - PGInstanceClass - NotificationList - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketRegion - QSS3BucketName - QSS3KeyPrefix ParameterLabels: AcceptedEULA: default: Accepted EULA AvailabilityZones: default: Availability Zones VPCCIDR: default: VPC CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR RemoteAccessCIDR: default: Allowed CIDR to bastion host DBAccessCIDR: default: Allowed CIDR for database access HVRInstanceTypeHUB: default: EC2 instance type for HVR hub HVRInstanceTypeAgent: default: EC2 instance type for HVR agent KeyName: default: EC2 key pair name EnablePGStack: default: Enable Aurora/PostgreSQL stack NotificationList: default: Email address for Aurora/PostgreSQL notifications PGInstanceClass: default: Aurora/PostgreSQL instance class TagEnvironment: default: Environment tag QSS3BucketRegion: default: Quick Start S3 bucket Region QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix HVRLicenseSecret: default: HVR license key License: Apache-2.0 ###################################### ## Parameters ###################################### Parameters: AcceptedEULA: AllowedValues: - "yes" - "no" Default: "yes" Description: >- Read the HVR Software end-user license agreement (https://www.hvr-software.com/license-agreement/) carefully before using the software. The HVR stack can be created only after you accept the EULA. To accept the EULA from AWS Marketplace, see https://aws.amazon.com/marketplace/pp/B077YM8HPW. Type: String AvailabilityZones: Description: >- Availability Zones to use for the subnets in the VPC. Two Availability Zones are used for this deployment, and the logical order of your selections is preserved. To maximize efficiency, choose the same Availability Zone as the target database or service. Type: "List" RemoteAccessCIDR: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: CIDR address from which you will connect to the bastion host. Type: String DBAccessCIDR: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Default: 10.0.0.0/18 Description: Private CIDR address from which you will connect to the database instance. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR block for the VPC. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/20 Description: CIDR block for public subnet 1 located in Availability Zone 1. The bastion host is deployed here. Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.144.0/20 Description: CIDR block for public subnet 2 located in Availability Zone 2. The bastion host is deployed here. Type: String PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Description: CIDR block for private subnet 1 located in Availability Zone 1. The HVR hub, agent, and Aurora/PostgreSQL database are deployed here. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Description: CIDR block for private subnet 2 located in Availability Zone 2. The HVR hub, agent, and Aurora/PostgreSQL database are deployed here. Type: String HVRInstanceTypeHUB: Description: EC2 instance type for the HVR hub. Type: String Default: c5.large AllowedValues: [ c5.large, c5.xlarge, c5.2xlarge c5d.large, c5d.xlarge, c5d.2xlarge ] ConstraintDescription: Must be a valid EC2 instance type. HVRInstanceTypeAgent: Description: EC2 instance type for the HVR agent running capture/integrate. Type: String Default: c5.large AllowedValues: [ c5.large, c5.xlarge, c5.2xlarge c5d.large, c5d.xlarge, c5d.2xlarge ] ConstraintDescription: Must be a valid EC2 instance type. KeyName: Description: Name of the key pair to be used to connect to your EC2 instances by using SSH. Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: Must be the name of an existing EC2 key pair. NotificationList: Type: String Default: "ops@company.com" Description: Email notification that is used to configure an SNS topic for sending an Amazon CloudWatch alarm and Amazon RDS event notifications. AllowedPattern: '^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$' ConstraintDescription: provide a valid email address. EnablePGStack: AllowedValues: - "true" - "false" Default: "true" Description: Choose "false" if you don't want to create an Amazon Aurora/PostgreSQL RDS stack. Type: String PGInstanceClass: AllowedValues: - db.r5.large - db.r5.xlarge - db.r5.2xlarge - db.r5.4xlarge Default: db.r5.large Description: Aurora/PostgreSQL database instance class. Type: String TagEnvironment: Type: String AllowedValues: - dev - test Description: Designates the environment stage of the associated AWS resource. Default: "dev" QSS3BucketRegion: Default: "ap-southeast-2" Description: "AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html." Type: String QSS3BucketName: AllowedPattern: "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$" ConstraintDescription: "The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-)." Default: "ae-quickstart-aws-hvr" Description: "Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html." Type: String QSS3KeyPrefix: AllowedPattern: "^[0-9a-zA-Z-/]*$" ConstraintDescription: "The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). The prefix should end with a forward slash (/)." Default: quickstart-hvr/ Description: "S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html." Type: String HVRLicenseSecret: Description: | Specify the ARN to the secret (to be located in AWS Secrets Manager) that can be used for the HVR deployment. If no value is specified, a temporary dummy secret will be created in Secrets Manager as hvr/quickstart/{TagEnvironment}/hvrlic. If you require a license, leave the value as "none," and contact the HVR Software sales team. Type: String Default: "none" ###################################### ## Condition definitions ###################################### Conditions: UsingDefaultBucket: !Equals - !Ref QSS3BucketName - "aws-quickstart" CreatePGStack: !Equals - !Ref EnablePGStack - "true" IsAcceptedEULA: !Equals - !Ref AcceptedEULA - "yes" ###################################### ## Declaration of stack resources ###################################### Resources: ## ------------------------------------------------------------ # ## Create nested stack for VPC creation ## ------------------------------------------------------------ # VPCStack: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub "aws-quickstart-${AWS::Region}" - !Ref "QSS3BucketName" S3Region: !If - UsingDefaultBucket - !Ref "AWS::Region" - !Ref "QSS3BucketRegion" Parameters: AvailabilityZones: !Join - "," - !Ref AvailabilityZones NumberOfAZs: "2" PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR PublicSubnet1CIDR: !Ref PublicSubnet1CIDR PublicSubnet2CIDR: !Ref PublicSubnet2CIDR VPCCIDR: !Ref VPCCIDR ## ------------------------------------------------------------ # ## Create nested stack for Bastion host (based on HVR BYOL system) ## - this allows SSH and HVR GUI access ## ------------------------------------------------------------ # BastionStack: Condition: IsAcceptedEULA Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/hvr.bastion.template.yaml' - S3Bucket: !If - UsingDefaultBucket - !Sub "aws-quickstart-${AWS::Region}" - !Ref "QSS3BucketName" S3Region: !If - UsingDefaultBucket - !Ref "AWS::Region" - !Ref "QSS3BucketRegion" Parameters: VPCID: !GetAtt VPCStack.Outputs.VPCID VPCCIDR: !Ref VPCCIDR PublicSubnet1: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2: !GetAtt VPCStack.Outputs.PublicSubnet2ID RemoteAccessCIDR: !Ref RemoteAccessCIDR KeyName: !Ref KeyName TagEnvironment: !Ref TagEnvironment HVRPubKeyBase64: !GetAtt HVRStack.Outputs.HVRPublicKey ## ------------------------------------------------------------ # ## Create nested stack for HVR Hub and Agents ## ------------------------------------------------------------ # HVRStack: Condition: IsAcceptedEULA Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/hvr.workload.vpc.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub "aws-quickstart-${AWS::Region}" - !Ref "QSS3BucketName" S3Region: !If - UsingDefaultBucket - !Ref "AWS::Region" - !Ref "QSS3BucketRegion" Parameters: AcceptedEULA: !Ref AcceptedEULA VPCID: !GetAtt - VPCStack - Outputs.VPCID VPCCIDR: !Ref VPCCIDR PrivateSubnet1CIDR: !GetAtt - VPCStack - Outputs.PrivateSubnet1ACIDR PrivateSubnet2CIDR: !GetAtt - VPCStack - Outputs.PrivateSubnet2ACIDR PrivateSubnet1: !GetAtt - VPCStack - Outputs.PrivateSubnet1AID PrivateSubnet2: !GetAtt - VPCStack - Outputs.PrivateSubnet2AID HVRInstanceTypeHUB: !Ref HVRInstanceTypeHUB HVRInstanceTypeAgent: !Ref HVRInstanceTypeAgent KeyName: !Ref KeyName TagEnvironment: !Ref TagEnvironment HVRLicenseSecret: !Ref HVRLicenseSecret ## ------------------------------------------------------------ # ## Creat nexted stack for Aurora/PostgreSQL if required ## ------------------------------------------------------------ # ## --------------------------------------------- # ## Create Aurora/PostgreSQL user password in SSM ## --------------------------------------------- # PGUserSecret: Type: "AWS::SecretsManager::Secret" Properties: Name: !Sub hvr/quickstart/${TagEnvironment}/pgUserSecret Description: Autogenerated Aurora/PostgreSQL hvrhub user password GenerateSecretString: SecretStringTemplate: '{"username": "hvrhub"}' GenerateStringKey: 'password' PasswordLength: 16 ExcludeCharacters: \'"@/ Tags: - Key: Name Value: !Sub pg-user-secret-${TagEnvironment} - Key: EnvironmentStage Value: !Sub ${TagEnvironment} AuroraStack: Condition: CreatePGStack Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-amazon-aurora-postgresql/templates/aurora_postgres.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub "aws-quickstart-${AWS::Region}" - !Ref "QSS3BucketName" S3Region: !If - UsingDefaultBucket - !Ref "AWS::Region" - !Ref "QSS3BucketRegion" Parameters: Subnet1ID: !GetAtt - VPCStack - Outputs.PrivateSubnet1AID Subnet2ID: !GetAtt - VPCStack - Outputs.PrivateSubnet2AID VPCID: !GetAtt - VPCStack - Outputs.VPCID DBName: hvrhub DBAutoMinorVersionUpgrade: "true" DBAllocatedStorageEncrypted: "true" DBBackupRetentionPeriod: "35" DBEngineVersion: "11.7" DBInstanceClass: !Ref PGInstanceClass DBMasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref PGUserSecret, ':SecretString:username}}' ]] DBMasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref PGUserSecret, ':SecretString:password}}' ]] DBPort: 5432 DBMultiAZ: "true" CustomDBSecurityGroup: "" EnableEventSubscription: "true" DBAccessCIDR: !Ref DBAccessCIDR NotificationList: !Ref NotificationList EnvironmentStage: !Ref TagEnvironment ###################################### ## Define stack output values ###################################### Outputs: HVRBastionNLBDns: Condition: IsAcceptedEULA Description: HVR Bastion Host Access Point (Load Balancer DNS) Value: Fn::GetAtt: - BastionStack - Outputs.HVRBastionNLBDns HVRPort: Condition: IsAcceptedEULA Description: Port of the HVR Hub and Agents (via Load Balancers) Value: Fn::GetAtt: - HVRStack - Outputs.HVRPort HVRHubNLBDns: Condition: IsAcceptedEULA Description: HVR Hub Access Point (Load Balancer DNS) Value: Fn::GetAtt: - HVRStack - Outputs.HVRHubNLBDns HVRAgentNLBDns: Condition: IsAcceptedEULA Description: HVR Agent Access Point (Load Balancer DNS) Value: Fn::GetAtt: - HVRStack - Outputs.HVRAgentNLBDns RDSEndpoint: Description: Aurora PostgreSQL endpoint Condition: CreatePGStack Value: Fn::GetAtt: - AuroraStack - Outputs.RDSEndPointAddress RDSPort: Description: Aurora/PostgreSQL default port Condition: CreatePGStack Value: 5432 RDSUser: Description: Aurora/PostgreSQL default HVR user Condition: CreatePGStack Value: "hvrhub" RDSUserSecretARN: Description: Aurora/PostgreSQL hvrhub user password can be found in Secrets Manager. Condition: CreatePGStack Value: !Ref PGUserSecret RDSDBName: Description: Aurora/PostgreSQL database name Condition: CreatePGStack Value: hvrhub