# © Copyright 2018 Micro Focus or one of its affiliates # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. AWSTemplateFormatVersion: 2010-09-09 Description: "This template deploys a Micro Focus Enterprise Server reference architecture including optional Remote Fileshare and SQLServer Database services into an existing VPC. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. License: Apache 2.0 (Please do not remove) Sept,05,2018. Micro Focus Enterprise Server is licensed separately, please review the terms and conditions here (https://www.microfocus.com/about/legal/) for further details. (qs-1p6hinfi)" Metadata: cfn-lint: config: ignore_checks: - E9101 'AWS::CloudFormation::Interface': ParameterGroups: - Label: default: Software License Agreement Parameters: - LicenseAgreement - ESLicenseFilename - Label: default: Network Configuration Parameters: - VPCID - PublicSubnet1ID - PublicSubnet2ID - PrivateSubnet1AID - PrivateSubnet2AID - AvailabilityZones - Label: default: Microsoft Active Directory Configuration Parameters: - DirectoryServiceID - DomainDNSName - DomainNetBIOSName - DomainMemberSGID - DomainAdminPassword - DomainAdminPasswordConfirm - Label: default: Remote Desktop Gateway Configuration Parameters: - RDGWAccessSGID - Label: default: Linux Bastion Configuration Parameters: - BastionAccessSGID - Label: default: Enterprise Server Configuration Parameters: - OS - ESInstanceType - NumberOfESInstance - KeyPairName - RegionsPerInstance - AdditionalESStorageinGiB - ESCWLogGroupRetentionInDays - MFDSServiceAccountName - MFDSServiceAccountPassword - MFDSServiceAccountPasswordConfirm - OperatorEmail - ESS3BucketName - ESS3BucketRegion - ESResourceNamePrefix - Label: default: PAC Configuration Parameters: - InstallPACDemoApp - PACDBInstanceClass - PACDBMasterUsername - PACDBMasterUserPassword - PACDBMasterUserPasswordConfirm - Label: default: Enterprise Server Fileshare Configuration Parameters: - FileshareType - InstallFSDemoApp - FSInstanceType - FSStorageInGiB - FSVIEWUserPassword - FSVIEWUserPasswordConfirm - Label: default: Database Configuration Parameters: - DatabaseType - InstallSQLDemoApp - DBInstanceClass - DBStorageInGiB - DBMasterUsername - DBMasterUserPassword - DBMasterUserPasswordConfirm - DeployMultiAZ - DBBackupRetentionPeriod - DBPreferredBackupWindow - DBPreferredMaintenanceWindow - Label: default: Enterprise Server Demo Apps Configuration Parameters: - ESDemoUserPassword - ESDemoUserPasswordConfirm - DemoAppsIngressCIDR - Label: default: AWS Quick Start Configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: AdditionalESStorageinGiB: default: Additional Enterprise Server instance storage AvailabilityZones: default: Availability Zones BastionAccessSGID: default: Bastion Security Group ID DatabaseType: default: Database type DBBackupRetentionPeriod: default: Database backup retention period DBInstanceClass: default: Database instance class DBMasterUserPassword: default: Database Master password DBMasterUserPasswordConfirm: default: Re-enter the database Master password DBMasterUsername: default: Database Master username DBPreferredBackupWindow: default: Database preferred backup window DBPreferredMaintenanceWindow: default: Database preferred maintenance window DBStorageInGiB: default: Database allocated storage size DemoAppsIngressCIDR: default: Allowed Demo Apps external access CIDR DeployMultiAZ: default: Deploy in multiple Availability Zones DirectoryServiceID: default: Directory Service ID DomainAdminPassword: default: Domain Admin account password DomainAdminPasswordConfirm: default: Re-enter the domain Admin account password DomainDNSName: default: Domain DNS name DomainMemberSGID: default: Domain member Security Group ID DomainNetBIOSName: default: Domain NetBIOS name ESCWLogGroupRetentionInDays: default: Amazon CloudWatch log retention ESDemoUserPassword: default: Enterprise Server Demo User password ESDemoUserPasswordConfirm: default: Re-enter the Enterprise Server Demo User password OS: default: Enterprise Server instance(s) OS type ESInstanceType: default: Enterprise Server instance type ESLicenseFilename: default: Enterprise Server license filename ESResourceNamePrefix: default: Resource 'Name' prefix ESS3BucketName: default: Enterprise Server S3 bucket name ESS3BucketRegion: default: Enterprise Server S3 bucket region FileshareType: default: Fileshare type FSInstanceType: default: Enterprise Server Fileshare instance type FSStorageInGiB: default: Fileshare allocated storage size FSVIEWUserPassword: default: FSVIEW user password FSVIEWUserPasswordConfirm: default: Re-enter the FSVIEW user password InstallFSDemoApp: default: Install Fileshare Demo App InstallSQLDemoApp: default: Install SQLServer Demo App InstallPACDemoApp: default: Install PAC Demo App KeyPairName: default: Key pair name LicenseAgreement: default: License agreement MFDSServiceAccountName: default: Micro Focus Directory Server service domain account name MFDSServiceAccountPassword: default: Micro Focus Directory Server service account password MFDSServiceAccountPasswordConfirm: default: Re-enter the Micro Focus Directory Server service account password NumberOfESInstance: default: Number of Enterprise Server instances OperatorEmail: default: Operator email address PACDBInstanceClass: default: PAC database instance class PACDBMasterUsername: default: PAC database Master username PACDBMasterUserPassword: default: PAC database Master password PACDBMasterUserPasswordConfirm: default: Re-enter the PAC database Master password PrivateSubnet1AID: default: Private Subnet 1A ID PrivateSubnet2AID: default: Private Subnet 2A ID PublicSubnet1ID: default: Public Subnet 1 ID PublicSubnet2ID: default: Public Subnet 2 ID QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 key prefix RDGWAccessSGID: default: RD Gateway Security Group ID RegionsPerInstance: default: Number of Enterprise Server regions per instance VPCID: default: VPC ID Parameters: AdditionalESStorageinGiB: Type: Number Description: >- Additional EBS storage capacity in gibibytes (GiBs) added to each Enterprise Server instance. Enter 0-16384 GiB. MinValue: 0 MaxValue: 16384 Default: 100 AvailabilityZones: Description: >- The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify. Type: 'List' BastionAccessSGID: Type: 'AWS::EC2::SecurityGroup::Id' Description: >- The security group ID for access from the Bastion host. DatabaseType: AllowedValues: - None - Create-RDS-Remote-Database Default: Create-RDS-Remote-Database Description: >- If you choose 'None', the remaining Database Configuration parameters are ignored. Type: String DBBackupRetentionPeriod: Description: >- Select the number of days that Amazon RDS should retain automatic backups of the DB instance. A backup retention period of zero days will disable automated backups for the DB Instance. Default: 30 MinValue: 0 MaxValue: 35 Type: Number DBInstanceClass: AllowedValues: - db.r4.large - db.r4.xlarge - db.r4.2xlarge - db.r4.4xlarge - db.r2.8xlarge Description: The type of Amazon RDS DB instance. Default: db.r4.large Type: String DBMasterUsername: Description: >- Specify an alphanumeric string that defines the login ID for the master user. Master user name must start with a letter. Must contain 1 to 64 alphanumeric characters. AllowedPattern: >- ^[a-zA-Z][a-zA-Z0-9]{1,64}$ ConstraintDescription: >- Must start with a letter. Must contain 1 to 64 alphanumeric characters. Default: DBAdmin Type: String DBMasterUserPassword: AllowedPattern: >- ^((?![\/"@])[^\x00-\x1F\x80-\x9F]){8,}$ ConstraintDescription: >- Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Description: >- The password for the DB master user. Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Type: String NoEcho: true DBMasterUserPasswordConfirm: AllowedPattern: >- ^((?![\/"@])[^\x00-\x1F\x80-\x9F]){8,}$ ConstraintDescription: >- Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Description: >- Confirm the password for the DB master user. Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Type: String NoEcho: true DBPreferredBackupWindow: Description: >- (optional) Must be in the format hh24:mi-hh24:mi, in UTC. Must be at least 30 minutes, and must not conflict with the preferred maintenance window. Type: String DBPreferredMaintenanceWindow: Description: >- (optional) Must be in the format ddd:hh24:mi-ddd:hh24:mi, in UTC. Must be at least 30 minutes. Type: String DBStorageInGiB: Type: Number Description: Enter 20-16384 GiB. MinValue: 20 MaxValue: 16384 Default: 100 DemoAppsIngressCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: The CIDR block parameter must be in the form x.x.x.x/x. Description: >- The allowed CIDR block for external access to the demo apps. The CIDR block parameter must be in the form x.x.x.x/x. Type: String DeployMultiAZ: AllowedValues: - true - false Default: false Description: >- Choose 'true' to deploy the database across multiple Availability Zones. Type: String DirectoryServiceID: Type: String Description: >- The ID of the AWS Managed Microsoft AD directory in which you want to deploy. DomainAdminPassword: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- The password for the domain Admin account. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: true Type: String DomainAdminPasswordConfirm: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Confirm the password for the domain Admin account. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: true Type: String DomainDNSName: AllowedPattern: '[a-zA-Z0-9\-]+\..+' Default: example.com Description: >- The fully qualified domain name (FQDN), e.g., example.com. Must be 2-255 characters. MaxLength: '255' MinLength: '2' Type: String DomainMemberSGID: Description: >- The ID of the Domain Member Security Group (e.g., sg-7f16e910). Type: 'AWS::EC2::SecurityGroup::Id' DomainNetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: example Description: >- The NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Microsoft Windows, e.g., example. MaxLength: '15' Type: String ESCWLogGroupRetentionInDays: Default: 7 Description: The number of days that log events are kept in Amazon CloudWatch Logs. Type: Number ESDemoUserPassword: AllowedPattern: >- ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,32}$ Description: >- The password for the ESDemoUser. Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. ConstraintDescription: >- Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. MaxLength: '32' MinLength: '8' NoEcho: true Type: String ESDemoUserPasswordConfirm: AllowedPattern: >- ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,32}$ Description: >- Confirm the password for the ESDemoUser. Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. ConstraintDescription: >- Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. MaxLength: '32' MinLength: '8' NoEcho: true Type: String OS: AllowedValues: - Windows - Red Hat Enterprise Linux Description: The operating system type for the Enterprise Server instance(s). Default: Windows Type: String PACDBInstanceClass: AllowedValues: - db.r4.large - db.r4.xlarge - db.r4.2xlarge - db.r4.4xlarge - db.r2.8xlarge Description: The type of Amazon RDS DB instance. Default: db.r4.large Type: String PACDBMasterUsername: Description: >- Specify an alphanumeric string that defines the login ID for the master user in the PAC database. Master user name must start with a letter. Must contain 1 to 64 alphanumeric characters. AllowedPattern: >- ^[a-zA-Z][a-zA-Z0-9]{1,64}$ ConstraintDescription: >- Must start with a letter. Must contain 1 to 64 alphanumeric characters. Default: DBAdmin Type: String PACDBMasterUserPassword: AllowedPattern: >- ^((?![\/"@])[^\x00-\x1F\x80-\x9F]){8,}$ ConstraintDescription: >- Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Description: >- The password for the DB master user in the PAC database. Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Type: String NoEcho: true PACDBMasterUserPasswordConfirm: AllowedPattern: >- ^((?![\/"@])[^\x00-\x1F\x80-\x9F]){8,}$ ConstraintDescription: >- Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Description: >- Confirm the password for the DB master user in the PAC database. Must be at least eight characters long, as in "mypassword". Can be any printable ASCII character except "/", """, or "@". Type: String NoEcho: true ESInstanceType: AllowedValues: - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge Description: The type of Enterprise Server instance. Default: c5.large Type: String ESLicenseFilename: Description: >- Place the license file obtained from Micro Focus in the S3 bucket folder: s3:///license/ Type: String ESResourceNamePrefix: Default: 'AWS::StackName' Description: >- Used to prefix resource 'Name' tags. Leave empty for no prefix. Otherwise, use 'AWS::StackName' or a value such as the parent stacks name. Type: String ESS3BucketName: AllowedPattern: '^[a-z0-9][a-z0-9-.]*$' Description: >- The name of the existing S3 bucket used to store/retrieve objects specific to this stack. A system integrator extending this Quick Start should use this bucket to store or retrieve items needed. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String ESS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Enterprise Server S3 bucket (ESS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String FileshareType: AllowedValues: - None - Create-Remote-Fileshare-Server Default: Create-Remote-Fileshare-Server Description: >- If you choose 'None', the remaining Fileshare Configuration parameters are ignored. Type: String FSInstanceType: AllowedValues: - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge Description: The type of Enterprise Server Fileshare instance. Default: c5.large Type: String FSStorageInGiB: Default: 250 Description: Enter 1-16384 GiB. MaxValue: 16384 MinValue: 1 Type: Number FSVIEWUserPassword: AllowedPattern: >- ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,32}$ Description: >- The password for the FSVIEW user. Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. ConstraintDescription: >- Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. MaxLength: '32' MinLength: '8' NoEcho: true Type: String FSVIEWUserPasswordConfirm: AllowedPattern: >- ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,32}$ Description: >- Confirm the password for the FSVIEW user. Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. ConstraintDescription: >- Must contain 8 to 32 characters, at least one uppercase letter, one lowercase letter, one number and one special character. MaxLength: '32' MinLength: '8' NoEcho: true Type: String InstallPACDemoApp: Type: String AllowedValues: - true - false Default: true Description: >- Choose 'false' if you don't want to install the Enterprise Server PAC demo app. InstallFSDemoApp: Type: String AllowedValues: - true - false Default: true Description: >- Choose 'false' if you don't want to install the Enterprise Server Fileshare demo app. Requires selection of the 'Create-Remote-Fileshare-Server' Fileshare type. InstallSQLDemoApp: AllowedValues: - true - false Default: true Description: >- Choose 'false' if you don't want to install the Enterprise Server SQLServer demo app. Requires selection of the 'Create-RDS-Remote-Database' Database type. Type: String KeyPairName: Description: >- The name of an existing EC2 key pair. All instances will launch with this key pair. Type: 'AWS::EC2::KeyPair::KeyName' LicenseAgreement: Description: >- I have read and agree to the license terms for Micro Focus Enterprise Server (https://www.microfocus.com/documentation/enterprise-developer/ed-latest/ES-WIN/GUID-0562B3C9-2271-4CE8-AF64-93DE4940077F.html). Type: String Default: '-' AllowedValues: - I agree - '-' ConstraintDescription: Must answer 'I agree'. MFDSServiceAccountName: Type: String AllowedPattern: '[a-zA-Z0-9]*' Default: 'MFDSServiceAccount' Description: >- The existing domain account name under which the service will run. If left as default, a domain account 'MFDSServiceAccount' is created. The name must be 5-25 characters. MaxLength: '25' MinLength: '5' MFDSServiceAccountPassword: Type: String AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Enter a password for MFDSServiceAccount. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: true MFDSServiceAccountPasswordConfirm: AllowedPattern: >- (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Confirm the password for MFDSServiceAccount. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: true Type: String NumberOfESInstance: AllowedValues: - 1 - 2 Default: 1 Description: The number of Enterprise Server instances to start. Type: Number OperatorEmail: AllowedPattern: >- (?i)^None$|([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?) ConstraintDescription: Must be a valid email address. Description: >- (optional) The email address that notifications are sent to (e.g., database, VM failures, etc.). Type: String Default: None PrivateSubnet1AID: Description: >- The ID of private subnet 1A in Availability Zone 1 (e.g., subnet-a0246dcd). Type: 'AWS::EC2::Subnet::Id' PrivateSubnet2AID: Description: >- The ID of private subnet 2A in Availability Zone 2 (e.g., subnet-01a43dc1ca1fa7f9b). Type: 'AWS::EC2::Subnet::Id' PublicSubnet1ID: Description: >- The ID of public subnet 1 in Availability Zone 1 for the Elastic Load Balancing (ELB) load balancer (e.g., subnet-9bc642ac). Type: 'AWS::EC2::Subnet::Id' PublicSubnet2ID: Description: >- The ID of public subnet 2 in Availability Zone 2 for the Elastic Load Balancing (ELB) load balancer (e.g., subnet-e3246d8e). Type: 'AWS::EC2::Subnet::Id' QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: >- The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-), but should not start or end with a hyphen. Default: aws-quickstart Description: >- The S3 bucket you have created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-), but should not start or end with a hyphen. Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: >- Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-microfocus-amc-es/ Description: >- The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). Type: String RDGWAccessSGID: Type: 'AWS::EC2::SecurityGroup::Id' Description: >- The security group ID for access from the Remote Desktop Gateway. RegionsPerInstance: ConstraintDescription: Must be between 1 and 10 regions per instance. Description: >- The number of regions per Enterprise Server instance. Must be between 1 and 10 regions per instance. Default: 1 MaxValue: 10 MinValue: 1 Type: Number VPCID: Description: ID of your existing VPC for deployment. Type: 'AWS::EC2::VPC::Id' Rules: DBMasterUserPasswordMatchRule: Assertions: - Assert: !Equals - !Ref DBMasterUserPassword - !Ref DBMasterUserPasswordConfirm AssertDescription: Database Master password values do not match. DomainAdminPasswordsMatchRule: Assertions: - Assert: !Equals - !Ref DomainAdminPassword - !Ref DomainAdminPasswordConfirm AssertDescription: Domain Admin account password values do not match. ESDemoUserPasswordMatchRule: Assertions: - Assert: !Equals - !Ref ESDemoUserPassword - !Ref ESDemoUserPasswordConfirm AssertDescription: Enterprise Server Demo user password values do not match. FSVIEWUserPasswordMatchRule: Assertions: - Assert: !Equals - !Ref FSVIEWUserPassword - !Ref FSVIEWUserPasswordConfirm AssertDescription: FSVIEW user password values do not match. PACDBMasterUserPasswordMatchRule: Assertions: - Assert: !Equals - !Ref PACDBMasterUserPassword - !Ref PACDBMasterUserPasswordConfirm AssertDescription: The PAC database Master password values do not match. InstallFSDemoAppRule: RuleCondition: !Equals - !Ref InstallFSDemoApp - 'true' Assertions: - Assert: !Not - !Equals - !Ref FileshareType - None AssertDescription: >- Either choose a Fileshare Type or select 'false' for Install Fileshare Demo App parameter. InstallSQLDemoAppRule: RuleCondition: !Equals - !Ref InstallSQLDemoApp - 'true' Assertions: - Assert: !Not - !Equals - !Ref DatabaseType - None AssertDescription: >- Either choose a Database Type or select 'false' for Install SQLServer Demo App parameter. KeyPairsNotEmpty: Assertions: - Assert: !Not - 'Fn::EachMemberEquals': - 'Fn::RefAll': 'AWS::EC2::KeyPair::KeyName' - '' AssertDescription: All key pair parameters must not be empty. LicenseAgreementRule: Assertions: - Assert: 'Fn::Contains': - - I agree - !Ref LicenseAgreement AssertDescription: User must agree to the terms of the license agreement. MFDSServiceAccountPasswordsMatchRule: Assertions: - Assert: !Equals - !Ref MFDSServiceAccountPassword - !Ref MFDSServiceAccountPasswordConfirm AssertDescription: The Micro Focus Directory Server, Service Account password values do not match. RDSWinAthSupportedRegionRule: RuleCondition: !Equals - !Ref DatabaseType - Create-RDS-Remote-Database Assertions: - Assert: !Contains - - us-east-2 # US East (Ohio) - us-east-1 # US East (N. Virginia) # - us-west-1 # US West (N. California) --> RDS-WinAuth not supported 2020-Feb-07 - us-west-2 # US West (Oregon) - ap-east-1 # Asia Pacific (Hong Kong) # - ap-south-1 # Asia Pacific (Mumbai) --> RDS-WinAuth not supported 2020-Feb-07 - ap-northeast-3 # Asia Pacific (Osaka-Local) - ap-northeast-2 # Asia Pacific (Seoul) - ap-southeast-1 # Asia Pacific (Singapore) - ap-southeast-2 # Asia Pacific (Sydney) - ap-northeast-1 # Asia Pacific (Tokyo) - ca-central-1 # Canada (Central) - cn-north-1 # China (Beijing) - cn-northwest-1 # China (Ningxia) - eu-central-1 # Europe (Frankfurt) - eu-west-1 # Europe (Ireland) - eu-west-2 # Europe (London) - eu-west-3 # Europe (Paris) - eu-north-1 # Europe (Stockholm) - me-south-1 # Middle East (Bahrain) # - sa-east-1 # South America (Sao Paulo) --> RDS-WinAuth not supported 2020-Feb-07 # - us-gov-east-1 # AWS GovCloud (US-East) --> RDS-WinAuth not supported 2020-Feb-07 # - us-gov-west-1 # AWS GovCloud (US-West) --> RDS-WinAuth not supported 2020-Feb-07 - !Ref AWS::Region AssertDescription: This Quick Start utilizes Amazon Relational Database Service (Amazon RDS) Windows Authentication which is not available in the chosen region. Please refer to https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html for more details and launch the stack in one of the supported regions. ESSupportedRegionRule: Assertions: - Assert: !Contains - - us-east-2 # US East (Ohio) - us-east-1 # US East (N. Virginia) - us-west-1 # US West (N. California) - us-west-2 # US West (Oregon) #- ap-east-1 # Asia Pacific (Hong Kong) --> MFES not available - ap-south-1 # Asia Pacific (Mumbai) # - ap-northeast-3 # Asia Pacific (Osaka-Local) --> Osaka-Local not supported - ap-northeast-2 # Asia Pacific (Seoul) - ap-southeast-1 # Asia Pacific (Singapore) - ap-southeast-2 # Asia Pacific (Sydney) - ap-northeast-1 # Asia Pacific (Tokyo) - ca-central-1 # Canada (Central) # - cn-north-1 # China (Beijing) --> MFES not available # - cn-northwest-1 # China (Ningxia) --> MFES not available - eu-central-1 # Europe (Frankfurt) - eu-west-1 # Europe (Ireland) - eu-west-2 # Europe (London) - eu-west-3 # Europe (Paris) - eu-north-1 # Europe (Stockholm) #- me-south-1 # Middle East (Bahrain) --> MFES not available - sa-east-1 # South America (Sao Paulo) # - us-gov-east-1 # AWS GovCloud (US-East) --> GovCloud not supported # - us-gov-west-1 # AWS GovCloud (US-West) --> GovCloud not supported - !Ref AWS::Region AssertDescription: Micro Focus is not currently supporting this Quick Start in the chosen region. Please contact Micro Focus or launch into a different region. Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] CreateRDSRemoteDatabaseStack: !Equals - !Ref DatabaseType - Create-RDS-Remote-Database CreateRemoteFileshareServerStack: !Equals - !Ref FileshareType - Create-Remote-Fileshare-Server GovCloudCondition: !Equals - !Ref 'AWS::Region' - us-gov-west-1 HaveOperatorEmail: !Not - !Equals - !Ref OperatorEmail - None InstallingAtLeastOneDemoApp: !Or - !Condition InstallingFSDemoApp - !Condition InstallingSQLDemoApp - !Condition InstallingPACDemoApp InstallingPACDemoApp: !Equals - !Ref InstallPACDemoApp - 'true' InstallingFSDemoApp: !Equals - !Ref InstallFSDemoApp - 'true' InstallingSQLDemoApp: !Equals - !Ref InstallSQLDemoApp - 'true' NamePrefixIsAWSStackname: !Equals - !Ref ESResourceNamePrefix - 'AWS::StackName' NamePrefixIsUndefined: !Equals - !Ref ESResourceNamePrefix - '' 2InstancesSelected: !Equals - !Ref NumberOfESInstance - 2 Start2Instances: !Or - !Condition 2InstancesSelected - !Condition InstallingPACDemoApp OSRedhat: !Equals - !Ref OS - 'Red Hat Enterprise Linux' OSWindows: !Equals - !Ref OS - 'Windows' Start2RedhatInstances: !And - !Condition Start2Instances - !Condition OSRedhat Start2WindowsInstances: !And - !Condition Start2Instances - !Condition OSWindows CreateWinRemoteFileshareStack: !And - !Condition CreateRemoteFileshareServerStack - !Condition OSWindows CreateRedhatRemoteFileshareStack: !And - !Condition CreateRemoteFileshareServerStack - !Condition OSRedhat Resources: EMailNotificationTopic: Type: 'AWS::SNS::Topic' Condition: HaveOperatorEmail Properties: Subscription: - Endpoint: !Ref OperatorEmail Protocol: email ESCWLogGroup: Type: 'AWS::Logs::LogGroup' Properties: LogGroupName: !Sub - '${StackNamePrefix}-LogGroup' - StackNamePrefix: !If - NamePrefixIsUndefined - '${AWS::StackName}-' - !If - NamePrefixIsAWSStackname - !Sub '${AWS::StackName}-' - !Sub '${ESResourceNamePrefix}-' RetentionInDays: !Ref ESCWLogGroupRetentionInDays RemoteDatabaseServerStack: Type: 'AWS::CloudFormation::Stack' Condition: CreateRDSRemoteDatabaseStack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-db-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: DBBackupRetentionPeriod: !Ref DBBackupRetentionPeriod DBInstanceClass: !Ref DBInstanceClass DBMasterUsername: !Ref DBMasterUsername DBMasterUserPassword: !Ref DBMasterUserPassword DBPreferredBackupWindow: !Ref DBPreferredBackupWindow DBPreferredMaintenanceWindow: !Ref DBPreferredMaintenanceWindow DBStorageInGiB: !Ref DBStorageInGiB DeployMultiAZ: !Ref DeployMultiAZ DirectoryServiceID: !Ref DirectoryServiceID ESClientAccessSGID: !Ref ESInstance1ClientAccessSecurityGroup ESResourceNamePrefix: !Ref ESResourceNamePrefix NotificationARN: !If - HaveOperatorEmail - !Ref EMailNotificationTopic - !Ref 'AWS::NoValue' PrivateSubnet1AID: !Ref PrivateSubnet1AID PrivateSubnet2AID: !Ref PrivateSubnet2AID VPCID: !Ref VPCID RemoteFileshareServerStack: Type: 'AWS::CloudFormation::Stack' Condition: CreateRedhatRemoteFileshareStack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-fs-redhat-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones DomainAdminPassword: !Ref DomainAdminPassword DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !Ref DomainMemberSGID ESCWLogGroup: !Ref ESCWLogGroup ESLicenseFilename: !Ref ESLicenseFilename ESResourceNamePrefix: !Ref ESResourceNamePrefix ESS3BucketName: !Ref ESS3BucketName ESS3BucketRegion: !Ref ESS3BucketRegion FSClientAccessSGID: !Ref ESInstance1ClientAccessSecurityGroup FSInstanceType: !Ref FSInstanceType FSServerName: FSServer FSStorageInGiB: !Ref FSStorageInGiB FSVIEWUserPassword: !Ref FSVIEWUserPassword InstallDemoApps: !Ref InstallFSDemoApp KeyPairName: !Ref KeyPairName LicenseAgreement: !Ref LicenseAgreement NotificationARN: !If - HaveOperatorEmail - !Ref EMailNotificationTopic - !Ref 'AWS::NoValue' PrivateSubnet1AID: !Ref PrivateSubnet1AID QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix BastionAccessSGID: !Ref BastionAccessSGID VPCID: !Ref VPCID RemoteFileshareWinServerStack: Type: 'AWS::CloudFormation::Stack' Condition: CreateWinRemoteFileshareStack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-fs-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones DomainAdminPassword: !Ref DomainAdminPassword DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !Ref DomainMemberSGID DomainNetBIOSName: !Ref DomainNetBIOSName ESCWLogGroup: !Ref ESCWLogGroup ESLicenseFilename: !Ref ESLicenseFilename ESResourceNamePrefix: !Ref ESResourceNamePrefix ESS3BucketName: !Ref ESS3BucketName ESS3BucketRegion: !Ref ESS3BucketRegion FSClientAccessSGID: !Ref ESInstance1ClientAccessSecurityGroup FSInstanceType: !Ref FSInstanceType FSServerName: FSServer FSStorageInGiB: !Ref FSStorageInGiB FSVIEWUserPassword: !Ref FSVIEWUserPassword InstallDemoApps: !Ref InstallFSDemoApp KeyPairName: !Ref KeyPairName LicenseAgreement: !Ref LicenseAgreement NotificationARN: !If - HaveOperatorEmail - !Ref EMailNotificationTopic - !Ref 'AWS::NoValue' PrivateSubnet1AID: !Ref PrivateSubnet1AID QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix RDGWAccessSGID: !Ref RDGWAccessSGID VPCID: !Ref VPCID AuroraServerStack: Type: 'AWS::CloudFormation::Stack' Condition: InstallingPACDemoApp Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-db-aurora-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: DBInstanceClass: !Ref PACDBInstanceClass DBMasterUsername: !Ref PACDBMasterUsername DBMasterUserPassword: !Ref PACDBMasterUserPassword DirectoryServiceID: !Ref DirectoryServiceID ESClientAccessSGID: !Ref ESInstance1ClientAccessSecurityGroup ESResourceNamePrefix: !Ref ESResourceNamePrefix NotificationARN: !If - HaveOperatorEmail - !Ref EMailNotificationTopic - !Ref 'AWS::NoValue' PrivateSubnet1AID: !Ref PrivateSubnet1AID PrivateSubnet2AID: !Ref PrivateSubnet2AID VPCID: !Ref VPCID ESInstanceRole: Type: 'AWS::IAM::Role' Metadata: cfn-lint: config: ignore_checks: - EIAMPolicyActionWildcard ignore_reasons: - EIAMPolicyActionWildcard: "Wildcard action for ESInstancePolicy allowed by design" Properties: AssumeRolePolicyDocument: Statement: - Action: - 'sts:AssumeRole' Effect: Allow Principal: Service: - ec2.amazonaws.com Path: / ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore - !Sub arn:${AWS::Partition}:iam::aws:policy/AmazonSSMDirectoryServiceAccess - !Sub arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy Policies: - PolicyDocument: Statement: - Action: - 's3:GetObject' Effect: Allow Resource: - !Sub - 'arn:${partition}:s3:::${QSS3BucketName}' - partition: !If - GovCloudCondition - aws-us-gov - aws - !Sub - 'arn:${partition}:s3:::${QSS3BucketName}/${QSS3KeyPrefix}*' - partition: !If - GovCloudCondition - aws-us-gov - aws Version: 2012-10-17 PolicyName: aws-quick-start-s3-policy - PolicyDocument: Statement: - Action: - 's3:*' Effect: Allow Resource: - !Sub - 'arn:${partition}:s3:::${ESS3BucketName}' - partition: !If - GovCloudCondition - aws-us-gov - aws - !Sub - 'arn:${partition}:s3:::${ESS3BucketName}/*' - partition: !If - GovCloudCondition - aws-us-gov - aws - Action: - 'ds:Describe*' Effect: Allow Resource: '*' PolicyName: ESInstancePolicy ESInstanceRoleProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: / Roles: - !Ref ESInstanceRole RDSRemoteDatabaseStackCreateWaitHandle: Condition: CreateRDSRemoteDatabaseStack DependsOn: RemoteDatabaseServerStack Type: 'AWS::CloudFormation::WaitConditionHandle' NoRDSRemoteDatabaseStackCreateWaitHandle: Type: 'AWS::CloudFormation::WaitConditionHandle' RDSRemoteDatabaseStackCreateWaitCondition: Type: 'AWS::CloudFormation::WaitCondition' Properties: Handle: !If - CreateRDSRemoteDatabaseStack - !Ref RDSRemoteDatabaseStackCreateWaitHandle - !Ref NoRDSRemoteDatabaseStackCreateWaitHandle Timeout: '1' Count: 0 FSServerWinCreateWaitHandle: Condition: CreateWinRemoteFileshareStack DependsOn: - RemoteFileshareWinServerStack - RDSRemoteDatabaseStackCreateWaitCondition Type: 'AWS::CloudFormation::WaitConditionHandle' NoFSServerWaitHandle: Type: 'AWS::CloudFormation::WaitConditionHandle' FSServerWinWaitCondition: Type: 'AWS::CloudFormation::WaitCondition' Properties: Handle: !If - CreateWinRemoteFileshareStack - !Ref FSServerWinCreateWaitHandle - !Ref NoFSServerWaitHandle Timeout: '1' Count: 0 FSServerRedhatCreateWaitHandle: Condition: CreateRedhatRemoteFileshareStack DependsOn: - RemoteFileshareServerStack - RDSRemoteDatabaseStackCreateWaitCondition Type: 'AWS::CloudFormation::WaitConditionHandle' FSServerRedhatWaitCondition: Type: 'AWS::CloudFormation::WaitCondition' Properties: Handle: !If - CreateRedhatRemoteFileshareStack - !Ref FSServerRedhatCreateWaitHandle - !Ref NoFSServerWaitHandle Timeout: '1' Count: 0 # Security Group for (client/application) ingress traffic into Enterprise Server 1 ESInstance1ClientAccessSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: >- Security Group for (client/application) ingress traffic into Enterprise Server 1 VpcId: !Ref VPCID SecurityGroupIngress: - Description: >- Allows RDP access into the instance from the Remote Desktop Gateway (for administrative purposes) IpProtocol: tcp FromPort: 3389 ToPort: 3389 SourceSecurityGroupId: !Ref RDGWAccessSGID - Description: >- Allows access to the Enterprise Server Admin portal from the Remote Desktop Gateway instances IpProtocol: tcp FromPort: 86 ToPort: 86 SourceSecurityGroupId: !Ref RDGWAccessSGID - !If - OSRedhat - Description: >- Allows access to the Enterprise Server Admin portal from the Bastion hosts IpProtocol: tcp FromPort: 22 ToPort: 22 SourceSecurityGroupId: !Ref BastionAccessSGID - !Ref 'AWS::NoValue' - !If - InstallingAtLeastOneDemoApp - Description: Allow ICMP Destination Unreachable to aid MTU Path Discovery IpProtocol: icmp FromPort: 3 ToPort: 4 CidrIp: !Ref DemoAppsIngressCIDR - !Ref 'AWS::NoValue' - !If - InstallingFSDemoApp - Description: Fileshare Bank Demo Application TN3270 Listener Ingress IpProtocol: tcp FromPort: 5555 ToPort: 5555 CidrIp: !Ref DemoAppsIngressCIDR - !Ref 'AWS::NoValue' - !If - InstallingSQLDemoApp - Description: SQLServer Bank Demo Application TN3270 Listener Ingress IpProtocol: tcp FromPort: 5556 ToPort: 5556 CidrIp: !Ref DemoAppsIngressCIDR - !Ref 'AWS::NoValue' - !If - InstallingPACDemoApp - Description: PAC Bank Demo Application TN3270 Listener Ingress IpProtocol: tcp FromPort: 5557 ToPort: 5557 CidrIp: !Ref DemoAppsIngressCIDR - !Ref 'AWS::NoValue' ElasticacheSecurityGroup: Condition: InstallingPACDemoApp Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref VPCID GroupDescription: "Elasticache Security Group" SecurityGroupIngress: - IpProtocol: "tcp" FromPort: 6379 ToPort: 6379 SourceSecurityGroupId: !Ref ESInstance1ClientAccessSecurityGroup ElasticacheSubnetGroup1: Condition: InstallingPACDemoApp Type: AWS::ElastiCache::SubnetGroup Properties: Description: "Elasticache Subnet Group" SubnetIds: [!Ref PrivateSubnet1AID] Elasticache1: Condition: InstallingPACDemoApp Type: AWS::ElastiCache::CacheCluster Properties: AutoMinorVersionUpgrade: true CacheSubnetGroupName: !Ref ElasticacheSubnetGroup1 Engine: "redis" CacheNodeType: "cache.t2.micro" NumCacheNodes: 1 VpcSecurityGroupIds: [!Ref ElasticacheSecurityGroup,] BootstrapStack: Type: 'AWS::CloudFormation::Stack' DependsOn: - FSServerRedhatWaitCondition - FSServerWinWaitCondition - RDSRemoteDatabaseStackCreateWaitCondition Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-es-bootstrap-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones DBMasterUsername: !Ref DBMasterUsername DBMasterUserPassword: !Ref DBMasterUserPassword PACDBMasterUsername: !Ref PACDBMasterUsername PACDBMasterUserPassword: !Ref PACDBMasterUserPassword DomainAdminPassword: !Ref DomainAdminPassword DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !Ref DomainMemberSGID DomainNetBIOSName: !Ref DomainNetBIOSName ESDemoUserPassword: !Ref ESDemoUserPassword ESClientAccessSGID: !Ref ESInstance1ClientAccessSecurityGroup ESCWLogGroup: !Ref ESCWLogGroup ESDatabaseEndpointAddress: !If - CreateRDSRemoteDatabaseStack - !GetAtt RemoteDatabaseServerStack.Outputs.ESDatabaseEndpointAddress - !Ref 'AWS::NoValue' ESPACDatabaseEndpointAddress: !If - InstallingPACDemoApp - !GetAtt AuroraServerStack.Outputs.ESPACDatabaseEndpointAddress - !Ref 'AWS::NoValue' ESS3BucketName: !Ref ESS3BucketName ESS3BucketRegion: !Ref ESS3BucketRegion FileshareDataFolderUNC: !If - CreateWinRemoteFileshareStack - !GetAtt RemoteFileshareWinServerStack.Outputs.FileshareDataFolderUNC - !Ref 'AWS::NoValue' InstallFSDemoApp: !Ref InstallFSDemoApp InstallPACDemoApp: !Ref InstallPACDemoApp InstallSQLDemoApp: !Ref InstallSQLDemoApp KeyPairName: !Ref KeyPairName MFDSServiceAccountName: !Ref MFDSServiceAccountName MFDSServiceAccountPassword: !Ref MFDSServiceAccountPassword QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix RedisEndPoint: !If - InstallingPACDemoApp - !GetAtt Elasticache1.RedisEndpoint.Address - !Ref 'AWS::NoValue' SubnetID: !Ref PrivateSubnet1AID ESCWAStack: Type: 'AWS::CloudFormation::Stack' DependsOn: - BootstrapStack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-escwa-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones DomainAdminPassword: !Ref DomainAdminPassword DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !Ref DomainMemberSGID DomainNetBIOSName: !Ref DomainNetBIOSName EMailNotificationTopic: !If - HaveOperatorEmail - !Ref EMailNotificationTopic - !Ref 'AWS::NoValue' ESClientAccessSGID: !Ref ESInstance1ClientAccessSecurityGroup ESCWLogGroup: !Ref ESCWLogGroup ESCWAInstanceType: !Ref ESInstanceType ESLicenseFilename: !Ref ESLicenseFilename ESS3BucketName: !Ref ESS3BucketName ESS3BucketRegion: !Ref ESS3BucketRegion KeyPairName: !Ref KeyPairName LicenseAgreement: !Ref LicenseAgreement MFDSServiceAccountName: !Ref MFDSServiceAccountName MFDSServiceAccountPassword: !Ref MFDSServiceAccountPassword QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix SubnetID: !Ref PrivateSubnet1AID ESInstanceStack1: Condition: OSRedhat Type: 'AWS::CloudFormation::Stack' DependsOn: - ESCWAStack - BootstrapStack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-es-redhat-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones DomainAdminPassword: !Ref DomainAdminPassword DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !Ref DomainMemberSGID DBMasterUserPassword: !Ref DBMasterUserPassword EMailNotificationTopic: !If - HaveOperatorEmail - !Ref EMailNotificationTopic - !Ref 'AWS::NoValue' ESClientAccessSGID: !Ref ESInstance1ClientAccessSecurityGroup ESCWLogGroup: !Ref ESCWLogGroup ESInstanceName: ESServer1 ESInstanceType: !Ref ESInstanceType ESLicenseFilename: !Ref ESLicenseFilename ESS3BucketName: !Ref ESS3BucketName ESS3BucketRegion: !Ref ESS3BucketRegion InstallFSDemoApp: !Ref InstallFSDemoApp InstallPACDemoApp: !Ref InstallPACDemoApp InstallSQLDemoApp: !Ref InstallSQLDemoApp AdditionalESStorageinGiB: !Ref AdditionalESStorageinGiB KeyPairName: !Ref KeyPairName LicenseAgreement: !Ref LicenseAgreement PACDBMasterUserPassword: !Ref PACDBMasterUserPassword QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix RegionsPerInstance: !Ref RegionsPerInstance SubnetID: !Ref PrivateSubnet1AID ESInstanceStack2: Condition: Start2RedhatInstances Type: 'AWS::CloudFormation::Stack' DependsOn: - ESCWAStack - BootstrapStack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-es-redhat-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones DomainAdminPassword: !Ref DomainAdminPassword DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !Ref DomainMemberSGID DBMasterUserPassword: !Ref DBMasterUserPassword EMailNotificationTopic: !If - HaveOperatorEmail - !Ref EMailNotificationTopic - !Ref 'AWS::NoValue' ESClientAccessSGID: !Ref ESInstance1ClientAccessSecurityGroup ESCWLogGroup: !Ref ESCWLogGroup ESInstanceName: ESServer2 ESInstanceType: !Ref ESInstanceType ESLicenseFilename: !Ref ESLicenseFilename ESS3BucketName: !Ref ESS3BucketName ESS3BucketRegion: !Ref ESS3BucketRegion InstallFSDemoApp: !Ref InstallFSDemoApp InstallPACDemoApp: !Ref InstallPACDemoApp InstallSQLDemoApp: !Ref InstallSQLDemoApp AdditionalESStorageinGiB: !Ref AdditionalESStorageinGiB KeyPairName: !Ref KeyPairName LicenseAgreement: !Ref LicenseAgreement PACDBMasterUserPassword: !Ref PACDBMasterUserPassword QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix RegionsPerInstance: !Ref RegionsPerInstance SubnetID: !Ref PrivateSubnet1AID ESInstanceWinStack1: Condition: OSWindows Type: 'AWS::CloudFormation::Stack' DependsOn: - ESCWAStack - BootstrapStack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-es-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones DomainAdminPassword: !Ref DomainAdminPassword DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !Ref DomainMemberSGID DomainNetBIOSName: !Ref DomainNetBIOSName EMailNotificationTopic: !If - HaveOperatorEmail - !Ref EMailNotificationTopic - !Ref 'AWS::NoValue' ESClientAccessSGID: !Ref ESInstance1ClientAccessSecurityGroup ESCWLogGroup: !Ref ESCWLogGroup ESDatabaseEndpointAddress: !If - CreateRDSRemoteDatabaseStack - !GetAtt RemoteDatabaseServerStack.Outputs.ESDatabaseEndpointAddress - !Ref 'AWS::NoValue' ESInstanceName: ESServer1 ESInstanceType: !Ref ESInstanceType ESLicenseFilename: !Ref ESLicenseFilename ESS3BucketName: !Ref ESS3BucketName ESS3BucketRegion: !Ref ESS3BucketRegion InstallFSDemoApp: !Ref InstallFSDemoApp InstallPACDemoApp: !Ref InstallPACDemoApp InstallSQLDemoApp: !Ref InstallSQLDemoApp AdditionalESStorageinGiB: !Ref AdditionalESStorageinGiB KeyPairName: !Ref KeyPairName LicenseAgreement: !Ref LicenseAgreement MFDSServiceAccountName: !Ref MFDSServiceAccountName MFDSServiceAccountPassword: !Ref MFDSServiceAccountPassword PACDBMasterUserPassword: !Ref PACDBMasterUserPassword QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix RegionsPerInstance: !Ref RegionsPerInstance SubnetID: !Ref PrivateSubnet1AID ESInstanceWinStack2: Condition: Start2WindowsInstances Type: 'AWS::CloudFormation::Stack' DependsOn: - ESCWAStack - BootstrapStack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/mf-es-template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones DomainAdminPassword: !Ref DomainAdminPassword DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !Ref DomainMemberSGID DomainNetBIOSName: !Ref DomainNetBIOSName EMailNotificationTopic: !If - HaveOperatorEmail - !Ref EMailNotificationTopic - !Ref 'AWS::NoValue' ESClientAccessSGID: !Ref ESInstance1ClientAccessSecurityGroup ESCWLogGroup: !Ref ESCWLogGroup ESDatabaseEndpointAddress: !If - CreateRDSRemoteDatabaseStack - !GetAtt RemoteDatabaseServerStack.Outputs.ESDatabaseEndpointAddress - !Ref 'AWS::NoValue' ESInstanceName: ESServer2 ESInstanceType: !Ref ESInstanceType ESLicenseFilename: !Ref ESLicenseFilename ESS3BucketName: !Ref ESS3BucketName ESS3BucketRegion: !Ref ESS3BucketRegion InstallFSDemoApp: !Ref InstallFSDemoApp InstallPACDemoApp: !Ref InstallPACDemoApp InstallSQLDemoApp: !Ref InstallSQLDemoApp AdditionalESStorageinGiB: !Ref AdditionalESStorageinGiB KeyPairName: !Ref KeyPairName LicenseAgreement: !Ref LicenseAgreement MFDSServiceAccountName: !Ref MFDSServiceAccountName MFDSServiceAccountPassword: !Ref MFDSServiceAccountPassword PACDBMasterUserPassword: !Ref PACDBMasterUserPassword QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix RegionsPerInstance: !Ref RegionsPerInstance SubnetID: !Ref PrivateSubnet1AID ESDemoAppsPublicNetworkLoadBalancer: Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer' Condition: InstallingAtLeastOneDemoApp Properties: IpAddressType: ipv4 LoadBalancerAttributes: - Key: load_balancing.cross_zone.enabled Value: 'true' Scheme: internet-facing Subnets: - !Ref PublicSubnet1ID - !Ref PublicSubnet2ID Tags: - Key: Name Value: !Sub - '${StackNamePrefix}ESPublicNetworkLoadBalancer' - StackNamePrefix: !If - NamePrefixIsUndefined - '' - !If - NamePrefixIsAWSStackname - !Sub '${AWS::StackName}-' - !Sub '${ESResourceNamePrefix}-' Type: network FSDemoApp3270AppsLoadBalancerTargetGroup: Type: 'AWS::ElasticLoadBalancingV2::TargetGroup' Condition: InstallingFSDemoApp Properties: HealthCheckIntervalSeconds: 30 HealthCheckPort: "5555" HealthCheckProtocol: TCP HealthCheckTimeoutSeconds: 10 HealthyThresholdCount: 3 Port: 5555 Protocol: TCP Tags: - Key: Name Value: !Sub - '${StackNamePrefix}FSDemoApp3270' - StackNamePrefix: !If - NamePrefixIsUndefined - '' - !If - NamePrefixIsAWSStackname - !Sub '${AWS::StackName}-' - !Sub '${ESResourceNamePrefix}-' Targets: - !If - OSRedhat - Id: !GetAtt ESInstanceStack1.Outputs.ESInstanceID Port: 5555 - !Ref 'AWS::NoValue' - !If - Start2RedhatInstances - Id: !GetAtt ESInstanceStack2.Outputs.ESInstanceID Port: 5555 - !Ref 'AWS::NoValue' - !If - OSWindows - Id: !GetAtt ESInstanceWinStack1.Outputs.ESInstanceID Port: 5555 - !Ref 'AWS::NoValue' - !If - Start2WindowsInstances - Id: !GetAtt ESInstanceWinStack2.Outputs.ESInstanceID Port: 5555 - !Ref 'AWS::NoValue' TargetType: instance UnhealthyThresholdCount: 3 VpcId: !Ref VPCID FSDemoApp3270AppsLoadBalancerListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' Condition: InstallingFSDemoApp Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref FSDemoApp3270AppsLoadBalancerTargetGroup LoadBalancerArn: !Ref ESDemoAppsPublicNetworkLoadBalancer Port: 5555 Protocol: TCP SQLDemoApp3270AppsLoadBalancerTargetGroup: Type: 'AWS::ElasticLoadBalancingV2::TargetGroup' Condition: InstallingSQLDemoApp Properties: HealthCheckIntervalSeconds: 30 HealthCheckPort: "5556" HealthCheckProtocol: TCP HealthCheckTimeoutSeconds: 10 HealthyThresholdCount: 3 Port: 5556 Protocol: TCP Tags: - Key: Name Value: !Sub - '${StackNamePrefix}SQLDemoApp3270' - StackNamePrefix: !If - NamePrefixIsUndefined - '' - !If - NamePrefixIsAWSStackname - !Sub '${AWS::StackName}-' - !Sub '${ESResourceNamePrefix}-' Targets: - !If - OSRedhat - Id: !GetAtt ESInstanceStack1.Outputs.ESInstanceID Port: 5556 - !Ref 'AWS::NoValue' - !If - Start2RedhatInstances - Id: !GetAtt ESInstanceStack2.Outputs.ESInstanceID Port: 5556 - !Ref 'AWS::NoValue' - !If - OSWindows - Id: !GetAtt ESInstanceWinStack1.Outputs.ESInstanceID Port: 5556 - !Ref 'AWS::NoValue' - !If - Start2WindowsInstances - Id: !GetAtt ESInstanceWinStack2.Outputs.ESInstanceID Port: 5556 - !Ref 'AWS::NoValue' TargetType: instance UnhealthyThresholdCount: 3 VpcId: !Ref VPCID SQLDemoApp3270AppsLoadBalancerListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' Condition: InstallingSQLDemoApp Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref SQLDemoApp3270AppsLoadBalancerTargetGroup LoadBalancerArn: !Ref ESDemoAppsPublicNetworkLoadBalancer Port: 5556 Protocol: TCP PACDemoApp3270AppsLoadBalancerTargetGroup: Type: 'AWS::ElasticLoadBalancingV2::TargetGroup' Condition: InstallingPACDemoApp Properties: HealthCheckIntervalSeconds: 30 HealthCheckPort: "5557" HealthCheckProtocol: TCP HealthCheckTimeoutSeconds: 10 HealthyThresholdCount: 3 Port: 5557 Protocol: TCP Tags: - Key: Name Value: !Sub - '${StackNamePrefix}SQLDemoApp3270' - StackNamePrefix: !If - NamePrefixIsUndefined - '' - !If - NamePrefixIsAWSStackname - !Sub '${AWS::StackName}-' - !Sub '${ESResourceNamePrefix}-' Targets: - !If - OSRedhat - Id: !GetAtt ESInstanceStack1.Outputs.ESInstanceID Port: 5557 - !Ref 'AWS::NoValue' - !If - Start2RedhatInstances - Id: !GetAtt ESInstanceStack2.Outputs.ESInstanceID Port: 5557 - !Ref 'AWS::NoValue' - !If - OSWindows - Id: !GetAtt ESInstanceWinStack1.Outputs.ESInstanceID Port: 5557 - !Ref 'AWS::NoValue' - !If - Start2WindowsInstances - Id: !GetAtt ESInstanceWinStack2.Outputs.ESInstanceID Port: 5557 - !Ref 'AWS::NoValue' TargetType: instance UnhealthyThresholdCount: 3 VpcId: !Ref VPCID PACDemoApp3270AppsLoadBalancerListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' Condition: InstallingPACDemoApp Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref PACDemoApp3270AppsLoadBalancerTargetGroup LoadBalancerArn: !Ref ESDemoAppsPublicNetworkLoadBalancer Port: 5557 Protocol: TCP Outputs: ESDemoAppsPublicNetworkLoadBalancer: Condition: InstallingAtLeastOneDemoApp Description: The DNS name for the load balancer. Value: !GetAtt ESDemoAppsPublicNetworkLoadBalancer.DNSName