AWSTemplateFormatVersion: 2010-09-09 Description: '"This template deploys a single Micro Focus Enterprise Server instance as defined in the Micro Focus Enterprise Server Reference Architecture. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. License: Apache 2.0 (Please do not remove) Sept,05,2018. Micro Focus Enterprise Server is licensed separately, please review the terms and conditions here (https://www.microfocus.com/about/legal/) for further details. (qs-1p6hinfit)"' Metadata: cfn-lint: config: ignore_checks: - E9101 - E9010 - W9002 - W9003 - W9004 - W4002 - W2001 AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network Configuration Parameters: - SubnetID - AvailabilityZones - Label: default: Microsoft Active Directory Configuration Parameters: - DomainDNSName - DomainNetBIOSName - DomainMemberSGID - DomainAdminPassword - Label: default: Enterprise Server Configuration Parameters: - KeyPairName - ESClientAccessSGID - MFDSServiceAccountName - MFDSServiceAccountPassword - ESS3BucketName - ESS3BucketRegion - ESCWLogGroup - Label: default: PAC Configuration Parameters: - RedisEndPoint - PACDBMasterUsername - PACDBMasterUserPassword - Label: default: Fileshare Configuration Parameters: - FileshareDataFolderUNC - Label: default: Database Configuration Parameters: - DBMasterUsername - DBMasterUserPassword - ESDatabaseEndpointAddress - Label: default: Enterprise Server Demo Apps Configuration Parameters: - InstallFSDemoApp - InstallSQLDemoApp - ESDemoUserPassword - Label: default: AWS Quick Start Configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: AvailabilityZones: default: Availability Zones DBMasterUserPassword: default: Database Master password DBMasterUsername: default: Database Master username DomainAdminPassword: default: Domain Admin account password DomainDNSName: default: Domain DNS name DomainNetBIOSName: default: Domain NetBIOS name DomainMemberSGID: default: Domain member Security Group ID ESClientAccessSGID: default: ES Client Access Security Group ID ESCWLogGroup: default: Amazon CloudWatch Log Group ESDemoUserPassword: default: Enterprise Server Demo User password ESDatabaseEndpointAddress: default: Enterprise Server Database Endpoint Address ESS3BucketName: default: Enterprise Server S3 bucket name ESS3BucketRegion: default: Enterprise Server S3 bucket region FileshareDataFolderUNC: default: FileShare Data Folder UNC InstallFSDemoApp: default: Install Fileshare Demo App InstallSQLDemoApp: default: Install SQLServer Demo App KeyPairName: default: Key pair name MFDSServiceAccountName: default: Micro Focus Directory Server service domain account name MFDSServiceAccountPassword: default: Micro Focus Directory Server service account password PACDBMasterUsername: default: Database Master username PACDBMasterUserPassword: default: Database Master password SubnetID: default: Subnet ID QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 key prefix RedisEndPoint: default: Redis endpoint address Parameters: AvailabilityZones: Description: The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify. Type: List DBMasterUsername: Description: Specify an alphanumeric string that defines the login ID for the master user. Master Username must start with a letter. Must contain 1 to 64 alphanumeric characters. AllowedPattern: ^[a-zA-Z][a-zA-Z0-9]{1,64}$ ConstraintDescription: Must start with a letter. Must contain 1 to 64 alphanumeric characters. Default: DBAdmin Type: String DBMasterUserPassword: AllowedPattern: ^((?![\/"@])[^\x00-\x1F\x80-\x9F]){8,}$ ConstraintDescription: Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Description: The password for the DB master user. Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Type: String NoEcho: true DomainAdminPassword: AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: The password for the domain Admin account. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: true Type: String DomainDNSName: AllowedPattern: '[a-zA-Z0-9\-]+\..+' Default: example.com Description: The fully qualified domain name (FQDN), e.g., example.com. Must be 2-255 characters. MaxLength: '255' MinLength: '2' Type: String DomainMemberSGID: Description: The ID of the Domain Member Security Group (e.g., sg-7f16e910). Type: AWS::EC2::SecurityGroup::Id DomainNetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: example Description: The NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Microsoft Windows, e.g., example. MaxLength: '15' Type: String ESClientAccessSGID: Type: AWS::EC2::SecurityGroup::Id Description: Security Group ID for application ingress into the Enterpriser Server instance (e.g., sg-1234abcd). ESCWLogGroup: Type: String Description: The logical ID of the Amazon CloudWatch Logs Log Group ESDatabaseEndpointAddress: Type: String Description: The connection endpoint for the database Default: '' ESPACDatabaseEndpointAddress: Type: String Description: The connection endpoint for the PAC database Default: '' ESDemoUserPassword: AllowedPattern: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,32}$ Description: The password for the ESDemoUser. Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. ConstraintDescription: Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. MaxLength: '32' MinLength: '8' NoEcho: true Type: String ESS3BucketName: AllowedPattern: ^[a-z0-9][a-z0-9-.]*$ Description: The name of the existing S3 bucket used to store/retrieve objects specific to this stack. A system integrator extending this Quick Start should use this bucket to store or retrieve items needed. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String ESS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Enterprise Server S3 bucket (ESS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String FileshareDataFolderUNC: Type: String Description: The UNC of the Enterprise Server Fileshare data folder Default: '' InstallFSDemoApp: Type: String AllowedValues: - true - false Default: true Description: Choose 'false' if you don't want to install the Enterprise Server Fileshare demo app. Requires selection of the 'Create-Remote-Fileshare-Server' Fileshare type. InstallPACDemoApp: AllowedValues: - true - false Default: true Description: Choose 'false' if you don't want to install the Enterprise Server PAC demo app. Type: String InstallSQLDemoApp: AllowedValues: - true - false Default: true Description: Choose 'false' if you don't want to install the Enterprise Server SQLServer demo app. Requires selection of the 'Create-RDS-Remote-Database' Database type. Type: String KeyPairName: Description: The name of an existing EC2 key pair. All instances will launch with this key pair. Type: AWS::EC2::KeyPair::KeyName LatestWS2012R2AmiId: Type: AWS::SSM::Parameter::Value Default: '/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-English-64Bit-Base' MFDSServiceAccountName: Type: String AllowedPattern: '[a-zA-Z0-9]*' Default: MFDSServiceAccount Description: The existing domain account name under which the service will run. If left as default, a domain account 'MFDSServiceAccount' is created. The name must be 5-25 characters. MaxLength: '25' MinLength: '5' MFDSServiceAccountPassword: Type: String AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: Enter a password for MFDSServiceAccount. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: true PACDBMasterUsername: Description: >- Specify an alphanumeric string that defines the login ID for the master user. Master user name must start with a letter. Must contain 1 to 64 alphanumeric characters. AllowedPattern: >- ^[a-zA-Z][a-zA-Z0-9]{1,64}$ ConstraintDescription: >- Must start with a letter. Must contain 1 to 64 alphanumeric characters. Default: DBAdmin Type: String PACDBMasterUserPassword: AllowedPattern: >- ^((?![\/"@])[^\x00-\x1F\x80-\x9F]){8,}$ ConstraintDescription: >- Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Description: >- The password for the DB master user. Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Type: String NoEcho: true SubnetID: Description: The ID of a private subnet in an Availability Zone (e.g., subnet-a0246dcd). Type: AWS::EC2::Subnet::Id QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-), but should not start or end with a hyphen. Default: aws-quickstart Description: The S3 bucket you have created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-), but should not start or end with a hyphen. Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-microfocus-amc-es/ Description: The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). Type: String RedisEndPoint: Type: String Description: The connection endpoint for redis Default: '' Rules: KeyPairsNotEmpty: Assertions: - Assert: !Not - Fn::EachMemberEquals: - Fn::RefAll: AWS::EC2::KeyPair::KeyName - '' AssertDescription: All key pair parameters must not be empty. Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] GovCloudCondition: !Equals - !Ref AWS::Region - us-gov-west-1 InstallingAtLeastOneDemoApp: !Or - !Condition InstallingFSDemoApp - !Condition InstallingSQLDemoApp - !Condition InstallingPACDemoApp InstallingFSDemoApp: !Equals - !Ref InstallFSDemoApp - 'true' InstallingPACDemoApp: !Equals - !Ref InstallPACDemoApp - 'true' InstallingSQLDemoApp: !Equals - !Ref InstallSQLDemoApp - 'true' HaveDatabaseEnvironment: !Not - !Equals - !Ref ESDatabaseEndpointAddress - '' CreateMFDSServiceAccount: !Or - !Equals - !Ref MFDSServiceAccountName - '' - !Equals - !Ref MFDSServiceAccountName - MFDSServiceAccount Resources: BTSTRPInstanceRole: Type: AWS::IAM::Role Metadata: cfn-lint: config: ignore_checks: - EIAMPolicyActionWildcard ignore_reasons: - EIAMPolicyActionWildcard: "Wildcard action for bootstrap instance policy allowed by design" Properties: AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - ec2.amazonaws.com Path: / ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore - !Sub arn:${AWS::Partition}:iam::aws:policy/AmazonSSMDirectoryServiceAccess - !Sub arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy Policies: - PolicyDocument: Statement: - Action: - s3:GetObject Effect: Allow Resource: - !Sub - arn:${AWS::Partition}:s3:::${S3Bucket} - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] - !Sub - arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}* - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Version: 2012-10-17 PolicyName: aws-quick-start-s3-policy - PolicyDocument: Statement: - Action: - s3:* Effect: Allow Resource: - !Sub 'arn:${AWS::Partition}:s3:::${ESS3BucketName}' - !Sub 'arn:${AWS::Partition}:s3:::${ESS3BucketName}/*' - Action: - ds:Describe* Effect: Allow Resource: '*' PolicyName: BTSTRPInstancePolicy BTSTRPInstanceRoleProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref BTSTRPInstanceRole BTSTRPInstance: Type: AWS::EC2::Instance CreationPolicy: ResourceSignal: Count: 1 Timeout: PT30M Metadata: AWS::CloudFormation::Authentication: S3AccessCreds: type: S3 roleName: !Ref BTSTRPInstanceRole buckets: - !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] - !Ref ESS3BucketName AWS::CloudFormation::Init: configSets: config: - 010-InitPowerShell - 011-ConfigureCW - 020-RenameAndJoinDomain - !If - HaveDatabaseEnvironment - 030-Setup-Database-Client-Environment - 000-NoOperation - !If - InstallingPACDemoApp - 040-Setup-PAC-Database-Environment - 000-NoOperation - !If - CreateMFDSServiceAccount - 050-CreateMFDSServiceAccount - 000-NoOperation - !If - InstallingAtLeastOneDemoApp - 060-CreateBankDemoDomainUser - 000-NoOperation - !If - InstallingFSDemoApp - 070-InstallBankDemoFS - 000-NoOperation - !If - InstallingSQLDemoApp - 080-InstallBankDemoSQL - 000-NoOperation - 090-Finalize 000-NoOperation: commands: a-no-operation: command: echo "No-Operation" > nul waitAfterCompletion: '0' 010-InitPowerShell: files: c:\cfn\scripts\New-ADUser.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/New-ADUser.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds C:\cfn\scripts\Unzip-Archive.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Unzip-Archive.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds C:\cfn\modules\AWSQuickStart.zip: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/modules/AWSQuickStart.zip - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds c:\cfn\cfn-hup.conf: content: !Sub | [main] stack=${AWS::StackName} region=${AWS::Region} c:\cfn\hooks.d\cfn-auto-reloader.conf: content: !Sub | [cfn-auto-reloader-hook] triggers=post.update path=Resources.BTSTRPInstance.Metadata.AWS::CloudFormation::Init action=cfn-init.exe -v -c config -s ${AWS::StackId} --resource BTSTRPInstance --region ${AWS::Region} c:\cfn\scripts\AddTo-SystemPath.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/AddTo-SystemPath.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds c:\cfn\scripts\Schedule-AD-PowershellTask.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/Schedule-AD-PowershellTask.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds C:\cfn\scripts\Join-Domain.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Join-Domain.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds C:\cfn\scripts\Rename-Computer.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-utilities/scripts/Rename-Computer.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds services: windows: cfn-hup: enabled: 'true' ensureRunning: 'true' files: - c:\cfn\cfn-hup.conf - c:\cfn\hooks.d\cfn-auto-reloader.conf commands: a-set-execution-policy: command: powershell.exe -Command "Set-ExecutionPolicy RemoteSigned" -Force waitAfterCompletion: '0' b-unpack-quickstart-module: command: powershell.exe -File C:\cfn\scripts\Unzip-Archive.ps1 -Source C:\cfn\modules\AWSQuickStart.zip -Destination C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ waitAfterCompletion: '0' c-init-quickstart-module: command: !Sub 'powershell.exe -Command New-AWSQuickStartResourceSignal -Stack ${AWS::StackName} -Resource BTSTRPInstance -Region ${AWS::Region}' waitAfterCompletion: '0' 011-ConfigureCW: files: "C:\\ProgramData\\Amazon\\AmazonCloudWatchAgent\\amazon-cloudwatch-agent.json": content: !Sub | { "logs": { "logs_collected": { "files": { "collect_list": [ { "file_path": "C:\\cfn\\log\\cfn-init.log", "log_group_name": "${ESCWLogGroup}", "log_stream_name": "BTSTRP/{instance_id}/cfn-init.log" }, { "file_path": "C:\\cfn\\log\\cfn-init-cmd.log", "log_group_name": "${ESCWLogGroup}", "log_stream_name": "BTSTRP/{instance_id}/cfn-init-cmd.log" } ] } } } } commands: a-stop-cwagent: command: powershell -Command "C:\\'Program Files'\\Amazon\\AmazonCloudWatchAgent\\amazon-cloudwatch-agent-ctl.ps1 -a stop" waitAfterCompletion: '30' b-start-cwagent: command: powershell -Command "C:\\'Program Files'\\Amazon\\AmazonCloudWatchAgent\\amazon-cloudwatch-agent-ctl.ps1 -a fetch-config -m ec2 -c file:C:\\ProgramData\\Amazon\\AmazonCloudWatchAgent\\amazon-cloudwatch-agent.json -s" waitAfterCompletion: '30' 020-RenameAndJoinDomain: commands: a-rename-computer: command: powershell.exe -File C:\cfn\scripts\Rename-Computer.ps1 -NewName bstrpinstance -Restart waitAfterCompletion: forever b-join-domain-and-restart: command: !Sub 'powershell.exe -File C:\cfn\scripts\Join-Domain.ps1 -DomainName ${DomainDNSName} -UserName ${DomainNetBIOSName}\Admin -Password ${DomainAdminPassword}' waitAfterCompletion: forever c-add-domain-users-rdp-users-group: command: !Sub 'powershell -Command "&{ try { $ErrorActionPreference = ''Stop''; $GroupObj = [ADSI]''WinNT://localhost/Remote Desktop Users''; $GroupObj.Add(''WinNT://${DomainNetBIOSName}/Domain Users''); Install-WindowsFeature -Name GPMC,RSAT-AD-PowerShell,RSAT-AD-AdminCenter,RSAT-ADDS-Tools,RSAT-DNS-Server; } catch { $_ | Write-AWSQuickStartException; } }"' waitAfterCompletion: '0' 030-Setup-Database-Client-Environment: files: c:\cfn\assets\msodbcsql.msi: source: https://download.microsoft.com/download/D/5/E/D5EEF288-A277-45C8-855B-8E2CB7E25B96/x64/msodbcsql.msi c:\cfn\assets\MsSqlCmdLnUtils.msi: source: https://download.microsoft.com/download/C/8/8/C88C2E51-8D23-4301-9F4B-64C8E2F163C5/x64/MsSqlCmdLnUtils.msi c:\cfn\scripts\Schedule-AD-AddDNSServerResourceRecordCName.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/Schedule-AD-AddDNSServerResourceRecordCName.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds commands: a-schedule-add-database-cname-to-dns: command: !Sub 'powershell.exe -File C:\cfn\scripts\Schedule-AD-AddDNSServerResourceRecordCName.ps1 -CName ESDatabase -HostNameAlias ${ESDatabaseEndpointAddress} -DomainDnsName ${DomainDNSName} -DomainUserName Admin -DomainUserPassword ${DomainAdminPassword}' waitAfterCompletion: '0' b-install-mssqlserver-odbcdriver: command: start /wait msiexec /quiet /passive /qn /i c:\cfn\assets\msodbcsql.msi IACCEPTMSODBCSQLLICENSETERMS=YES ADDLOCAL=ALL waitAfterCompletion: '0' c-install-MsSql-CmdLn-Utils: command: start /wait msiexec /quiet /passive /qn /i c:\cfn\assets\MsSqlCmdLnUtils.msi IACCEPTMSSQLCMDLNUTILSLICENSETERMS=YES waitAfterCompletion: '0' d-add-mssql-cmdln-utils-to-system-path: command: powershell.exe -File c:\cfn\scripts\AddTo-SystemPath.ps1 -PathToAdd "c:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn" waitAfterCompletion: '0' 040-Setup-PAC-Database-Environment: files: 'c:\cfn\scripts\Download-postgres-tools.ps1': source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/Download-postgres-tools.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds 'c:\cfn\scripts\Prep-PACDemoDatabase.ps1': source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/Prep-PACDemoDatabase.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds 'c:\cfn\scripts\Schedule-AD-AddDNSServerResourceRecordCName.ps1': source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/Schedule-AD-AddDNSServerResourceRecordCName.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds 'c:\cfn\scripts\Install-Postgres-Tools.ps1': source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/Install-Postgres-Tools.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds commands: a-download-postgres-tools: command: 'powershell.exe -File C:\cfn\scripts\Download-postgres-tools.ps1' waitAfterCompletion: '0' b-install-postgres-tools: command: !Sub 'powershell.exe -File c:\cfn\scripts\Schedule-AD-PowershellTask.ps1 -TaskName Install-Postgres-Tools -TaskArguments "-File c:\cfn\scripts\Install-Postgres-Tools.ps1" -DomainUserName "${DomainNetBIOSName}\Admin" -DomainUserPassword "${DomainAdminPassword}"' waitAfterCompletion: '90' c-schedule-add-database-cname-to-dns: command: !Sub 'powershell.exe -File C:\cfn\scripts\Schedule-AD-AddDNSServerResourceRecordCName.ps1 -CName ESPACDatabase -HostNameAlias ${ESPACDatabaseEndpointAddress} -DomainDnsName ${DomainDNSName} -DomainUserName Admin -DomainUserPassword ${DomainAdminPassword}' waitAfterCompletion: '0' d-configure-database: cwd: 'C:\Program Files\PostgreSQL\11\bin' command: !Sub 'powershell.exe -File c:\cfn\scripts\Prep-PACDemoDatabase.ps1 -DBMasterUsername ${PACDBMasterUsername} -DBMasterUserPassword ${PACDBMasterUserPassword}' waitAfterCompletion: '0' e-schedule-add-redis-cname-to-dns: command: !Sub 'powershell.exe -File C:\cfn\scripts\Schedule-AD-AddDNSServerResourceRecordCName.ps1 -CName ESRedis -HostNameAlias ${RedisEndPoint} -DomainDnsName ${DomainDNSName} -DomainUserName Admin -DomainUserPassword ${DomainAdminPassword}' 050-CreateMFDSServiceAccount: commands: a-create-mfds-service-account: command: !Sub 'powershell.exe -File c:\cfn\scripts\New-ADUser.ps1 -NewUsername ${MFDSServiceAccountName} -NewUserPassword ${MFDSServiceAccountPassword} -NewUserDescription "Micro Focus Directory Server, Service Account" -DomainDnsName ${DomainDNSName} -DomainUserName Admin -DomainUserPassword ${DomainAdminPassword}' waitAfterCompletion: '0' 060-CreateBankDemoDomainUser: files: c:\cfn\scripts\Add-user-to-admin-group.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/Add-user-to-admin-group.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds commands: a-create-esdemouser: command: !Sub 'powershell.exe -File c:\cfn\scripts\New-ADUser.ps1 -NewUsername ESDemoUser -NewUserPassword ${ESDemoUserPassword} -NewUserDescription "Enterprise Server Demos User" -DomainDnsName ${DomainDNSName} -DomainUserName Admin -DomainUserPassword ${DomainAdminPassword}' waitAfterCompletion: '0' b-add-esdemouser-to-admins: command: !Sub 'powershell.exe -File c:\cfn\scripts\Add-user-to-admin-group.ps1 -Username ESDemoUser -DomainDnsName ${DomainDNSName} -DomainUserName Admin -DomainUserPassword ${DomainAdminPassword}' waitAfterCompletion: '0' 070-InstallBankDemoFS: files: c:\cfn\scripts\Create-Mapped-Drive-GPO.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/Create-Mapped-Drive-GPO.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds commands: a-create-fsserver-mapped-drive-gpo: command: !Sub 'powershell.exe -File c:\cfn\scripts\Schedule-AD-PowershellTask.ps1 -TaskName Create-FSServer-Mapped-Drive-GPO -TaskArguments "-File C:\cfn\scripts\Create-Mapped-Drive-GPO.ps1 -PolicyName FSServer-FSDir-Share-Drive-Map -DriveLetter Z -FileshareDataFolderUNC ${FileshareDataFolderUNC} -DomainDnsName ${DomainDNSName}" -DomainUserName "${DomainNetBIOSName}\Admin" -DomainUserPassword "${DomainAdminPassword}"' waitAfterCompletion: '0' 080-InstallBankDemoSQL: files: C:\BankDemo_SQL\System\BankDemoCreateAll.SQL: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/BankDemoCreateAll.SQL - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds c:\cfn\scripts\Prep-BankDemoDatabase.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/Prep-BankDemoDatabase.ps1 - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] authentication: S3AccessCreds commands: a-create-bankdemo-sql-environment: command: !Sub 'powershell.exe -File c:\cfn\scripts\Prep-BankDemoDatabase.ps1 -DomainNetBIOSName ${DomainNetBIOSName} -DBMasterUsername ${DBMasterUsername} -DBMasterUserPassword ${DBMasterUserPassword}' waitAfterCompletion: '0' 090-Finalize: commands: a-finalize-init: command: powershell.exe -Command Write-AWSQuickStartStatus waitAfterCompletion: '0' b-terminate-instance: command: powershell.exe -Command shutdown /f /p waitAfterCompletion: '0' Properties: AvailabilityZone: !Select - 0 - !Ref AvailabilityZones SubnetId: !Ref SubnetID SecurityGroupIds: - !Ref DomainMemberSGID - !Ref ESClientAccessSGID IamInstanceProfile: !Ref BTSTRPInstanceRoleProfile InstanceInitiatedShutdownBehavior: terminate KeyName: !Ref KeyPairName InstanceType: m5.large ImageId: !Ref LatestWS2012R2AmiId Tags: - Key: Name Value: bootstrap UserData: !Base64 Fn::Sub: - | - QSS3Region: !If - GovCloudCondition - s3-us-gov-west-1 - s3