AWSTemplateFormatVersion: "2010-09-09" Description: Deploys an EKS cluster with JFrog Artifactory into an existing VPC (qs-1q037efm3). Metadata: cfn-lint: config: ignore_checks: - E9101 - W9006 ignore_reasons: - E9101: "'master' is part of the product naming conventions for now" QuickStartDocumentation: EntrypointName: "Launch into an existing VPC" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Security configuration Parameters: - KeyPairName - AccessCidr - RemoteAccessCidr - AdditionalEKSAdminUserArn - AdditionalEKSAdminRoleArn - Label: default: Network configuration Parameters: - VpcId - VpcCidr - PrivateSubnet1Id - PrivateSubnet2Id - PrivateSubnet3Id - PublicSubnet1Id - PublicSubnet2Id - PublicSubnet3Id - PrivateSubnet1Cidr - PrivateSubnet2Cidr - PrivateSubnet3Cidr - Label: default: Bastion configuration Parameters: - ProvisionBastionHost - BastionInstanceType - BastionOS - BastionRootVolumeSize - BastionEnableTcpForwarding - BastionEnableX11Forwarding - Label: default: JFrog Artifactory configuration Parameters: - HelmChartVersion - DefaultDeploymentSize - ArtifactoryDeploymentSize - ArtifactoryNumberOfNodes - SmLicenseName - SmCertName - MasterKey - Label: default: Amazon RDS configuration Parameters: - DatabaseName - DatabaseUser - DatabasePassword - DatabaseInstance - DatabaseAllocatedStorage - MultiAzDatabase - Label: default: JFrog Xray Configuration Parameters: - XrayEnabled - XrayNumberOfNodes - XrayDatabaseUser - XrayDatabasePassword - Label: default: EKS configuration Parameters: - KubernetesVersion - NodeInstanceType - NumofSecondaryNodes - NodeVolumeSize - PerAccountSharedResources - PerRegionSharedResources - Label: default: AWS Quick Start configuration (INTERNAL SETTINGS. DO NOT MODIFY) Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: KeyPairName: default: SSH key name AccessCidr: default: Permitted IP range RemoteAccessCidr: default: Remote access CIDR AdditionalEKSAdminUserArn: default: Additional EKS admin ARN (IAM user) AdditionalEKSAdminRoleArn: default: Additional EKS admin ARN (IAM role) VpcId: default: VPC ID VpcCidr: default: VPC CIDR PublicSubnet1Id: default: Public subnet 1 ID PublicSubnet2Id: default: Public subnet 2 ID PublicSubnet3Id: default: Public subnet 3 ID PrivateSubnet1Id: default: Private subnet 1 ID PrivateSubnet2Id: default: Private subnet 2 ID PrivateSubnet3Id: default: Private subnet 3 ID PrivateSubnet1Cidr: default: Private subnet 1 CIDR PrivateSubnet2Cidr: default: Private subnet 2 CIDR PrivateSubnet3Cidr: default: Private subnet 3 CIDR ProvisionBastionHost: default: Bastion instance PerAccountSharedResources: default: Per-account shared resources PerRegionSharedResources: default: Per-Region shared resources BastionInstanceType: default: Bastion instance type BastionRootVolumeSize: default: Bastion root volume size BastionEnableTcpForwarding: default: Bastion enable TCP forwarding BastionEnableX11Forwarding: default: Bastion enable X11 forwarding BastionOS: default: Bastion operating system HelmChartVersion: default: Artifactory Helm chart version XrayEnabled: default: Install JFrog Xray DefaultDeploymentSize: default: Default Artifactory deployment size ArtifactoryDeploymentSize: default: Artifactory deployment size ArtifactoryNumberOfNodes: default: Number of Artifactory pods SmLicenseName: default: Artifactory licenses secret name SmCertName: default: Artifactory certificate secret name MasterKey: default: Master server key DatabaseName: default: Database name DatabaseUser: default: Database user DatabasePassword: default: Database password XrayNumberOfNodes: default: Number of Xray pods XrayDatabaseUser: default: Xray Database user XrayDatabasePassword: default: Xray Database password DatabaseInstance: default: Database instance type DatabaseAllocatedStorage: default: Database allocated storage MultiAzDatabase: default: High-available database NodeInstanceType: default: Node instance type NodeVolumeSize: default: Node EBS volume size NumofSecondaryNodes: default: Number of secondary nodes KubernetesVersion: default: Kubernetes version QSS3BucketName: default: Quick Start S3 bucket name (Do not modify) QSS3KeyPrefix: default: Quick Start S3 key prefix (Do not modify) QSS3BucketRegion: default: Quick Start S3 bucket region (Do not modify) Parameters: KeyPairName: Description: Name of an existing key pair, which allows you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName AccessCidr: Description: CIDR IP range that is permitted to access Artifactory. We recommend that you set this value to a trusted IP range. For example, you might want to grant only your corporate network access to the software. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Type: String RemoteAccessCidr: Description: Remote CIDR range for allowing SSH into the bastion instance. We recommend that you set this value to a trusted IP range. For example, you might want to grant specific ranges inside your corporate network SSH access. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Type: String AdditionalEKSAdminUserArn: Description: "[OPTIONAL] Amazon Resource Name (ARN): a comma-separated list of IAM users to be granted admin access to the EKS cluster." Default: "" Type: CommaDelimitedList AdditionalEKSAdminRoleArn: Description: "[OPTIONAL] Amazon Resource Name (ARN): a comma-separated list of IAM roles to be granted admin access to the EKS cluster." Default: "" Type: CommaDelimitedList VpcId: Description: ID of your existing VPC for deployment (e.g., vpc-0343606e). Type: AWS::EC2::VPC::Id VpcCidr: Description: CIDR block for the VPC. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Type: String PublicSubnet1Id: Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). Type: "AWS::EC2::Subnet::Id" PublicSubnet2Id: Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). Type: "AWS::EC2::Subnet::Id" PublicSubnet3Id: Description: ID of the public subnet in Availability Zone 3 of your existing VPC (e.g., subnet-a29c3d84). Type: "AWS::EC2::Subnet::Id" PrivateSubnet1Id: Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). Type: "AWS::EC2::Subnet::Id" PrivateSubnet2Id: Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). Type: "AWS::EC2::Subnet::Id" PrivateSubnet3Id: Description: ID of the private subnet in Availability Zone 3 of your existing VPC (e.g., subnet-b58c3d67). Type: "AWS::EC2::Subnet::Id" PrivateSubnet1Cidr: Description: CIDR of the private subnet in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Type: String PrivateSubnet2Cidr: Description: CIDR of the private subnet in Availability Zone 2 of your existing VPC (e.g., 10.0.32.0/19). AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Type: String PrivateSubnet3Cidr: Description: CIDR block for private subnet 3 located in Availability Zone 3 of your existing VPC (e.g., 10.0.64.0/19). AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.64.0/19 Type: String NodeInstanceType: Description: Amazon EC2 instance type for the nodes hosting the Kubernetes pods. AllowedValues: - t3.nano - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5.12xlarge - m5.24xlarge - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge - c5.9xlarge - c5.18xlarge - i3.large - i3.xlarge - i3.2xlarge - i3.4xlarge - i3.8xlarge - i3.16xlarge - x1.16xlarge - x1.32xlarge - p3.2xlarge - p3.8xlarge - p3.16xlarge - r5.large - r5.xlarge - r5.2xlarge - r5.4xlarge - r5.12xlarge - r5.24xlarge - r5d.large - r5d.xlarge - r5d.2xlarge - r5d.4xlarge - r5d.12xlarge - r5d.24xlarge - z1d.large - z1d.xlarge - z1d.2xlarge - z1d.3xlarge - z1d.6xlarge - z1d.12xlarge ConstraintDescription: Must be a valid EC2 instance type Default: m5.xlarge Type: String NodeVolumeSize: Description: Size of EBS volumes for master node instances, in gigabytes. Default: 200 Type: String NumofSecondaryNodes: Description: Initial number of secondary node instances to create. If you do not have large enough instances to boot the number of secondary pods, the deployment will fail. AllowedValues: - 1 - 2 - 3 - 4 - 5 - 6 - 7 Default: 2 Type: Number KubernetesVersion: Description: Kubernetes control plane version. AllowedValues: ["1.17", "1.18", "1.19", "1.20", "1.21","1.22","1.23"] Default: "1.22" Type: String ProvisionBastionHost: Description: Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being created in private subnets, the default setting of Enabled this is highly recommended. AllowedValues: - "Enabled" - "Disabled" Default: "Enabled" Type: String PerAccountSharedResources: Type: String AllowedValues: ["AutoDetect", "Yes", "No"] Default: "Yes" Description: Choose "No" if you already deployed another EKS Quick Start stack in your AWS account. PerRegionSharedResources: Type: String AllowedValues: ["AutoDetect", "Yes", "No"] Default: "Yes" Description: Choose "No" if you already deployed another EKS Quick Start stack in your Region. BastionInstanceType: Description: Size of the bastion instances. AllowedValues: - t3.micro - t3.small - t3.medium - t3.large - m5.large - m5.xlarge Default: "t3.micro" Type: String BastionRootVolumeSize: Description: Size of the root volume on the bastion instances. Default: 10 Type: Number BastionEnableTcpForwarding: Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance or not. AllowedValues: - "true" - "false" Default: "true" Type: String BastionEnableX11Forwarding: Description: Choose true to enable X11 via the bootstrapping of the bastion host. Setting this value to true will enable X Windows over SSH. X11 forwarding can be very useful but it is also a security risk, so we recommend that you keep the default (false) setting unless required. AllowedValues: - "true" - "false" Default: "false" Type: String BastionOS: Type: String AllowedValues: [ "Amazon-Linux2-HVM", "Amazon-Linux-HVM", "CentOS-7-HVM", "Ubuntu-Server-14.04-LTS-HVM", "Ubuntu-Server-16.04-LTS-HVM", "SUSE-SLES-15-HVM", ] Default: "Amazon-Linux2-HVM" Description: Linux distribution of the bastion host. ArtifactoryNumberOfNodes: Description: Number of Artifactory pods to complete your HA deployment. Minimum number of 3 to fit the Artifactory best practices. Do not select more than you license for. If you are doing a JFrog Container Registry Deployment, this will create the number of underlying nodes and NGINX containers. AllowedValues: - 1 - 2 - 3 - 4 - 5 - 6 - 7 Default: 3 Type: Number HelmChartVersion: Description: Version of Artifactory that you want to deploy into the Quick Start. Please see the release notes to select the version you want to deploy. https://www.jfrog.com/confluence/display/RTF/Release+Notes AllowedPattern: ^(([0-9]|[1-9][0-9]|[1-9][0-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A Helm chart version that matches X.X.X per Artifactory releases. Default: "10.9.4" Type: String XrayEnabled: Description: Choose true to install JFrog Xray instance(s). ConstraintDescription: True or False AllowedValues: - "true" - "false" Default: "false" Type: String DefaultDeploymentSize: Description: Choose false to overwrite the standard calculations of memory options to pass Java options for the deployment. If overwriting them, not to over provision the nodes. ConstraintDescription: True or False AllowedValues: - "true" - "false" Default: "true" Type: String ArtifactoryDeploymentSize: Description: Configuration settings implemented by the Helm chart. There are currently eight supported sizes. This value is only taken into account if you choose 'false' for DefaultDeploymentSize. 'xxxLarge:' Only applicable to node InstanceType m5.24xlarge or larger - Memory request of 240 GiB, memory limit of 384GiB; CPU request of 64, CPU limit of 96; Java heap size minimum of 192 GB, maximum of 288 GB. 'xxLarge:' Only applicable to node InstanceType m5.16xlarge or larger - Memory request of 160 GiB, memory limit of 256GiB; CPU request of 48, CPU limit of 64; Java heap size minimum of 128 GB, maximum of 192 GB. 'xLarge:' Only applicable to node InstanceType m5.12xlarge or larger - Memory request of 120 GiB, memory limit of 192GiB; CPU request of 32, CPU limit of 48; Java heap size minimum of 96 GB, maximum of 144 GB. 'Large:' Only applicable to node InstanceType m5.8xlarge or larger - Memory request of 80 GiB, memory limit of 128GiB; CPU request of 16, CPU limit of 32; Java heap size minimum of 64 GB, maximum of 96 GB. 'Medium:' Only applicable to node InstanceType m5.4xlarge or larger - Memory request of 42 GiB, memory limit of 64 GiB; CPU request of 8, CPU limit of 16; Java heap size minimum of 32 GB, maximum of 48 GB. 'Small:' Only applicable to node InstanceType m5.2xlarge or larger - Memory request of 20 GiB, memory limit of 32 GiB; CPU request of 4, CPU limit of 8; Java heap size minimum of 16 GB, maximum of 24 GB. 'xSmall:' Only applicable to node InstanceType m5.xlarge or larger - Memory request of 6 GiB, memory limit of 16 GiB; CPU request of 2, CPU limit of 4; Java heap size minimum of 8 GB, maximum of 12 GB. 'xxSmall:' Applicable to all node Instance Types - Memory request of 4 GiB, memory limit of 6 GiB; CPU request of 2, CPU limit of 2; Java heap size of 4 GB. AllowedValues: - xxSmall - xSmall - Small - Medium - Large - xLarge - xxLarge - xxxLarge Default: xSmall Type: String SmLicenseName: Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. Default: "" Type: String SmCertName: Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. Default: "" Type: String MasterKey: Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. AllowedPattern: ^[a-zA-Z0-9]+$ MinLength: "1" MaxLength: "64" ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. NoEcho: "true" Type: String DatabaseName: Description: Name for your database instance. The name must be unique across all database instances owned by your AWS account in the current AWS Region. The database instance identifier is case-insensitive, but is stored as all lowercase (as in "mydbinstance"). AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ MinLength: "1" MaxLength: "60" ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. Default: artdb Type: String DatabaseUser: Description: Login ID for the master user of your database instance. MinLength: "1" MaxLength: "16" AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter Default: artifactory Type: String DatabasePassword: Description: The password for the Artifactory database user. AllowedPattern: ^[^ \\']+$ MinLength: "8" MaxLength: "12" ConstraintDescription: Must be at least 8 and no more than 12 characters containing letters and (minimum 1 capital letter), numbers and symbols. NoEcho: "true" Type: String XrayNumberOfNodes: Description: Number of Xray pods to complete your HA deployment. Minimum number of 3 to fit the JPD best practices. Do not select more than you license for. AllowedValues: - 1 - 2 - 3 - 4 - 5 - 6 - 7 Default: 3 Type: Number XrayDatabaseUser: Description: Login ID for your xray database. MinLength: "1" MaxLength: "16" AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter. Default: xray Type: String XrayDatabasePassword: Description: Password for the Xray database user. AllowedPattern: ^[^ \\'"]+$ MinLength: "8" MaxLength: "20" ConstraintDescription: Must be at least 8 and no more than 20 printable ASCII characters (letters, numbers and symbols. Can't contain any of / (slash), '(single quote), "(double quote) and @ (at sign). NoEcho: "true" Type: String DatabaseInstance: Description: Size of the database to be deployed as part of the Quick Start. AllowedValues: - db.m3.medium - db.m3.large - db.m3.xlarge - db.m3.2xlarge - db.m4.large - db.m4.xlarge - db.m4.2xlarge - db.m4.10xlarge - db.m4.16xlarge - db.m5.large - db.m5.xlarge - db.m5.2xlarge - db.m5.4xlarge - db.m5.12xlarge - db.m5.24xlarge ConstraintDescription: Must be a valid database Instance Type. Default: db.m4.large Type: String DatabaseAllocatedStorage: Description: Size in gigabytes of the available storage for the database instance. MinValue: 5 MaxValue: 1024 Default: 10 Type: Number MultiAzDatabase: Description: Choose false to create an Amazon RDS instance in a single Availability Zone. ConstraintDescription: True or False AllowedValues: - "true" - "false" Default: "true" Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-jfrog-artifactory-eks/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String QSS3BucketRegion: Default: "us-east-1" Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value. Type: String Conditions: BastionSecurityGroup: !Equals [!Ref "ProvisionBastionHost", "Enabled"] DefaultSize: !Equals [!Ref DefaultDeploymentSize, "true"] UsingDefaultBucket: !Equals [!Ref QSS3BucketName, "aws-quickstart"] SmLicenseNameExists: !Not [!Equals [!Ref "SmLicenseName", ""]] SmCertNameExists: !Not [!Equals [!Ref "SmCertName", ""]] Resources: JFrogEKSAdvancedConfigStack: Type: AWS::CloudFormation::Stack Metadata: { cfn-lint: { config: { ignore_checks: [E9902, W9901] } } } Properties: TemplateURL: !Sub - "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-amazon-eks/templates/amazon-eks-advanced-configuration.template.yaml" - S3Region: !If [UsingDefaultBucket, !Ref "AWS::Region", !Ref QSS3BucketRegion] S3Bucket: !If [ UsingDefaultBucket, !Sub "${QSS3BucketName}-${AWS::Region}", !Ref QSS3BucketName, ] Parameters: ConfigSetName: !Ref AWS::StackName ConsulUIAccessCIDR: !Ref RemoteAccessCidr VaultUIAccessCIDR: !Ref RemoteAccessCidr NodeVolumeSize: !Ref NodeVolumeSize KubernetesVersion: !Ref KubernetesVersion NodeGroupName: "JFrog-Artifactory-Pro" Labels: !Sub "partition=JFrog-Artifactory-Pro" BastionInstanceType: !Ref BastionInstanceType BastionOS: !Ref BastionOS BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding BastionRootVolumeSize: !Ref BastionRootVolumeSize BastionEnableTCPForwarding: !Ref BastionEnableTcpForwarding EKSStack: Type: AWS::CloudFormation::Stack DependsOn: - JFrogEKSAdvancedConfigStack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-amazon-eks/templates/amazon-eks-entrypoint-existing-vpc.template.yaml - S3Bucket: !If [ UsingDefaultBucket, !Sub "${QSS3BucketName}-${AWS::Region}", !Ref "QSS3BucketName", ] S3Region: !If [ UsingDefaultBucket, !Ref "AWS::Region", !Ref "QSS3BucketRegion", ] Parameters: VPCID: !Ref VpcId PrivateSubnet1ID: !Ref PrivateSubnet1Id PrivateSubnet2ID: !Ref PrivateSubnet2Id PrivateSubnet3ID: !Ref PrivateSubnet3Id PublicSubnet1ID: !Ref PublicSubnet1Id PublicSubnet2ID: !Ref PublicSubnet2Id PublicSubnet3ID: !Ref PublicSubnet3Id RemoteAccessCIDR: !Ref RemoteAccessCidr KeyPairName: !Ref KeyPairName ConfigSetName: !Ref AWS::StackName PerAccountSharedResources: !Ref PerAccountSharedResources PerRegionSharedResources: !Ref PerRegionSharedResources ProvisionBastionHost: !Ref ProvisionBastionHost AdditionalEKSAdminUserArn: !Join [",", !Ref AdditionalEKSAdminUserArn] AdditionalEKSAdminRoleArn: !Join [",", !Ref AdditionalEKSAdminRoleArn] NodeInstanceType: !Ref NodeInstanceType NumberOfNodes: "1" MaxNumberOfNodes: "1" QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Sub "${QSS3KeyPrefix}submodules/quickstart-amazon-eks/" QSS3BucketRegion: !Ref QSS3BucketRegion ArtifactorySecondaryNodesStack: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-amazon-eks/submodules/quickstart-amazon-eks-nodegroup/templates/amazon-eks-nodegroup.template.yaml - S3Bucket: !If [ UsingDefaultBucket, !Sub "${QSS3BucketName}-${AWS::Region}", !Ref "QSS3BucketName", ] S3Region: !If [ UsingDefaultBucket, !Ref "AWS::Region", !Ref "QSS3BucketRegion", ] Parameters: KeyPairName: !Ref "KeyPairName" Subnet1ID: !Ref PrivateSubnet1Id Subnet2ID: !Ref PrivateSubnet2Id Subnet3ID: !Ref PrivateSubnet3Id NodeInstanceType: !Ref NodeInstanceType NumberOfNodes: !Ref NumofSecondaryNodes MaxNumberOfNodes: !Ref NumofSecondaryNodes NodeGroupName: !Sub "JFrog-Artifactory-Pro-secondary" NodeVolumeSize: !Ref NodeVolumeSize Labels: !Sub "partition=JFrog-Artifactory-Pro-secondary" EKSClusterName: !GetAtt EKSStack.Outputs.EKSClusterName # Allow the bastion host to SSH into the secondary node pools BastionToRegularIngress: Condition: BastionSecurityGroup Type: "AWS::EC2::SecurityGroupIngress" Properties: Description: Allow SSH from Bastion server to Regular Nodes GroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup SourceSecurityGroupId: !GetAtt EKSStack.Outputs.BastionSecurityGroup IpProtocol: tcp ToPort: 22 FromPort: 22 # Allow the secondary node pools to bidirectionally communicate with "initial" (master) nodes RegularToMasterIngress: Type: AWS::EC2::SecurityGroupIngress Properties: Description: Allows regular nodes to communicate with master nodes GroupId: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup SourceSecurityGroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup IpProtocol: "-1" FromPort: 0 ToPort: 65535 MasterToRegularIngress: Type: AWS::EC2::SecurityGroupIngress Properties: Description: Allows master nodes to communicate with regular agent nodes GroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup SourceSecurityGroupId: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup IpProtocol: "-1" FromPort: 0 ToPort: 65535 ArtifactoryCoreInfraStack: DependsOn: EKSStack Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml - S3Bucket: !If [ UsingDefaultBucket, !Sub "${QSS3BucketName}-${AWS::Region}", !Ref "QSS3BucketName", ] S3Region: !If [ UsingDefaultBucket, !Ref "AWS::Region", !Ref "QSS3BucketRegion", ] Parameters: VpcId: !Ref VpcId VpcCidr: !Ref VpcCidr PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr PrivateSubnet3Cidr: !Ref PrivateSubnet3Cidr SubnetIds: !Join [ ",", [ !Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id, !Ref PrivateSubnet3Id, ], ] DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage MultiAzDatabase: !Ref MultiAzDatabase DatabaseUser: !Ref DatabaseUser DatabasePassword: !Ref DatabasePassword XrayDatabaseUser: !Ref XrayDatabaseUser XrayDatabasePassword: !Ref XrayDatabasePassword DatabaseInstance: !Ref DatabaseInstance DatabaseName: !Ref DatabaseName InstanceType: !Ref NodeInstanceType XrayEnabled: !Ref XrayEnabled QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix ArtifactoryCoreStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/artifactory-eks-core-workload.template.yaml - S3Bucket: !If [ UsingDefaultBucket, !Sub "${QSS3BucketName}-${AWS::Region}", !Ref "QSS3BucketName", ] S3Region: !If [ UsingDefaultBucket, !Ref "AWS::Region", !Ref "QSS3BucketRegion", ] Parameters: ArtifactoryNumberOfNodes: !Ref ArtifactoryNumberOfNodes XrayNumberOfNodes: !Ref XrayNumberOfNodes AccessCidr: !Ref AccessCidr ArtifactoryLicense1: !If [ SmLicenseNameExists, !Sub "{{resolve:secretsmanager:${SmLicenseName}:SecretString:ArtifactoryLicense1}}", "", ] ArtifactoryLicense2: !If [ SmLicenseNameExists, !Sub "{{resolve:secretsmanager:${SmLicenseName}:SecretString:ArtifactoryLicense2}}", "", ] ArtifactoryLicense3: !If [ SmLicenseNameExists, !Sub "{{resolve:secretsmanager:${SmLicenseName}:SecretString:ArtifactoryLicense3}}", "", ] ArtifactoryLicense4: !If [ SmLicenseNameExists, !Sub "{{resolve:secretsmanager:${SmLicenseName}:SecretString:ArtifactoryLicense4}}", "", ] ArtifactoryLicense5: !If [ SmLicenseNameExists, !Sub "{{resolve:secretsmanager:${SmLicenseName}:SecretString:ArtifactoryLicense5}}", "", ] ArtifactoryLicense6: !If [ SmLicenseNameExists, !Sub "{{resolve:secretsmanager:${SmLicenseName}:SecretString:ArtifactoryLicense6}}", "", ] ArtifactoryLicense7: !If [ SmLicenseNameExists, !Sub "{{resolve:secretsmanager:${SmLicenseName}:SecretString:ArtifactoryLicense7}}", "", ] Certificate: !If [ SmCertNameExists, !Sub "{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}", "", ] CertificateKey: !If [ SmCertNameExists, !Sub "{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}", "", ] ArtifactoryIamAcessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryIamAcessKey SecretAccessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.SecretAccessKey ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket DatabaseUser: !Ref DatabaseUser DatabasePassword: !Ref DatabasePassword XrayDatabaseUser: !Ref XrayDatabaseUser XrayDatabasePassword: !Ref XrayDatabasePassword DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType DatabaseHost: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseHost DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl MasterKey: !Ref MasterKey HelmChartVersion: !Ref HelmChartVersion XrayEnabled: !Ref XrayEnabled ArtifactoryDeploymentSize: !If [ DefaultSize, !GetAtt ArtifactoryCoreInfraStack.Outputs.DeploymentSize, !Ref ArtifactoryDeploymentSize, ] KubeClusterName: !GetAtt EKSStack.Outputs.EKSClusterName Outputs: ArtifactoryUrl: Value: !GetAtt ArtifactoryCoreStack.Outputs.ArtifactoryUrl Description: Public Artifactory URL BastionIp: Value: !GetAtt EKSStack.Outputs.BastionIP Description: Bastion host IP, for admin access via SSH