# © Copyright 2018 Micro Focus or one of its affiliates # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. AWSTemplateFormatVersion: 2010-09-09 Description: >- "This template deploys a Micro Focus Enterprise Server stack into a new VPC. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. License: Apache 2.0 (Please do not remove) Sept,05,2018. Micro Focus Enterprise Server is licensed separately, please review the terms and conditions here (https://www.microfocus.com/about/legal/) for further details. (qs-1p6hinfg3)" Metadata: cfn-lint: config: ignore_checks: - E9101 'AWS::CloudFormation::Interface': ParameterGroups: - Label: default: Software License Agreement Parameters: - LicenseAgreement - ESLicenseFilename - Label: default: Network Configuration Parameters: - VPCCIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PrivateSubnet1ACIDR - PrivateSubnet2ACIDR - AvailabilityZones - Label: default: Microsoft Active Directory Configuration Parameters: - DSMicrosoftADEdition - DomainDNSName - DomainNetBIOSName - DomainAdminPassword - DomainAdminPasswordConfirm - Label: default: Remote Desktop Gateway Configuration Parameters: - NumberOfRDGWHosts - RDGWInstanceType - RDGWCIDR - Label: default: Linux Bastion Configuration Parameters: - NumberOfBastionHosts - BastionInstanceType - BastionCIDR - Label: default: Enterprise Server Configuration Parameters: - OS - ESInstanceType - NumberOfESInstance - KeyPairName - RegionsPerInstance - AdditionalESStorageinGiB - ESCWLogGroupRetentionInDays - MFDSServiceAccountName - MFDSServiceAccountPassword - MFDSServiceAccountPasswordConfirm - OperatorEmail - ESS3BucketName - ESS3BucketRegion - ESResourceNamePrefix - Label: default: PAC Configuration Parameters: - InstallPACDemoApp - PACDBInstanceClass - PACDBMasterUsername - PACDBMasterUserPassword - PACDBMasterUserPasswordConfirm - Label: default: Enterprise Server Fileshare Configuration Parameters: - FileshareType - InstallFSDemoApp - FSInstanceType - FSStorageInGiB - FSVIEWUserPassword - FSVIEWUserPasswordConfirm - Label: default: Database Configuration Parameters: - DatabaseType - InstallSQLDemoApp - DBInstanceClass - DBStorageInGiB - DBMasterUsername - DBMasterUserPassword - DBMasterUserPasswordConfirm - DeployMultiAZ - DBBackupRetentionPeriod - DBPreferredBackupWindow - DBPreferredMaintenanceWindow - Label: default: Enterprise Server Demo Apps Configuration Parameters: - ESDemoUserPassword - ESDemoUserPasswordConfirm - DemoAppsIngressCIDR - Label: default: AWS Quick Start Configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: AdditionalESStorageinGiB: default: Additional Enterprise Server instance storage AvailabilityZones: default: Availability Zones BastionCIDR: default: Allowed Bastion External Access CIDR BastionInstanceType: default: Bastion Instance Type DatabaseType: default: Database type DBBackupRetentionPeriod: default: Database backup retention period DBInstanceClass: default: Database instance class DBMasterUserPassword: default: Database Master password DBMasterUserPasswordConfirm: default: Re-enter the database Master password DBMasterUsername: default: Database Master username DBPreferredBackupWindow: default: Database preferred backup window DBPreferredMaintenanceWindow: default: Database preferred maintenance window DBStorageInGiB: default: Database allocated storage size DemoAppsIngressCIDR: default: Allowed Demo Apps external access CIDR DeployMultiAZ: default: Deploy in multiple Availability Zones DomainAdminPassword: default: Domain Admin account password DomainAdminPasswordConfirm: default: Re-enter the domain Admin account password DomainDNSName: default: Domain DNS name DomainNetBIOSName: default: Domain NetBIOS name DSMicrosoftADEdition: default: AWS Managed Microsoft AD Edition ESCWLogGroupRetentionInDays: default: Amazon CloudWatch log retention ESDemoUserPassword: default: Enterprise Server Demo User password ESDemoUserPasswordConfirm: default: Re-enter the Enterprise Server Demo User password OS: default: Enterprise Server instance(s) OS type ESInstanceType: default: Enterprise Server instance type ESLicenseFilename: default: Enterprise Server license filename ESResourceNamePrefix: default: Resource 'Name' prefix ESS3BucketName: default: Enterprise Server S3 bucket name ESS3BucketRegion: default: Enterprise Server S3 bucket region FileshareType: default: Fileshare type FSInstanceType: default: Enterprise Server Fileshare instance type FSStorageInGiB: default: Fileshare allocated storage size FSVIEWUserPassword: default: FSVIEW user password FSVIEWUserPasswordConfirm: default: Re-enter the FSVIEW user password InstallPACDemoApp: default: Install PAC Demo App InstallFSDemoApp: default: Install Fileshare Demo App InstallSQLDemoApp: default: Install SQLServer Demo App KeyPairName: default: Key pair name LicenseAgreement: default: License agreement MFDSServiceAccountName: default: Micro Focus Directory Server service domain account name MFDSServiceAccountPassword: default: Micro Focus Directory Server service account password MFDSServiceAccountPasswordConfirm: default: Re-enter the Micro Focus Directory Server service account password NumberOfBastionHosts: default: Number of Bastion hosts NumberOfESInstance: default: Number of Enterprise Server instances NumberOfRDGWHosts: default: Number of RD Gateway hosts OperatorEmail: default: Operator email address PACDBInstanceClass: default: Database instance class PACDBMasterUsername: default: PAC database Master username PACDBMasterUserPassword: default: PAC database Master password PACDBMasterUserPasswordConfirm: default: Re-enter the PAC database Master password PrivateSubnet1ACIDR: default: Private subnet 1A CIDR PrivateSubnet2ACIDR: default: Private subnet 2A CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 key prefix RDGWCIDR: default: Allowed RD Gateway external access CIDR RDGWInstanceType: default: RD Gateway instance type RegionsPerInstance: default: Number of Enterprise Server regions per instance VPCCIDR: default: VPC CIDR Parameters: AdditionalESStorageinGiB: Type: Number Description: >- Additional EBS storage capacity in gibibytes (GiBs) added to each Enterprise Server instance. Enter 0-16384 GiB. MinValue: 0 MaxValue: 16384 Default: 100 AvailabilityZones: Description: >- The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify. Type: 'List' BastionCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x. Description: >- The allowed CIDR block for external access to the Bastion host. The CIDR block must be in the form x.x.x.x/x. Type: String BastionInstanceType: AllowedValues: - t2.nano - t2.micro - t2.small - t2.medium - t2.large - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - m3.large - m3.xlarge - m3.2xlarge - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge Default: t3.micro Description: The Amazon EC2 instance type for the Bastion instances. Type: String DatabaseType: AllowedValues: - None - Create-RDS-Remote-Database Default: None Description: >- If you choose 'None', the remaining Database Configuration parameters are ignored. Type: String DBBackupRetentionPeriod: Description: >- Select the number of days that Amazon RDS should retain automatic backups of the DB instance. A backup retention period of zero days will disable automated backups for the DB Instance. Default: 30 MinValue: 0 MaxValue: 35 Type: Number DBInstanceClass: AllowedValues: - db.r4.large - db.r4.xlarge - db.r4.2xlarge - db.r4.4xlarge - db.r2.8xlarge Description: The type of Amazon RDS DB instance. Default: db.r4.large Type: String DBMasterUsername: Description: >- Specify an alphanumeric string that defines the login ID for the master user. Master user name must start with a letter. Must contain 1 to 64 alphanumeric characters. AllowedPattern: >- ^[a-zA-Z][a-zA-Z0-9]{1,64}$ ConstraintDescription: >- Must start with a letter. Must contain 1 to 64 alphanumeric characters. Default: DBAdmin Type: String DBMasterUserPassword: AllowedPattern: >- ^((?![\/"@])[^\x00-\x1F\x80-\x9F]){8,}$ ConstraintDescription: >- Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Description: >- The password for the DB master user. Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Type: String NoEcho: true DBMasterUserPasswordConfirm: AllowedPattern: >- ^((?![\/"@])[^\x00-\x1F\x80-\x9F]){8,}$ ConstraintDescription: >- Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Description: >- Confirm the password for the DB master user. Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Type: String NoEcho: true DBPreferredBackupWindow: Description: >- (optional) Must be in the format hh24:mi-hh24:mi, in UTC. Must be at least 30 minutes, and must not conflict with the preferred maintenance window. Type: String DBPreferredMaintenanceWindow: Description: >- (optional) Must be in the format ddd:hh24:mi-ddd:hh24:mi, in UTC. Must be at least 30 minutes. Type: String DBStorageInGiB: Type: Number Description: Enter 20-16384 GiB. MinValue: 20 MaxValue: 16384 Default: 100 DemoAppsIngressCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: The CIDR block parameter must be in the form x.x.x.x/x. Description: >- The allowed CIDR block for external access to the demo apps. The CIDR block parameter must be in the form x.x.x.x/x. Type: String DeployMultiAZ: AllowedValues: - true - false Default: false Description: >- Choose 'true' to deploy the database across multiple Availability Zones. Type: String DomainAdminPassword: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- The password for the domain Admin account. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: true Type: String DomainAdminPasswordConfirm: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Confirm the password for the domain Admin account. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: true Type: String DomainDNSName: AllowedPattern: '[a-zA-Z0-9\-]+\..+' Default: example.com Description: >- The fully qualified domain name (FQDN), e.g., example.com. Must be 2-255 characters. MaxLength: '255' MinLength: '2' Type: String DomainNetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: example Description: >- The NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Microsoft Windows, e.g., example. MaxLength: '15' Type: String DSMicrosoftADEdition: Type: String Description: >- Standard Edition includes 1 GB of storage for objects. Enterprise Edition includes 17 GB. The total number of objects supported depends on the types of objects, size of data stored in attributes, and your transaction rates. Scale-out as needed by adding domain controllers. AllowedValues: - Standard - Enterprise Default: Standard ESCWLogGroupRetentionInDays: Default: 7 Description: The number of days that log events are kept in Amazon CloudWatch Logs. Type: Number ESDemoUserPassword: AllowedPattern: >- ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,32}$ Description: >- The password for the ESDemoUser. Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. ConstraintDescription: >- Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. MaxLength: '32' MinLength: '8' NoEcho: true Type: String ESDemoUserPasswordConfirm: AllowedPattern: >- ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,32}$ Description: >- Confirm the password for the ESDemoUser. Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. ConstraintDescription: >- Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. MaxLength: '32' MinLength: '8' NoEcho: true Type: String OS: AllowedValues: - Windows - Red Hat Enterprise Linux Description: The operating system type for the Enterprise Server instance(s). Default: Windows Type: String PACDBInstanceClass: AllowedValues: - db.r4.large - db.r4.xlarge - db.r4.2xlarge - db.r4.4xlarge - db.r2.8xlarge Description: The type of Amazon RDS DB instance. Default: db.r4.large Type: String PACDBMasterUsername: Description: >- Specify an alphanumeric string that defines the login ID for the master user in the PAC database. Master user name must start with a letter. Must contain 1 to 64 alphanumeric characters. AllowedPattern: >- ^[a-zA-Z][a-zA-Z0-9]{1,64}$ ConstraintDescription: >- Must start with a letter. Must contain 1 to 64 alphanumeric characters. Default: DBAdmin Type: String PACDBMasterUserPassword: AllowedPattern: >- ^((?![\/"@])[^\x00-\x1F\x80-\x9F]){8,}$ ConstraintDescription: >- Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Description: >- The password for the DB master user in the PAC database. Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Type: String NoEcho: true PACDBMasterUserPasswordConfirm: AllowedPattern: >- ^((?![\/"@])[^\x00-\x1F\x80-\x9F]){8,}$ ConstraintDescription: >- Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Description: >- Confirm the password for the DB master user in the PAC database. Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Type: String NoEcho: true ESInstanceType: AllowedValues: - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge Description: The type of Enterprise Server instance. Default: c5.large Type: String NumberOfESInstance: AllowedValues: - 1 - 2 Default: 1 Description: The number of Enterprise Server instances to start. Type: Number ESLicenseFilename: Description: >- Place the license file obtained from Micro Focus in the S3 bucket folder: s3:///license/ Type: String ESResourceNamePrefix: Default: 'AWS::StackName' Description: >- Used to prefix resource 'Name' tags. Leave empty for no prefix. Otherwise, use 'AWS::StackName' or a value such as the parent stack's name. Type: String ESS3BucketName: AllowedPattern: '^[a-z0-9][a-z0-9-.]*$' Description: >- The name of the existing S3 bucket used to store/retrieve objects specific to this stack. A system integrator extending this Quick Start should use this bucket to store or retrieve items needed. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String ESS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Enterprise Server S3 bucket (ESS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String FSInstanceType: AllowedValues: - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge Description: The type of Enterprise Server Fileshare instance. Default: c5.large Type: String FSStorageInGiB: Default: 250 Description: Enter 1-16384 GiB. MaxValue: 16384 MinValue: 1 Type: Number FileshareType: AllowedValues: - None - Create-Remote-Fileshare-Server Default: None Description: >- If you choose 'None', the remaining Fileshare Configuration parameters are ignored. Type: String FSVIEWUserPassword: AllowedPattern: >- ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,32}$ Description: >- The password for the FSVIEW user. Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. ConstraintDescription: >- Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. MaxLength: '32' MinLength: '8' NoEcho: true Type: String FSVIEWUserPasswordConfirm: AllowedPattern: >- ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,32}$ Description: >- Confirm the password for the FSVIEW user. Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. ConstraintDescription: >- Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. MaxLength: '32' MinLength: '8' NoEcho: true Type: String InstallPACDemoApp: Type: String AllowedValues: - true - false Default: true Description: >- Choose 'false' if you don't want to install the Enterprise Server PAC demo app. InstallFSDemoApp: Type: String AllowedValues: - true - false Default: false Description: >- Choose 'true' if you want to install the Enterprise Server Fileshare demo app. Requires selection of the 'Create-Remote-Fileshare-Server' Fileshare type. InstallSQLDemoApp: AllowedValues: - true - false Default: false Description: >- Choose 'true' if you want to install the Enterprise Server SQLServer demo app. Requires selection of the 'Create-RDS-Remote-Database' Database type. Type: String KeyPairName: Description: >- The name of an existing EC2 key pair. All instances will launch with this key pair. Type: 'AWS::EC2::KeyPair::KeyName' LicenseAgreement: Description: >- I have read and agree to the license terms for Micro Focus Enterprise Server (https://www.microfocus.com/documentation/enterprise-developer/ed-latest/ES-WIN/GUID-0562B3C9-2271-4CE8-AF64-93DE4940077F.html). Type: String Default: '-' AllowedValues: - I agree - '-' ConstraintDescription: Must answer 'I agree'. MFDSServiceAccountName: Type: String AllowedPattern: '[a-zA-Z0-9]*' Default: 'MFDSServiceAccount' Description: >- The existing domain account name under which the service will run. If left as default, a domain account 'MFDSServiceAccount' is created. The name must be 5-25 characters. MaxLength: '25' MinLength: '5' MFDSServiceAccountPassword: Type: String AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Enter a password for MFDSServiceAccount. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: true MFDSServiceAccountPasswordConfirm: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Confirm the password for MFDSServiceAccount. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: true Type: String NumberOfBastionHosts: AllowedValues: - None - '1' - '2' - '3' - '4' Default: '1' Description: >- If you choose 'None', the remaining Bastion configuration parameters are ignored. Type: String NumberOfRDGWHosts: AllowedValues: - None - '1' - '2' - '3' - '4' Default: '1' Description: >- If you choose 'None', the remaining Remote Desktop Gateway configuration parameters are ignored. Type: String OperatorEmail: AllowedPattern: >- (?i)^None$|([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?) ConstraintDescription: Must be a valid email address. Description: >- (optional) The email address that notifications are sent to (e.g., database, VM failures, etc.). Type: String Default: None PrivateSubnet1ACIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/19 Description: >- The CIDR block for the private subnet 1 located in Availability Zone 1. The CIDR block must be in the form x.x.x.x/16-28. Type: String PrivateSubnet2ACIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.32.0/19 Description: >- The CIDR block for the private subnet 2 located in Availability Zone 2. The CIDR block must be in the form x.x.x.x/16-28. Type: String PublicSubnet1CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.128.0/20 Description: >- The CIDR block for the public (DMZ) subnet 1 located in Availability Zone 1. The CIDR block must be in the form x.x.x.x/16-28. Type: String PublicSubnet2CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.144.0/20 Description: >- The CIDR block for the public (DMZ) subnet 2 located in Availability Zone 2. The CIDR block must be in the form x.x.x.x/16-28. Type: String QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: >- The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-), but should not start or end with a hyphen. Default: aws-quickstart Description: >- The S3 bucket you have created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-), but should not start or end with a hyphen. Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: >- Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-microfocus-amc-es/ Description: >- The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). Type: String RDGWCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x. Description: >- The allowed CIDR block for external access to the Remote Desktop Gateway. The CIDR block must be in the form x.x.x.x/x. Type: String RDGWInstanceType: AllowedValues: - t2.large - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - t3a.micro - t3a.small - t3a.medium - t3a.large - t3a.xlarge - t3a.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5a.large - m5a.xlarge - m5a.2xlarge Default: t2.large Description: The Amazon EC2 instance type for the Remote Desktop Gateway instances. Type: String RegionsPerInstance: ConstraintDescription: Must be between 1 and 10 regions per instance. Description: >- The number of regions per Enterprise Server instance. Must be between 1 and 10 regions per instance. Default: 1 MaxValue: 10 MinValue: 1 Type: Number VPCCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/16 Description: The CIDR block for the VPC. The CIDR block must be in the form x.x.x.x/16-28. Type: String Rules: DBMasterUserPasswordMatchRule: Assertions: - Assert: !Equals - !Ref DBMasterUserPassword - !Ref DBMasterUserPasswordConfirm AssertDescription: Database Master password values do not match. DomainAdminPasswordsMatchRule: Assertions: - Assert: !Equals - !Ref DomainAdminPassword - !Ref DomainAdminPasswordConfirm AssertDescription: Domain Admin account password values do not match. ESDemoUserPasswordMatchRule: Assertions: - Assert: !Equals - !Ref ESDemoUserPassword - !Ref ESDemoUserPasswordConfirm AssertDescription: Enterprise Server Demo user password values do not match. FSVIEWUserPasswordMatchRule: Assertions: - Assert: !Equals - !Ref FSVIEWUserPassword - !Ref FSVIEWUserPasswordConfirm AssertDescription: FSVIEW user password values do not match. MFDSServiceAccountPasswordsMatchRule: Assertions: - Assert: !Equals - !Ref MFDSServiceAccountPassword - !Ref MFDSServiceAccountPasswordConfirm AssertDescription: The Micro Focus Directory Server, Service Account password values do not match. PACDBMasterUserPasswordMatchRule: Assertions: - Assert: !Equals - !Ref PACDBMasterUserPassword - !Ref PACDBMasterUserPasswordConfirm AssertDescription: The PAC database Master password values do not match. DSSupportedRegionRule: Assertions: - Assert: !Contains - - us-east-2 # US East (Ohio) - us-east-1 # US East (N. Virginia) - us-west-1 # US West (N. California) - us-west-2 # US West (Oregon) - ap-east-1 # Asia Pacific (Hong Kong) - ap-south-1 # Asia Pacific (Mumbai) # - ap-northeast-3 # Asia Pacific (Osaka-Local) --> Osaka-Local not supported, DirSrv not supported 2020-Feb-07 - ap-northeast-2 # Asia Pacific (Seoul) - ap-southeast-1 # Asia Pacific (Singapore) - ap-southeast-2 # Asia Pacific (Sydney) - ap-northeast-1 # Asia Pacific (Tokyo) - ca-central-1 # Canada (Central) - cn-north-1 # China (Beijing) - cn-northwest-1 # China (Ningxia) - eu-central-1 # Europe (Frankfurt) - eu-west-1 # Europe (Ireland) - eu-west-2 # Europe (London) - eu-west-3 # Europe (Paris) - eu-north-1 # Europe (Stockholm) # - me-south-1 # Middle East (Bahrain) --> DirSrv not supported 2020-Feb-07 - sa-east-1 # South America (Sao Paulo) - us-gov-east-1 # AWS GovCloud (US-East) - us-gov-west-1 # AWS GovCloud (US-West) - !Ref AWS::Region AssertDescription: This Quick Start utilizes AWS Directory Service which is not available in the chosen region. Please refer to https://docs.aws.amazon.com/general/latest/gr/rande.html#ds_region for a list of currently supported regions and launch the stack in one of those regions. RDSWinAthSupportedRegionRule: RuleCondition: !Equals - !Ref DatabaseType - Create-RDS-Remote-Database Assertions: - Assert: !Contains - - us-east-2 # US East (Ohio) - us-east-1 # US East (N. Virginia) # - us-west-1 # US West (N. California) --> RDS-WinAuth not supported 2020-Feb-07 - us-west-2 # US West (Oregon) - ap-east-1 # Asia Pacific (Hong Kong) # - ap-south-1 # Asia Pacific (Mumbai) --> RDS-WinAuth not supported 2020-Feb-07 - ap-northeast-3 # Asia Pacific (Osaka-Local) - ap-northeast-2 # Asia Pacific (Seoul) - ap-southeast-1 # Asia Pacific (Singapore) - ap-southeast-2 # Asia Pacific (Sydney) - ap-northeast-1 # Asia Pacific (Tokyo) - ca-central-1 # Canada (Central) - cn-north-1 # China (Beijing) - cn-northwest-1 # China (Ningxia) - eu-central-1 # Europe (Frankfurt) - eu-west-1 # Europe (Ireland) - eu-west-2 # Europe (London) - eu-west-3 # Europe (Paris) - eu-north-1 # Europe (Stockholm) - me-south-1 # Middle East (Bahrain) # - sa-east-1 # South America (Sao Paulo) --> RDS-WinAuth not supported 2020-Feb-07 # - us-gov-east-1 # AWS GovCloud (US-East) --> RDS-WinAuth not supported 2020-Feb-07 # - us-gov-west-1 # AWS GovCloud (US-West) --> RDS-WinAuth not supported 2020-Feb-07 - !Ref AWS::Region AssertDescription: This Quick Start utilizes Amazon Relational Database Service (Amazon RDS) Windows Authentication which is not available in the chosen region. Please refer to https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html for more details and launch the stack in one of the supported regions. ESSupportedRegionRule: Assertions: - Assert: !Contains - - us-east-2 # US East (Ohio) - us-east-1 # US East (N. Virginia) - us-west-1 # US West (N. California) - us-west-2 # US West (Oregon) #- ap-east-1 # Asia Pacific (Hong Kong) --> MFES not available - ap-south-1 # Asia Pacific (Mumbai) # - ap-northeast-3 # Asia Pacific (Osaka-Local) --> Osaka-Local not supported - ap-northeast-2 # Asia Pacific (Seoul) - ap-southeast-1 # Asia Pacific (Singapore) - ap-southeast-2 # Asia Pacific (Sydney) - ap-northeast-1 # Asia Pacific (Tokyo) - ca-central-1 # Canada (Central) # - cn-north-1 # China (Beijing) --> MFES not available # - cn-northwest-1 # China (Ningxia) --> MFES not available - eu-central-1 # Europe (Frankfurt) - eu-west-1 # Europe (Ireland) - eu-west-2 # Europe (London) - eu-west-3 # Europe (Paris) - eu-north-1 # Europe (Stockholm) #- me-south-1 # Middle East (Bahrain) --> MFES not available - sa-east-1 # South America (Sao Paulo) # - us-gov-east-1 # AWS GovCloud (US-East) --> GovCloud not supported # - us-gov-west-1 # AWS GovCloud (US-West) --> GovCloud not supported - !Ref AWS::Region AssertDescription: Micro Focus is not currently supporting this Quick Start in the chosen region. Please contact Micro Focus or launch into a different region. LicenseAgreementRule: Assertions: - Assert: 'Fn::Contains': - - I agree - !Ref LicenseAgreement AssertDescription: User must agree to the terms of the license agreement. InstallFSDemoAppRule: RuleCondition: !Equals - !Ref InstallFSDemoApp - 'true' Assertions: - Assert: !Not - !Equals - !Ref FileshareType - None AssertDescription: >- Either choose a Fileshare Type or select 'false' for Install Fileshare Demo App parameter. InstallSQLDemoAppRule: RuleCondition: !Equals - !Ref InstallSQLDemoApp - 'true' Assertions: - Assert: !Not - !Equals - !Ref DatabaseType - None AssertDescription: >- Either choose a Database Type or select 'false' for Install SQLServer Demo App parameter. Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] IncludeBastion: !Not - !Equals - !Ref NumberOfBastionHosts - None IncludeRDGW: !Not - !Equals - !Ref NumberOfRDGWHosts - None InstallingAtLeastOneDemoApp: !Or - !Condition InstallingFSDemoApp - !Condition InstallingSQLDemoApp - !Condition InstallingPACDemoApp InstallingPACDemoApp: !Equals - !Ref InstallPACDemoApp - 'true' InstallingFSDemoApp: !Equals - !Ref InstallFSDemoApp - 'true' InstallingSQLDemoApp: !Equals - !Ref InstallSQLDemoApp - 'true' Resources: VPCStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref PrivateSubnet1ACIDR PrivateSubnet2ACIDR: !Ref PrivateSubnet2ACIDR PublicSubnet1CIDR: !Ref PublicSubnet1CIDR PublicSubnet2CIDR: !Ref PublicSubnet2CIDR VPCCIDR: !Ref VPCCIDR DSMicrosoftAD: # See https://aws.amazon.com/blogs/database/integrate-amazon-rds-for-sql-server-db-instances-with-an-existing-active-directory-domain/ Type: 'AWS::DirectoryService::MicrosoftAD' Properties: Edition: !Ref DSMicrosoftADEdition Name: !Ref DomainDNSName ShortName: !Ref DomainNetBIOSName Password: !Ref DomainAdminPassword VpcSettings: VpcId: !GetAtt VPCStack.Outputs.VPCID SubnetIds: - !GetAtt VPCStack.Outputs.PrivateSubnet1AID - !GetAtt VPCStack.Outputs.PrivateSubnet2AID ADDNSInDDHCPOptions: Type: 'AWS::EC2::DHCPOptions' Properties: DomainName: !Ref DomainDNSName DomainNameServers: !GetAtt DSMicrosoftAD.DnsIpAddresses Tags: - Key: Domain Value: !Ref DomainDNSName VPCDHCPOptionsAssociation: Type: 'AWS::EC2::VPCDHCPOptionsAssociation' Properties: VpcId: !GetAtt VPCStack.Outputs.VPCID DhcpOptionsId: !Ref ADDNSInDDHCPOptions VPCDHCPOptionsAssociationCreateWaitHandle: DependsOn: DSMicrosoftAD Type: 'AWS::CloudFormation::WaitConditionHandle' VPCDHCPOptionsAssociationWaitCondition: Type: 'AWS::CloudFormation::WaitCondition' Properties: Handle: !Ref VPCDHCPOptionsAssociationCreateWaitHandle Timeout: '1' Count: 0 DomainMemberSG: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Security group for Windows Domain Member communication SecurityGroupIngress: - Description: Direct-hosted SMB traffic without a (NetBIOS) system IpProtocol: udp FromPort: 445 ToPort: 445 CidrIp: !Ref VPCCIDR - Description: Direct-hosted SMB traffic without a (NetBIOS) system IpProtocol: tcp FromPort: 445 ToPort: 445 CidrIp: !Ref VPCCIDR - Description: Microsoft file sharing SMB IpProtocol: udp FromPort: 135 ToPort: 139 CidrIp: !Ref VPCCIDR - Description: Microsoft file sharing SMB IpProtocol: tcp FromPort: 135 ToPort: 139 CidrIp: !Ref VPCCIDR - Description: Domain Name System (DNS) IpProtocol: tcp FromPort: 53 ToPort: 53 CidrIp: !Ref VPCCIDR - Description: Domain Name System (DNS) IpProtocol: udp FromPort: 53 ToPort: 53 CidrIp: !Ref VPCCIDR - Description: 'WinRM, Windows PowerShell Default psSession Port' IpProtocol: tcp FromPort: 5985 ToPort: 5985 CidrIp: !Ref VPCCIDR - Description: Windows dynamic TCP ports IpProtocol: tcp FromPort: 49152 ToPort: 65535 CidrIp: !Ref VPCCIDR - Description: Windows dynamic UDP ports IpProtocol: udp FromPort: 49152 ToPort: 65535 CidrIp: !Ref VPCCIDR - Description: nfs communications IpProtocol: tcp FromPort: 2049 ToPort: 2049 CidrIp: !Ref VPCCIDR - Description: nfs communications IpProtocol: udp FromPort: 2049 ToPort: 2049 CidrIp: !Ref VPCCIDR - Description: RPC for nfs communications IpProtocol: tcp FromPort: 111 ToPort: 111 CidrIp: !Ref VPCCIDR - Description: RPC for nfs communications IpProtocol: udp FromPort: 111 ToPort: 111 CidrIp: !Ref VPCCIDR - Description: MFDS IpProtocol: udp FromPort: 86 ToPort: 86 CidrIp: !Ref VPCCIDR - Description: MFDS IpProtocol: tcp FromPort: 86 ToPort: 86 CidrIp: !Ref VPCCIDR - Description: ESCWA IpProtocol: tcp FromPort: 10004 ToPort: 10004 CidrIp: !Ref VPCCIDR - Description: ElastiCache-Redis IpProtocol: tcp FromPort: 6379 ToPort: 6379 CidrIp: !Ref VPCCIDR - Description: ESMAC Ports for the differnet BankDemos IpProtocol: tcp FromPort: 5558 ToPort: 5560 CidrIp: !Ref VPCCIDR VpcId: !GetAtt VPCStack.Outputs.VPCID RDGWStack: Type: 'AWS::CloudFormation::Stack' Condition: IncludeRDGW DependsOn: - VPCDHCPOptionsAssociationWaitCondition Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/templates/rdgw-domain.template' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: DomainDNSName: !Ref DomainDNSName DomainNetBIOSName: !Ref DomainNetBIOSName DomainMemberSGID: !Ref DomainMemberSG DomainAdminUser: 'Admin' DomainAdminPassword: !Ref DomainAdminPassword KeyPairName: !Ref KeyPairName NumberOfRDGWHosts: !Ref NumberOfRDGWHosts PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Sub ${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/ RDGWCIDR: !Ref RDGWCIDR RDGWInstanceType: !Ref RDGWInstanceType VPCID: !GetAtt VPCStack.Outputs.VPCID RDGWCreateWaitHandle: Condition: IncludeRDGW DependsOn: RDGWStack Type: 'AWS::CloudFormation::WaitConditionHandle' NoRDGWWaitHandle: Type: 'AWS::CloudFormation::WaitConditionHandle' DependsOn: VPCDHCPOptionsAssociationWaitCondition RDGWWaitCondition: Type: 'AWS::CloudFormation::WaitCondition' Properties: Handle: !If - IncludeRDGW - !Ref RDGWCreateWaitHandle - !Ref NoRDGWWaitHandle Timeout: '1' Count: 0 BastionStack: Type: 'AWS::CloudFormation::Stack' Condition: IncludeBastion DependsOn: - VPCDHCPOptionsAssociationWaitCondition Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: BastionTenancy: default BastionInstanceType: !Ref BastionInstanceType EnableBanner: "false" EnableTCPForwarding: "false" EnableX11Forwarding: "false" KeyPairName: !Ref KeyPairName NumBastionHosts: !Ref NumberOfBastionHosts PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Sub ${QSS3KeyPrefix}submodules/quickstart-linux-bastion/ RemoteAccessCIDR: !Ref BastionCIDR VPCID: !GetAtt VPCStack.Outputs.VPCID BastionCreateWaitHandle: Condition: IncludeBastion DependsOn: BastionStack Type: 'AWS::CloudFormation::WaitConditionHandle' NoBastionWaitHandle: Type: 'AWS::CloudFormation::WaitConditionHandle' DependsOn: VPCDHCPOptionsAssociationWaitCondition BastionWaitCondition: Type: 'AWS::CloudFormation::WaitCondition' Properties: Handle: !If - IncludeBastion - !Ref BastionCreateWaitHandle - !Ref NoBastionWaitHandle Timeout: '1' Count: 0 DummySecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: >- Dummy Security group. Gets passed through when no RDGW is selected. VpcId: !GetAtt VPCStack.Outputs.VPCID EnterpriseServerWorkloadStack: Type: 'AWS::CloudFormation::Stack' DependsOn: - VPCDHCPOptionsAssociationWaitCondition - RDGWWaitCondition - BastionWaitCondition Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-es-workload-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AdditionalESStorageinGiB: !Ref AdditionalESStorageinGiB AvailabilityZones: !Join - ',' - !Ref AvailabilityZones DatabaseType: !Ref DatabaseType DBBackupRetentionPeriod: !Ref DBBackupRetentionPeriod DBInstanceClass: !Ref DBInstanceClass DBMasterUsername: !Ref DBMasterUsername DBMasterUserPassword: !Ref DBMasterUserPassword DBMasterUserPasswordConfirm: !Ref DBMasterUserPasswordConfirm DBPreferredBackupWindow: !Ref DBPreferredBackupWindow DBPreferredMaintenanceWindow: !Ref DBPreferredMaintenanceWindow DBStorageInGiB: !Ref DBStorageInGiB DemoAppsIngressCIDR: !Ref DemoAppsIngressCIDR DeployMultiAZ: !Ref DeployMultiAZ DirectoryServiceID: !Ref DSMicrosoftAD DomainAdminPassword: !Ref DomainAdminPassword DomainAdminPasswordConfirm: !Ref DomainAdminPasswordConfirm DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !Ref DomainMemberSG DomainNetBIOSName: !Ref DomainNetBIOSName ESCWLogGroupRetentionInDays: !Ref ESCWLogGroupRetentionInDays ESDemoUserPassword: !Ref ESDemoUserPassword ESDemoUserPasswordConfirm: !Ref ESDemoUserPasswordConfirm OS: !Ref OS ESInstanceType: !Ref ESInstanceType NumberOfESInstance: !Ref NumberOfESInstance ESLicenseFilename: !Ref ESLicenseFilename ESResourceNamePrefix: !Ref ESResourceNamePrefix ESS3BucketName: !Ref ESS3BucketName ESS3BucketRegion: !Ref ESS3BucketRegion FileshareType: !Ref FileshareType FSInstanceType: !Ref FSInstanceType FSStorageInGiB: !Ref FSStorageInGiB FSVIEWUserPassword: !Ref FSVIEWUserPassword FSVIEWUserPasswordConfirm: !Ref FSVIEWUserPasswordConfirm InstallFSDemoApp: !Ref InstallFSDemoApp InstallSQLDemoApp: !Ref InstallSQLDemoApp InstallPACDemoApp: !Ref InstallPACDemoApp KeyPairName: !Ref KeyPairName LicenseAgreement: !Ref LicenseAgreement MFDSServiceAccountName: !Ref MFDSServiceAccountName MFDSServiceAccountPassword: !Ref MFDSServiceAccountPassword MFDSServiceAccountPasswordConfirm: !Ref MFDSServiceAccountPasswordConfirm OperatorEmail: !Ref OperatorEmail PACDBInstanceClass: !Ref PACDBInstanceClass PACDBMasterUsername: !Ref PACDBMasterUsername PACDBMasterUserPassword: !Ref PACDBMasterUserPassword PACDBMasterUserPasswordConfirm: !Ref PACDBMasterUserPasswordConfirm PrivateSubnet1AID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID PrivateSubnet2AID: !GetAtt VPCStack.Outputs.PrivateSubnet2AID PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix RDGWAccessSGID: !If - IncludeRDGW - !GetAtt RDGWStack.Outputs.RemoteDesktopGatewaySGID - !Ref DummySecurityGroup BastionAccessSGID: !If - IncludeBastion - !GetAtt BastionStack.Outputs.BastionSecurityGroupID - !Ref DummySecurityGroup RegionsPerInstance: !Ref RegionsPerInstance VPCID: !GetAtt VPCStack.Outputs.VPCID Outputs: DirectoryServiceID: Description: Microsoft directory service ID Value: !Ref DSMicrosoftAD ESDemoAppsPublicNetworkLoadBalancer: Condition: InstallingAtLeastOneDemoApp Description: The DNS name of the Enterprise Server public load balancer Value: !GetAtt EnterpriseServerWorkloadStack.Outputs.ESDemoAppsPublicNetworkLoadBalancer RemoteDesktopGatewayIP: Condition: IncludeRDGW Description: Public IP Address for the Remote Desktop Gateway Value: !GetAtt RDGWStack.Outputs.RDPURL