AWSTemplateFormatVersion: "2010-09-09" Description: "JFrog SaaS log collector on AWS Partner Solution in new VPC (qs-1t6cde8is)" Metadata: cfn-lint: config: ignore_checks: - W9006 AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Security configuration Parameters: - KeyPairName - RemoteAccessCidr - Label: default: Network configuration Parameters: - AvailabilityZones - VpcCidr - PrivateSubnet1Cidr - PrivateSubnet2Cidr - PublicSubnet1Cidr - PublicSubnet2Cidr - Label: default: Bastion configuration Parameters: - ProvisionBastionHost - BastionInstanceType - BastionOs - BastionRootVolumeSize - BastionEnableTcpForwarding - NumBastionHosts - BastionEnableX11Forwarding - Label: default: Amazon EC2 configuration Parameters: - VolumeSize - InstanceType - Label: default: Jfrog SaaS instance configuration Parameters: - JpdUrl - JpdUserName - JpdAdminTokenSecretName - Label: default: Splunk configuration Parameters: # - SplunkEnabled - SplunkHECHost - SplunkHECPort - SplunkHECTokenSecretName - SplunkHECSSLInsecure - Label: default: AWS Partner Solution configuration (INTERNAL SETTINGS. DO NOT MODIFY.) Parameters: - QsS3BucketName - QsS3KeyPrefix - QsS3BucketRegion ParameterLabels: AvailabilityZones: default: Availability Zones KeyPairName: default: SSH key name VpcCidr: default: VPC CIDR PrivateSubnet1Cidr: default: Private subnet 1 CIDR PrivateSubnet2Cidr: default: Private subnet 2 CIDR PublicSubnet1Cidr: default: Public subnet 1 CIDR PublicSubnet2Cidr: default: Public subnet 2 CIDR RemoteAccessCidr: default: Remote access CIDR ProvisionBastionHost: default: Bastion instance BastionInstanceType: default: Bastion instance type BastionRootVolumeSize: default: Bastion root volume size BastionEnableTcpForwarding: default: Bastion enable TCP forwarding BastionEnableX11Forwarding: default: Bastion enable X11 forwarding BastionOs: default: Bastion operating system NumBastionHosts: default: Number of bastion instances VolumeSize: default: EBS root volume size InstanceType: default: EC2 instance type JpdUrl: default: JFrog SaaS instance URL JpdUserName: default: JFrog admin user name JpdAdminTokenSecretName: default: JFrog admin token name for AWS Secrets Manager # SplunkEnabled: # default: Is Splunk Enabled SplunkHECHost: default: Splunk HEC host name SplunkHECPort: default: Splunk HEC port SplunkHECTokenSecretName: default: Splunk HEC token fpr AWS Secrets Manager SplunkHECSSLInsecure: default: Splunk HEC SSL insecure connection QsS3BucketName: default: Parter Solution S3 bucket name (Do not modify) QsS3KeyPrefix: default: Parter Solution S3 key prefix (Do not modify) QsS3BucketRegion: default: Parter Solution S3 bucket Region (Do not modify) Parameters: AvailabilityZones: Description: >- Availability Zones to use for the subnets in the VPC. Two Availability Zones are used in this solution. The logical order is preserved. Type: List KeyPairName: Description: Name of the key pair you created in your preferred Region. Key pairs allow you to connect securely to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName VpcCidr: Description: CIDR block for the VPC. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/16 Type: String PrivateSubnet1Cidr: Description: CIDR of the private subnet of your new VPC (e.g., 10.0.0.0/19). AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/19 Type: String PrivateSubnet2Cidr: Description: CIDR of the private subnet of your new VPC (e.g., 10.0.0.0/19). AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.32.0/19 Type: String PublicSubnet1Cidr: Description: CIDR of the public subnet of your new VPC (e.g., 10.0.0.0/19). AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.128.0/20 Type: String PublicSubnet2Cidr: Description: CIDR of the public subnet of your new VPC (e.g., 10.0.0.0/19). AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.144.0/20 Type: String RemoteAccessCidr: Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. Set this value to a trusted IP range. For example, you might want to grant specific ranges inside your corporate network SSH access. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x. Type: String ProvisionBastionHost: Description: Choose Disabled to skip creating a bastion instance. However, due to the Artifactory nodes being created in private subnets, default setting of Enabled is recommended. AllowedValues: - "Enabled" - "Disabled" Default: "Enabled" Type: String BastionInstanceType: Description: Size of the bastion instances. AllowedValues: - t3.nano - t3.micro - t3.small - t3.medium - t3.large - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: "t3.micro" Type: String BastionRootVolumeSize: Description: Size of the root volume on the bastion instances. Default: 10 Type: Number BastionEnableTcpForwarding: Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance. AllowedValues: - "true" - "false" Default: "true" Type: String BastionEnableX11Forwarding: Description: Choose true to enable X11 via the bootstrapping of the bastion host. Setting this value to true enables X Windows over SSH. X11 forwarding can be useful, but it is also a security risk, so keeping the default setting of false is recommended. AllowedValues: - "true" - "false" Default: "false" Type: String BastionOs: Description: Linux distribution for the Amazon Machine Image (AMI) used for the bastion instances. AllowedValues: - "Amazon-Linux2-HVM" - "CentOS-7-HVM" - "Ubuntu-Server-20.04-LTS-HVM" - "SUSE-SLES-15-HVM" Default: "Amazon-Linux2-HVM" Type: String NumBastionHosts: Description: Number of bastion instances to create. AllowedValues: - "1" - "2" - "3" - "4" Default: "1" Type: String VolumeSize: Description: Size in gigabytes of the available storage (minuimum of 10GB). This Parter Solution creates Amazon Elastic Block Store (Amazon EBS) volumes of this size. Default: 50 Type: Number InstanceType: Description: EC2 type for the Jfrog SaaS log instances. AllowedValues: - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5.8xlarge - m5.12xlarge - m5.16xlarge - m5.24xlarge - m5.metal - m5d.large - m5d.xlarge - m5d.2xlarge - m5d.4xlarge - m5d.8xlarge - m5d.12xlarge - m5d.16xlarge - m5d.24xlarge - m5d.metal - m5a.large - m5a.xlarge - m5a.2xlarge - m5a.4xlarge - m5a.8xlarge - m5a.12xlarge - m5a.16xlarge - m5a.24xlarge - m6g.xlarge ConstraintDescription: Must contain valid instance type. Default: m5.xlarge Type: String JpdUrl: Description: JFrog SaaS instance URL. Type: String JpdUserName: Description: JFrog admin user name. Default: admin Type: String JpdAdminTokenSecretName: Description: JFrog admin token for AWS Secrets Manager. Type: String # SplunkEnabled: # Description: Is Splunk Enabled # AllowedValues: # - "true" # - "false" # Default: "true" # Type: String SplunkHECHost: Description: Splunk HEC host name. Type: String SplunkHECPort: Description: Splunk HEC port> Type: String SplunkHECTokenSecretName: Description: Splunk HEC token for AWS Secrets Manager. Type: String SplunkHECSSLInsecure: Description: Splunk HEC SSL insecure connection. AllowedValues: - "true" - "false" Default: "false" Type: String QsS3BucketName: Description: Name of the S3 bucket for your copy of the deployment assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new location. AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ ConstraintDescription: The S3 bucket name can include numbers, lowercase letters, and hyphens (-), but it cannot start or end with a hyphen. Default: aws-quickstart Type: String QsS3KeyPrefix: Description: S3 key prefix that is used to simulate a folder for your copy of the deployment assets. Keep the default prefix unless you are customizing the template. Changing the prefix updates code references to point to a new location. AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: The S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), underscores (_), periods (.), asterisks (*), single quotes ('), open parenthesis ((), close parenthesis ()), and forward slashes (/). End the prefix with a forward slash. Default: quickstart-jfrog-artifactory/ Type: String QsS3BucketRegion: Default: "us-east-1" Description: AWS Region where the S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing the Region updates code references to point to a new location. When using your own bucket, specify the Region. Type: String Conditions: UsingDefaultBucket: !Equals [!Ref QsS3BucketName, "aws-quickstart"] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QsS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref QsS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1Cidr' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2Cidr' PublicSubnet1CIDR: !Ref 'PublicSubnet1Cidr' PublicSubnet2CIDR: !Ref 'PublicSubnet2Cidr' VPCCIDR: !Ref 'VpcCidr' JFrogStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-saas-log-collector-existing-vpc.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QsS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref QsS3BucketName] Parameters: KeyPairName: !Ref KeyPairName RemoteAccessCidr: !Ref RemoteAccessCidr VpcId: !GetAtt 'VPCStack.Outputs.VPCID' VpcCidr: !Ref VpcCidr PublicSubnetId: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PrivateSubnetId: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' # PrivateSubnetCidr: !Ref PrivateSubnet1Cidr ProvisionBastionHost: !Ref ProvisionBastionHost BastionInstanceType: !Ref BastionInstanceType BastionOs: !Ref BastionOs BastionRootVolumeSize: !Ref BastionRootVolumeSize BastionEnableTcpForwarding: !Ref BastionEnableTcpForwarding NumBastionHosts: !Ref NumBastionHosts BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding VolumeSize: !Ref VolumeSize InstanceType: !Ref InstanceType JpdUrl: !Ref JpdUrl JpdUserName: !Ref JpdUserName JpdAdminTokenSecretName: !Ref JpdAdminTokenSecretName # SplunkEnabled: !Ref SplunkEnabled SplunkHECHost: !Ref SplunkHECHost SplunkHECPort: !Ref SplunkHECPort SplunkHECTokenSecretName: !Ref SplunkHECTokenSecretName SplunkHECSSLInsecure: !Ref SplunkHECSSLInsecure QsS3BucketName: !Ref QsS3BucketName QsS3KeyPrefix: !Ref QsS3KeyPrefix QsS3BucketRegion: !Ref QsS3BucketRegion