AWSTemplateFormatVersion: "2010-09-09" Description: "JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)" Metadata: cfn-lint: config: ignore_checks: - E9101 ignore_reasons: - E9101: "'master' is part of the product naming conventions for now" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Essential configuration Parameters: - KeyPairName - DatabasePassword - Label: default: Network configuration Parameters: - AvailabilityZones - VpcId - PublicSubnet1Id - PublicSubnet2Id - PrivateSubnet1Id - PrivateSubnet2Id - PrivateSubnet1Cidr - PrivateSubnet2Cidr - Label: default: Security configuration Parameters: - AccessCidr - RemoteAccessCidr - Label: default: Amazon EC2 configuration Parameters: - VolumeSize - InstanceType - Label: default: JFrog Artifactory configuration Parameters: - ArtifactoryVersion - SmLicenseName - SmCertName - ArtifactoryServerName - MasterKey - Label: default: Amazon RDS configuration Parameters: - DatabaseInstance - DatabaseAllocatedStorage - Label: default: JFrog Xray Configuration Parameters: - InstallXray - XrayVersion - XrayInstanceType - Label: default: AWS Quick Start configuration (INTERNAL SETTINGS. DO NOT MODIFY) Parameters: - QsS3BucketName - QsS3KeyPrefix - QsS3BucketRegion ParameterLabels: QsS3BucketName: default: Quick Start S3 bucket name (Do not modify) QsS3KeyPrefix: default: Quick Start S3 key prefix (Do not modify) QsS3BucketRegion: default: Quick Start S3 bucket region (Do not modify) KeyPairName: default: SSH key name VpcId: default: VPC ID PublicSubnet1Id: default: Public subnet 1 ID PublicSubnet2Id: default: Public subnet 2 ID PrivateSubnet1Id: default: Private subnet 1 ID PrivateSubnet2Id: default: Private subnet 2 ID PrivateSubnet1Cidr: default: Private subnet 1 CIDR PrivateSubnet2Cidr: default: Private subnet 2 CIDR AccessCidr: default: Permitted IP range RemoteAccessCidr: default: Remote access CIDR AvailabilityZones: default: Availability Zones (You must select 2) VolumeSize: default: EBS root volume size InstanceType: default: EC2 instance type ArtifactoryVersion: default: Artifactory version SmLicenseName: default: Artifactory licenses secret name SmCertName: default: Artifactory certificate secret name ArtifactoryServerName: default: Artifactory server name MasterKey: default: Master server key DatabasePassword: default: Database password DatabaseInstance: default: Database instance type DatabaseAllocatedStorage: default: Database allocated storage InstallXray: default: Install JFrog Xray XrayVersion: default: Version of Xray to install XrayInstanceType: default: Xray instance type Parameters: QsS3BucketName: Description: S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, and hyphens (-). It cannot start or end with a hyphen (-). AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Type: String QsS3KeyPrefix: Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-jfrog-artifactory/ Type: String QsS3BucketRegion: Default: "us-east-1" Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value. Type: String KeyPairName: Description: Name of an existing key pair, which allows you to connect securely to your instance after it launches. This is the key pair you created in your preferred Region. Type: AWS::EC2::KeyPair::KeyName VpcId: Description: ID of your existing VPC (e.g., vpc-0343606e). Type: "AWS::EC2::VPC::Id" PublicSubnet1Id: Description: ID of the public subnet 1 in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). Type: "AWS::EC2::Subnet::Id" PublicSubnet2Id: Description: ID of the public subnet 2 in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). Type: "AWS::EC2::Subnet::Id" PrivateSubnet1Id: Description: ID of the private subnet 1 in Availability Zone 1 of your existing VPC (e.g., subnet-a29c3d84). Type: "AWS::EC2::Subnet::Id" PrivateSubnet2Id: Description: ID of the private subnet 2 in Availability Zone 1 of your existing VPC (e.g., subnet-a29c3d84). Type: "AWS::EC2::Subnet::Id" PrivateSubnet1Cidr: Description: CIDR of the private subnet 1 in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Type: String PrivateSubnet2Cidr: Description: CIDR of the private subnet 2 in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Type: String AccessCidr: Description: CIDR IP range that is permitted to access Artifactory. We recommend that you set this value to a trusted IP range. For example, you might want to grant only your corporate network access to the software. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 0.0.0.0/0 Type: String RemoteAccessCidr: Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. It is recommended that you set this value to a trusted IP range. For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Type: String AvailabilityZones: Description: List of Availability Zones to use for the subnets in the VPC. Two Availability Zones are used for this deployment. Type: List VolumeSize: Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an Amazon Elastic Block Store (Amazon EBS) volumes of this size. Default: 100 Type: Number InstanceType: Description: EC2 type for the Artifactory instances. AllowedValues: - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5.8xlarge - m5.12xlarge - m5.16xlarge - m5.24xlarge - m5.metal - m5d.large - m5d.xlarge - m5d.2xlarge - m5d.4xlarge - m5d.8xlarge - m5d.12xlarge - m5d.16xlarge - m5d.24xlarge - m5d.metal - m5a.large - m5a.xlarge - m5a.2xlarge - m5a.4xlarge - m5a.8xlarge - m5a.12xlarge - m5a.16xlarge - m5a.24xlarge ConstraintDescription: Must contain valid instance type. Default: m5.xlarge Type: String ArtifactoryVersion: Description: Version of Artifactory that you want to deploy into the Quick Start. To select the correct version, see the release notes at https://www.jfrog.com/confluence/display/RTF/Release+Notes. AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A version that matches X.X.X per Artifactory releases. Default: 7.47.10 Type: String SmLicenseName: Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. Default: "" Type: String SmCertName: Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. Default: "" Type: String ArtifactoryServerName: Description: Name of your Artifactory subdomain. Ensure that this matches your certificate. e.g. if you are installing at artifactory1.yourcompany.com, this value should be "artifactory1" Default: "artifactory" Type: String MasterKey: Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. AllowedPattern: ^[a-zA-Z0-9]+$ MinLength: "1" MaxLength: "64" ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. NoEcho: "true" Default: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" Type: String DatabasePassword: Description: Password for the Artifactory database user. AllowedPattern: ^[^ \\'"]+$ MinLength: "8" MaxLength: "20" ConstraintDescription: Must be at least 8 and no more than 20 printable ASCII characters (letters, numbers and symbols. Can't contain any of / (slash), '(single quote), "(double quote) and @ (at sign). NoEcho: "true" Type: String DatabaseInstance: Description: Size of the database to be deployed as part of the Quick Start. AllowedValues: - db.m5.large - db.m5.xlarge - db.m5.2xlarge - db.m5.4xlarge - db.m5.8xlarge - db.m5.12xlarge - db.m5.16xlarge - db.m5.24xlarge ConstraintDescription: Must be a valid database Instance Type. Default: db.m5.large Type: String DatabaseAllocatedStorage: Description: Size in gigabytes of the available storage for the database instance. MinValue: 5 MaxValue: 1024 Default: 10 Type: Number InstallXray: Description: Choose true to install JFrog Xray instance(s). ConstraintDescription: True or False AllowedValues: - "true" - "false" Default: "false" Type: String XrayVersion: Description: The version of Xray that you want to deploy into the Quick Start. AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A version that matches X.X.X per Xray releases. Default: 3.61.5 Type: String XrayInstanceType: Description: The EC2 instance type for the Xray instances. AllowedValues: - c5.2xlarge - c5.4xlarge ConstraintDescription: Must contain valid instance type. Default: c5.2xlarge Type: String Conditions: UsingDefaultBucket: !Equals [!Ref QsS3BucketName, "aws-quickstart"] Resources: ArtifactoryExistingVpcStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-existing-vpc.template.yaml - S3Bucket: !If [ UsingDefaultBucket, !Sub "${QsS3BucketName}-${AWS::Region}", !Ref "QsS3BucketName", ] S3Region: !If [ UsingDefaultBucket, !Ref "AWS::Region", !Ref "QsS3BucketRegion", ] Parameters: KeyPairName: !Ref KeyPairName ProvisionBastionHost: "Enabled" AccessCidr: !Ref AccessCidr RemoteAccessCidr: !Ref RemoteAccessCidr ArtifactoryVersion: !Ref ArtifactoryVersion VolumeSize: !Ref VolumeSize InstanceType: !Ref InstanceType NumberOfSecondary: 0 SmLicenseName: !Ref SmLicenseName SmCertName: !Ref SmCertName ArtifactoryServerName: !Ref ArtifactoryServerName MasterKey: !Ref MasterKey DatabasePassword: !Ref DatabasePassword DatabaseInstance: !Ref DatabaseInstance DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage MultiAzDatabase: false QsS3BucketName: !Ref QsS3BucketName QsS3KeyPrefix: !Ref QsS3KeyPrefix QsS3BucketRegion: !Ref QsS3BucketRegion InstallXray: !Ref InstallXray XrayVersion: !Ref XrayVersion XrayInstanceType: !Ref XrayInstanceType XrayDatabasePassword: !Ref DatabasePassword AvailabilityZones: Fn::Join: - "," - Ref: AvailabilityZones VpcId: !Ref VpcId PublicSubnet1Id: !Ref PublicSubnet1Id PublicSubnet2Id: !Ref PublicSubnet2Id PrivateSubnet1Id: !Ref PrivateSubnet1Id PrivateSubnet2Id: !Ref PrivateSubnet2Id PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr Outputs: ArtifactoryUrl: Description: URL of the ELB to access Artifactory Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl}