AWSTemplateFormatVersion: '2010-09-09' Description: 'Template for IBM Security Guardium Insights deployment into a new VPC. This is the root template for a collection of nested stacks that make up the full IBM Security Guardium Insights deployment. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1t8abe2qb)' Metadata: QuickStartDocumentation: EntrypointName: 'Launch IBM Security Guardium Insights into a new VPC on AWS' Order: '1' cfn-lint: config: ignore_checks: - W9006 - E9101 AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Availability Zone configuration Parameters: - NumberOfAZs - AvailabilityZones - Label: default: Network configuration Parameters: - VPCCIDR - PrivateSubnet1CIDR - PublicSubnet1CIDR - BootNodeAccessCIDR - Label: default: DNS configuration Parameters: - DomainName - Label: default: Amazon EC2 configuration Parameters: - KeyPairName - Label: default: Red Hat OpenShift hosts configuration Parameters: - GIProductionSize - NumberOfMaster - NumberOfGINodes - NumberOfDb2DataNodes - MasterInstanceType - GINodeInstanceType - Db2DataNodeInstanceType - ClusterName - Label: default: Red Hat subscription information Parameters: - RedhatPullSecret - Label: default: Storage Configuration Parameters: - StorageType - NumberOfOCS - OCSInstanceType - Label: default: IBM Security Guardium Insights configuration Parameters: - LicenseAgreement - LicenseType - GIVersion - AdminUsername - AdminPassword - Namespace - RepositoryPassword - HostName - IngressKeyFile - IngressCertFile - IngressCAFile - StorageClassRWO - StorageClassRWX - GIDeploymentLogsBucketName - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: NumberOfAZs: default: Number of Availability Zones AvailabilityZones: default: Availability Zones VPCCIDR: default: VPC CIDR PrivateSubnet1CIDR: default: Private subnet 1 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR BootNodeAccessCIDR: default: Boot node external access CIDR DomainName: default: Domain name KeyPairName: default: Key pair name GIProductionSize: default: IBM Security Guardium Insights production size NumberOfMaster: default: Number of control plane nodes NumberOfGINodes: default: Number of Guardium Insights nodes NumberOfDb2DataNodes: default: Number of IBM Db2 data nodes MasterInstanceType: default: Master node instance type GINodeInstanceType: default: Guardium Insights node instance type Db2DataNodeInstanceType: default: Db2 data node instance type ClusterName: default: Cluster name RedhatPullSecret: default: Red Hat OpenShift pull secret StorageType: default: Cluster storage type NumberOfOCS: default: Number of OCS nodes OCSInstanceType: default: OCS instance type LicenseAgreement: default: License agreement LicenseType: default: License type GIVersion: default: IBM Security Guardium Insights version Namespace: default: IBM Security Guardium Insights namespace AdminUsername: default: Administrator username AdminPassword: default: Administrator password RepositoryPassword: default: Repository password HostName: default: IBM Security Guardium Insights host name IngressKeyFile: default: TLS certificate IngressCertFile: default: TLS key IngressCAFile: default: Custom TLS certificate StorageClassRWO: default: Storage classes read-write-only (RWO) for IBM Security Guardium Insights StorageClassRWX: default: Storage classes read-write-many (RWX) for IBM Security Guardium Insights GIDeploymentLogsBucketName: default: Output S3 bucket name QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket Region QSS3KeyPrefix: default: Quick Start S3 key prefix Parameters: NumberOfAZs: AllowedValues: - '1' Default: '1' Description: >- Number of Availability Zones used for the IBM Security Guardium Insights deployment. Type: String AvailabilityZones: Description: The list of Availability Zones to use for the subnet in the VPC. The Quick Start uses one Availability Zone. Type: List VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block notation must follow the format "x.x.x.x/16–28". Default: '10.0.0.0/16' Description: CIDR block for the VPC. Type: String PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block notation must follow the format "x.x.x.x/16–28". Default: '10.0.0.0/19' Description: CIDR block for the private subnet located in Availability Zone 1. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block notation must follow the format "x.x.x.x/16–28". Default: '10.0.128.0/20' Description: CIDR block for the public subnet located in Availability Zone 1. Type: String BootNodeAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block notation must follow the format "x.x.x.x/x". Description: CIDR IP range that is permitted to access the boot node instance. Set this value to a trusted IP range. The value "0.0.0.0/0" permits access to all IP addresses. Additional values can be added from the Amazon EC2 console after deployment. Type: String DomainName: AllowedPattern: ^(\S+)$ ConstraintDescription: Must contain a valid base domain. Description: Amazon Route 53 base domain configured for your Red Hat OpenShift Container Platform cluster. Must be a valid base domain (for example, "example.com"). Type: String KeyPairName: Description: Name of an existing public/private key pair, which allows you to securely connect to your instance after it launches. If you do not have a key pair in this AWS Region, create one before continuing. Type: AWS::EC2::KeyPair::KeyName GIProductionSize: AllowedValues: - xsmall - small - med - large - xlarge Default: small Description: >- Size of your IBM Security Guardium Insights production. Type: String NumberOfMaster: AllowedValues: - 3 Default: 3 Description: Desired number of control plane node instances. Type: Number NumberOfGINodes: AllowedValues: - 2 - 3 - 4 - 5 Default: 3 Description: >- Desired number of Guardium Insights node instances. Choose "2" if the Guardium Insights production size is extra small. Choose "3" if the production size is small. Choose "4" if the production size is medium. Choose "5" if the production size is large. Note: If the number of compute node instances exceeds your Red Hat entitlement limits or AWS instance limits, the stack will fail. Choose a number that is within your limits. Type: Number NumberOfDb2DataNodes: AllowedValues: - 1 - 2 - 3 - 5 Default: 2 Description: >- Desired number of IBM Db2 data node instances. Choose "1" if the Guardium Insights production size is extra small. Choose "2" if the production size is small. Choose "3" if the production size is medium or large. Note: If the number of compute node instances exceeds your Red Hat entitlement limits or AWS instance limits, the stack will fail. Choose a number that is within your limits. Type: Number MasterInstanceType: AllowedValues: - m5.2xlarge Default: m5.2xlarge Description: EC2 instance type for the Red Hat OpenShift Container Platform control plane node instances. Instance must have 8 cores CPU, 16 GB RAM, and 120 GB storage. Type: String GINodeInstanceType: AllowedValues: - m5.4xlarge - m5.8xlarge Default: m5.4xlarge Description: >- EC2 instance type for the Guardium Insights node instances. Choose "m5.4xlarge" (16 cores CPU, 64 GB RAM, 120 GB storage) if the Guardium Insights production size is small, medium or large. Choose "m5.8xlarge" (32 cores CPU, 128 GB RAM, 120 GB storage) if the production size is extra small. Type: String Db2DataNodeInstanceType: AllowedValues: - m5.4xlarge - m5.8xlarge - m5.16xlarge Default: m5.4xlarge Description: >- EC2 instance type for the Db2 data node instances. Choose "m5.4xlarge" (16 cores CPU, 64 GB RAM, 120 GB storage) if the Guardium Insights production size is small. Choose "m5.8xlarge" (32 cores CPU, 128 GB RAM, 120 GB storage) if the production size is extra small or medium. Choose "m5.16xlarge" (64 cores CPU, 256 GB RAM, 120 GB storage) if the production size is large. Type: String ClusterName: AllowedPattern: ^[0-9a-z-.]*$ ConstraintDescription: Must contain valid cluster name. The name must start with a letter, and can contain letters, numbers, periods (.), and hyphen (-). Description: Red Hat OpenShift Container Platform cluster name. The name must start with a letter and can contain letters, numbers, periods (.), and hyphens (-). Use a name that is unique across Regions. Type: String RedhatPullSecret: AllowedPattern: ^s3:\/\/+[0-9a-z-.\/]*$ ConstraintDescription: Must contain a valid S3 URI path of Red Hat OpenShift Installer Provisioned Infrastructure pull secret (for example, "s3://my-bucket/path/to/pull-secret"). Description: S3 URI path of Red Hat OpenShift Installer Provisioned Infrastructure pull secret (for example, "s3://my-bucket/path/to/pull-secret"). Type: String StorageType: AllowedValues: - 'OCS' Default: 'OCS' Description: OpenShift Container Storage (OCS) as default storage class. Type: String NumberOfOCS: AllowedValues: - 3 - 5 Default: 3 Description: >- Desired number of OpenShift container storage node instances. Choose "3" for an extra small or small Guardium Insights production deployment. Choose "5" for a medium or large production deployment. Type: Number OCSInstanceType: AllowedValues: - m5.4xlarge ConstraintDescription: Must contain a valid instance type. Instance must have 8 cores CPU, 16 GB RAM, and 120 GB storage. Default: m5.4xlarge Description: EC2 instance type for the OpenShift Container Storage instances. Type: String LicenseAgreement: AllowedValues: - 'I agree' - '-' ConstraintDescription: You must agree to the license terms for IBM Security Guardium Insights to continue. Default: '-' Description: Choose "I agree" to confirm that you have read the IBM Security Guardium Insights license and accept the terms. Type: String LicenseType: AllowedValues: - 'L-GBLK-CDVHGZ (IBM Security Guardium Package (Software))' - 'L-TESX-C86NC4 (IBM Security Guardium Insights for IBM Cloud Pak for Security (Gen 3))' - 'L-TESX-C86NPQ (IBM Security Guardium Insights for IBM Cloud Pak for Security)' Default: 'L-GBLK-CDVHGZ (IBM Security Guardium Package (Software))' Description: IBM Security Guardium Insights license types, confirm entitled part name in IBM-provided Proof of Entitlement. Type: String GIVersion: AllowedValues: - '3.2.3' - '3.2.4' Default: '3.2.4' Description: Version of IBM Security Guardium Insights to be deployed. Type: String Namespace: ConstraintDescription: IBM Security Guardium Insights namespace must be 3–10 characters in length. Description: OpenShift project where IBM Security Guardium Insights is deployed. MaxLength: 10 MinLength: 3 Type: String RepositoryPassword: AllowedPattern: ^(\S+)$ ConstraintDescription: A IBM Entitled Registry password is required. Description: IBM Entitled Registry password. Type: String NoEcho: 'true' AdminUsername: Default: 'gi-admin' ConstraintDescription: The administrator username must be 3-32 characters in length. Description: User with administrator privileges in IBM Security Guardium Insights. The administrator username must be 3–32 characters in length. MaxLength: 32 MinLength: 3 Type: String AdminPassword: Default: '' Description: >- (Optional) Password for accessing the IBM Security Guardium Insights platform. If no password is provided, the default password generated during deployment can be retrieved from "GIAdminSecret" resource. Type: String NoEcho: 'true' HostName: Default: '' Description: Host name for the IBM Security Guardium Insights application. Type: String IngressKeyFile: AllowedPattern: ^(|s3:\/\/+[0-9a-z-.\/]*)$ ConstraintDescription: Must be a valid S3 URI path of the TLS certificate file that is associated with the IBM Security Guardium Insights application domain (for example, "s3://my-bucket/path/to/cert"). Default: '' Description: (Optional) S3 URI path of the TLS certificate file that is associated with the IBM Security Guardium Insights application domain (for example, "s3://my-bucket/path/to/cert"). Type: String IngressCertFile: AllowedPattern: ^(|s3:\/\/+[0-9a-z-.\/]*)$ ConstraintDescription: Must be a valid S3 URI path of the TLS key file that is associated with the IBM Security Guardium Insights application domain (for example, "s3://my-bucket/path/to/cert"). Default: '' Description: (Optional) S3 URI path of the TLS key file that is associated with the IBM Security Guardium Insights application domain (for example, "s3://my-bucket/path/to/cert"). Type: String IngressCAFile: AllowedPattern: ^(|s3:\/\/+[0-9a-z-.\/]*)$ ConstraintDescription: Must be a valid S3 URI path of the custom TLS certificate file that is associated with the IBM Security Guardium Insights application domain (for example, "s3://my-bucket/path/to/cert"). Default: '' Description: (Optional) S3 URI path of the custom TLS certificate file that is associated with the IBM Security Guardium Insights application domain (for example, "s3://my-bucket/path/to/cert"). Type: String StorageClassRWO: AllowedValues: - 'gp2' Default: 'gp2' Description: Read-write-only (RWO) storage class for using IBM Security Guardium Insights. Type: String StorageClassRWX: AllowedValues: - 'ocs-storagecluster-cephfs' Default: 'ocs-storagecluster-cephfs' Description: Read-write-many (RWX) storage class for using IBM Security Guardium Insights. Type: String GIDeploymentLogsBucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: S3 bucket name must be 3–63 characters. It can include numbers, lowercase letters, and hyphens (-), but cannot start or end with a hyphen (-). Description: >- Name of the S3 bucket for IBM Security Guardium Insights deployment logs. This S3 bucket is created with the stack. Deployment logs contain a record of bootstrap scripting actions and are useful for troubleshooting failed deployments. S3 bucket name must be 3–63 characters. It can include numbers, lowercase letters, and hyphens (-), but cannot start or end with a hyphen (-). MaxLength: 63 MinLength: 3 Type: String QSS3BucketName: AllowedPattern: '[0-9a-z-]*$' ConstraintDescription: S3 bucket name must be 3–63 characters. It can include numbers, lowercase letters, and hyphens (-), but cannot start or end with a hyphen (-). Description: >- Name of the S3 bucket for your copy of the deployment assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new location. MaxLength: 63 MinLength: 3 Default: 'aws-quickstart' Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'AWS Region where the S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing the Region updates code references to point to a new location. When using your own bucket, specify the Region.' Type: String QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: The S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End the prefix with a forward slash. Default: quickstart-ibm-security-guardium-insights/ Description: >- S3 key prefix that is used to simulate a folder for your copy of the deployment assets. Keep the default prefix unless you are customizing the template. Changing the prefix updates code references to point to a new location. Type: String Rules: AdminUsernameRule: Assertions: - Assert: Fn::Not : [{"Fn::Equals" : [{"Ref" : "AdminUsername"}, "admin"]}] AssertDescription: Value cannot be 'admin'. LicenseAgreementRule: Assertions: - Assert: Fn::Contains: - - I agree - Ref: LicenseAgreement AssertDescription: User must agree to the terms of the license agreement. XsmallProductionSizeRule: RuleCondition: Fn::Equals: [{ "Ref": "GIProductionSize" }, "xsmall"] Assertions: - Assert: Fn::Equals: [{ "Ref": "NumberOfGINodes" }, "2"] AssertDescription: Number of Guardium Insights nodes must be 2 for xsmall production size. - Assert: Fn::Equals: [{ "Ref": "NumberOfDb2DataNodes" }, "1"] AssertDescription: Number of Db2 data nodes must be 1 for xsmall production size. - Assert: Fn::Equals: [{ "Ref": "GINodeInstanceType" }, "m5.8xlarge"] AssertDescription: Guardium Insights node instance type must be 'm5.8xlarge' for xsmall production size. - Assert: Fn::Equals: [{ "Ref": "Db2DataNodeInstanceType" }, "m5.8xlarge"] AssertDescription: Db2 data node instance type must be 'm5.8xlarge' for xsmall production size. - Assert: Fn::Equals: [{ "Ref": "NumberOfOCS" }, "3"] AssertDescription: Number of OCS nodes must be 3 for xsmall production size. SmallProductionSizeRule: RuleCondition: Fn::Equals: [{ "Ref": "GIProductionSize" }, "small"] Assertions: - Assert: Fn::Equals: [{ "Ref": "NumberOfGINodes" }, "3"] AssertDescription: Number of Guardium Insights nodes must be 3 for small production size. - Assert: Fn::Equals: [{ "Ref": "NumberOfDb2DataNodes" }, "2"] AssertDescription: Number of Db2 data nodes must be 2 for small production size. - Assert: Fn::Equals: [{ "Ref": "GINodeInstanceType" }, "m5.4xlarge"] AssertDescription: Guardium Insights node instance type must be 'm5.4xlarge' for small production size. - Assert: Fn::Equals: [{ "Ref": "Db2DataNodeInstanceType" }, "m5.4xlarge"] AssertDescription: Db2 data node instance type must be 'm5.4xlarge' for small production size. - Assert: Fn::Equals: [{ "Ref": "NumberOfOCS" }, "3"] AssertDescription: Number of OCS nodes must be 3 for small production size. MediumProductionSizeRule: RuleCondition: Fn::Equals: [{ "Ref": "GIProductionSize" }, "med"] Assertions: - Assert: Fn::Equals: [{ "Ref": "NumberOfGINodes" }, "4"] AssertDescription: Number of Guardium Insights nodes must be 4 for med production size. - Assert: Fn::Equals: [{ "Ref": "NumberOfDb2DataNodes" }, "3"] AssertDescription: Number of Db2 data nodes must be 3 for med production size. - Assert: Fn::Equals: [{ "Ref": "GINodeInstanceType" }, "m5.4xlarge"] AssertDescription: Guardium Insights node instance type must be 'm5.4xlarge' for med production size. - Assert: Fn::Equals: [{ "Ref": "Db2DataNodeInstanceType" }, "m5.8xlarge"] AssertDescription: Db2 data node instance type must be 'm5.8xlarge' for med production size. - Assert: Fn::Equals: [{ "Ref": "NumberOfOCS" }, "5"] AssertDescription: Number of OCS nodes must be 5 for med production size. LargeProductionSizeRule: RuleCondition: Fn::Equals: [{ "Ref": "GIProductionSize" }, "large"] Assertions: - Assert: Fn::Equals: [{ "Ref": "NumberOfGINodes" }, "5"] AssertDescription: Number of Guardium Insights nodes must be 5 for large production size. - Assert: Fn::Equals: [{ "Ref": "NumberOfDb2DataNodes" }, "3"] AssertDescription: Number of Db2 data nodes must be 3 for large production size. - Assert: Fn::Equals: [{ "Ref": "GINodeInstanceType" }, "m5.4xlarge"] AssertDescription: Guardium Insights node instance type must be 'm5.4xlarge' for large production size. - Assert: Fn::Equals: [{ "Ref": "Db2DataNodeInstanceType" }, "m5.16xlarge"] AssertDescription: Db2 data node instance type must be 'm5.16xlarge' for large production size. - Assert: Fn::Equals: [{ "Ref": "NumberOfOCS" }, "5"] AssertDescription: Number of OCS nodes must be 5 for large production size. XLargeProductionSizeRule: RuleCondition: Fn::Equals: [{ "Ref": "GIProductionSize" }, "xlarge"] Assertions: - Assert: Fn::Equals: [{ "Ref": "NumberOfGINodes" }, "5"] AssertDescription: Number of Guardium Insights nodes must be 5 for xlarge production size. - Assert: Fn::Equals: [{ "Ref": "NumberOfDb2DataNodes" }, "5"] AssertDescription: Number of Db2 data nodes must be 5 for xlarge production size. - Assert: Fn::Equals: [{ "Ref": "GINodeInstanceType" }, "m5.4xlarge"] AssertDescription: Guardium Insights node instance type must be 'm5.4xlarge' for xlarge production size. - Assert: Fn::Equals: [{ "Ref": "Db2DataNodeInstanceType" }, "m5.16xlarge"] AssertDescription: Db2 data node instance type must be 'm5.16xlarge' for xlarge production size. - Assert: Fn::Equals: [{ "Ref": "NumberOfOCS" }, "3"] AssertDescription: Number of OCS nodes must be 3 for xlarge production size. Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/aws-vpc.template.yaml - S3Bucket: !If [ UsingDefaultBucket, !Sub "${QSS3BucketName}-${AWS::Region}", !Ref QSS3BucketName, ] S3Region: !If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion] Parameters: NumberOfAZs: !Ref NumberOfAZs AvailabilityZones: !Join [',', !Ref 'AvailabilityZones'] VPCCIDR: !Ref 'VPCCIDR' PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnetATag2: !Sub 'kubernetes.io/cluster/${AWS::StackName}-${AWS::Region}=owned' PrivateSubnetATag3: 'kubernetes.io/role/internal-elb=' PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnetTag2: !Sub 'kubernetes.io/cluster/${AWS::StackName}-${AWS::Region}=owned' PublicSubnetTag3: 'kubernetes.io/role/elb=' GuardiumInsightsStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/guardium-insights-existing-vpc.template.yaml - S3Bucket: !If [ UsingDefaultBucket, !Sub "${QSS3BucketName}-${AWS::Region}", !Ref QSS3BucketName, ] S3Region: !If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion] Parameters: NumberOfAZs: !Ref 'NumberOfAZs' AvailabilityZones: !Join [',', !Ref 'AvailabilityZones'] VPCID: !GetAtt 'VPCStack.Outputs.VPCID' VPCCIDR: !Ref 'VPCCIDR' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' BootNodeAccessCIDR: !Ref 'BootNodeAccessCIDR' DomainName: !Ref 'DomainName' KeyPairName: !Ref 'KeyPairName' GIProductionSize: !Ref 'GIProductionSize' NumberOfMaster: !Ref 'NumberOfMaster' NumberOfGINodes: !Ref 'NumberOfGINodes' NumberOfDb2DataNodes: !Ref 'NumberOfDb2DataNodes' MasterInstanceType: !Ref 'MasterInstanceType' GINodeInstanceType: !Ref 'GINodeInstanceType' Db2DataNodeInstanceType: !Ref 'Db2DataNodeInstanceType' ClusterName: !Ref 'ClusterName' RedhatPullSecret: !Ref 'RedhatPullSecret' StorageType: !Ref 'StorageType' NumberOfOCS: !Ref 'NumberOfOCS' OCSInstanceType: !Ref 'OCSInstanceType' LicenseAgreement: !Ref 'LicenseAgreement' LicenseType: !Ref 'LicenseType' GIVersion: !Ref 'GIVersion' AdminUsername: !Ref 'AdminUsername' AdminPassword: !Ref 'AdminPassword' Namespace: !Ref 'Namespace' RepositoryPassword: !Ref 'RepositoryPassword' HostName: !Ref 'HostName' IngressKeyFile: !Ref 'IngressKeyFile' IngressCertFile: !Ref 'IngressCertFile' IngressCAFile: !Ref 'IngressCAFile' StorageClassRWO: !Ref 'StorageClassRWO' StorageClassRWX: !Ref 'StorageClassRWX' GIDeploymentLogsBucketName: !Ref 'GIDeploymentLogsBucketName' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' Outputs: BootnodePublicIp: Description: The boot node public IP address. Value: !GetAtt 'GuardiumInsightsStack.Outputs.BootnodePublicIp' AdminUsername: Description: The username to access the IBM Security Guardium Insights platform. Value: !GetAtt 'GuardiumInsightsStack.Outputs.AdminUsername' OpenShiftWebConsoleURL: Description: Red Hat OpenShift Container platform web console URL. Value: !GetAtt 'GuardiumInsightsStack.Outputs.OpenShiftWebConsoleURL' GIWebClientURL: Description: IBM Security Guardium Insights platform URL. Value: !GetAtt 'GuardiumInsightsStack.Outputs.GIWebClientURL'