AWSTemplateFormatVersion: '2010-09-09' Description: >- This template creates a VPC infrastructure for a multi-AZ, multi-tier deployment of a Windows based Application infrastructure. It installs 2 Windows Active Directory Domain Controllers into private subnets in separate Availability Zones inside a VPC, as well as Remote Desktop Gateway instances and managed NAT gateways into the public subnet for each Availability Zone. The default Domain Administrator password will be the one retrieved from the instance. For adding members to the domain, ensure that they are launched into the domain member security group created by this template and then configure them to use the AD instances fixed private IP addresses as the DNS server. **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1rtnidq09) Metadata: cfn-lint: config: ignore_checks: - W9006 - W9901 - E9902 QuickStartDocumentation: EntrypointName: Parameters for deploying self-managed AD into a new VPC Order: '1' AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network configuration Parameters: - AvailabilityZones - NumberOfAZs - VPCCIDR - DHCPOptionSet - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PrivateSubnet3CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PublicSubnet3CIDR - Label: default: Amazon EC2 configuration Parameters: - ADServer1InstanceType - ADServer1NetBIOSName - ADServer1PrivateIP - ADServer2InstanceType - ADServer2NetBIOSName - ADServer2PrivateIP - ADServerEnableAdvancedAudtingandMetrics - DataDriveSizeGiB - KeyPairName - Label: default: Microsoft Active Directory Domain Services configuration Parameters: - DomainAdminUser - DomainAdminPassword - DomainDNSName - DomainNetBIOSName - CreateDefaultOUs - TombstoneLifetime - DeletedObjectLifetime - SetupAppInsightsMonitoring - Label: default: Microsoft Active Directory Certificate Services configuration Parameters: - PKI - CaServerInstanceType - CaDataDriveSizeGiB - OrCaServerNetBIOSName - EntCaServerNetBIOSName - CaKeyLength - CaHashAlgorithm - OrCaValidityPeriodUnits - CaValidityPeriodUnits - UseS3ForCRL - PKIEnableAdvancedAudtingandMetrics - S3CRLBucketName - Label: default: Microsoft Remote Desktop Gateway configuration Parameters: - NumberOfRDGWHosts - RDGWInstanceType - RDGWCIDR - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: ADServer1InstanceType: default: Domain Controller 1 Instance Type ADServer1NetBIOSName: default: Domain Controller 1 NetBIOS Name ADServer1PrivateIP: default: Domain Controller 1 Private IP Address ADServer2InstanceType: default: Domain Controller 2 Instance Type ADServer2NetBIOSName: default: Domain Controller 2 NetBIOS Name ADServer2PrivateIP: default: Domain Controller 2 Private IP Address ADServerEnableAdvancedAudtingandMetrics: default: Advanced Auditing and Metrics AvailabilityZones: default: Availability Zones CaDataDriveSizeGiB: default: CA Data Drive Size CaHashAlgorithm: default: CA Hash Algorithm CaKeyLength: default: CA Key Length CaServerInstanceType: default: CA Instance Type CaValidityPeriodUnits: default: Enterprise Root or Subordinate CA Certificate Validity Period in Years CreateDefaultOUs: default: Create Default OUs DHCPOptionSet: default: Create a DHCP Options set DataDriveSizeGiB: default: SYSVOL and NTDS and Data Drive Size DeletedObjectLifetime: default: Set new Deleted Objects Lifetime DomainAdminPassword: default: Alternate Domain Admin Password DomainAdminUser: default: Alternate Domain Admin User Name DomainDNSName: default: Domain DNS Name DomainNetBIOSName: default: Domain NetBIOS Name EntCaServerNetBIOSName: default: Enterprise Root or Subordinate CA NetBIOS Name KeyPairName: default: Key Pair Name NumberOfAZs: default: Number of Availability Zones NumberOfRDGWHosts: default: Number of RDGW Hosts OrCaServerNetBIOSName: default: Offline Root CA NetBIOS Name (Only Used For Two Tier PKI) OrCaValidityPeriodUnits: default: Offline Root CA Certificate Validity Period in Years (Only Used For Two Tier PKI) PKI: default: Deploy PKI Infrastructure PKIEnableAdvancedAudtingandMetrics: default: Advanced Auditing and Metrics for PKI Instance(s) PrivateSubnet1CIDR: default: Private Subnet 1 CIDR PrivateSubnet2CIDR: default: Private Subnet 2 CIDR PrivateSubnet3CIDR: default: (Optional) Private Subnet 3 CIDR PublicSubnet1CIDR: default: Public Subnet 1 CIDR PublicSubnet2CIDR: default: Public Subnet 2 CIDR PublicSubnet3CIDR: default: (Optional) Public Subnet 3 CIDR QSS3BucketName: default: Quick Start S3 Bucket Name QSS3BucketRegion: default: Quick Start S3 Bucket Region QSS3KeyPrefix: default: Quick Start S3 Key Prefix RDGWCIDR: default: Allowed Remote Desktop Gateway External Access CIDR RDGWInstanceType: default: Remote Desktop Gateway Instance Type SetupAppInsightsMonitoring: default: Setup Application Insights monitoring S3CRLBucketName: default: CA CRL S3 Bucket Name TombstoneLifetime: default: Set new Tombstone Lifetime UseS3ForCRL: default: Use S3 for CA CRL Location VPCCIDR: default: VPC CIDR Parameters: ADServer1InstanceType: AllowedValues: - t3.medium - t3.large - t3.xlarge - t3.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: m5.large Description: Amazon EC2 instance type for the first Active Directory Domain Controller instance Type: String ADServer1NetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: DC1 Description: NetBIOS name of the first Active Directory Domain Controller (up to 15 characters) MaxLength: '15' MinLength: '1' Type: String ADServer1PrivateIP: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.0.10 Description: Fixed private IP for the first Active Directory Domain Controller located in Availability Zone 1 Type: String ADServer2InstanceType: AllowedValues: - t3.medium - t3.large - t3.xlarge - t3.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: m5.large Description: Amazon EC2 instance type for the second Active Directory Domain Controller instance Type: String ADServer2NetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: DC2 Description: NetBIOS name of the second Active Directory Domain Controller (up to 15 characters) MaxLength: '15' MinLength: '1' Type: String ADServer2PrivateIP: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.32.10 Description: Fixed private IP for the second Active Directory Domain Controller located in Availability Zone 2 Availability Zone 2 Type: String ADServerEnableAdvancedAudtingandMetrics: Description: Enable advanced auditing and metrics and upload them to CloudWatch using the Amazon Kinesis Agent for Microsoft Windows AllowedValues: - 'true' - 'false' Type: String Default: 'false' AvailabilityZones: Description: 'List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved and only 2 AZs are used for this deployment' Type: List CaDataDriveSizeGiB: Default: '2' Description: Size of the data drive in GiB for the CA instance(s) Type: Number MinValue: '2' MaxValue: '16384' CaHashAlgorithm: AllowedValues: - SHA256 - SHA384 - SHA512 Default: SHA256 Description: CA(s) Hash Algorithm for Siging Certificates Type: String CaKeyLength: AllowedValues: - '2048' - '4096' Default: '2048' Description: CA(s) Cryptographic Provider Key Length Type: String CaServerInstanceType: AllowedValues: - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: t3.medium Description: Amazon EC2 instance type for the CA instance(s) Type: String CaValidityPeriodUnits: Default: '5' Description: Validity Period in Years Type: Number MinValue: '1' CreateDefaultOUs: AllowedValues: - 'Yes' - 'No' Default: 'No' Description: Domain Elevated Accounts, Domain Users, Domain Computers, Domain Servers, Domain Service Accounts, and Domain Groups OUs and set the default users and computers containers to Domain Users and Domain Computers Type: String DHCPOptionSet: AllowedValues: - 'Yes' - 'No' Default: 'Yes' Description: Do you want to create and apply a new DHCP Options Set Type: String DataDriveSizeGiB: Default: '10' Description: Size of SYSVOL and NTDS data drive in GiB Type: Number MinValue: '1' MaxValue: '16384' DeletedObjectLifetime: Default: '180' Description: The number of days before a deleted object is removed from the Active Directory recycling bin, minimum number is 2 Type: Number MinValue: '2' DomainAdminPassword: AllowedPattern: '(?=^.{8,32}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*' Description: Password for the account named above. Must be at least 8 characters containing letters, numbers and symbols MaxLength: '32' MinLength: '8' NoEcho: 'true' Type: String DomainAdminUser: AllowedPattern: '^[a-zA-Z0-9]+$' Default: Admin Description: User name for the account that will be added as a Domain Administrator. This is separate from the default "Administrator" account MaxLength: '25' MinLength: '5' Type: String DomainDNSName: AllowedPattern: '^[a-zA-Z0-9]+[a-zA-Z0-9\-]*\.[a-zA-Z0-9]+$' Default: example.com Description: Fully qualified domain name (FQDN) of the forest root domain e.g. example.com MaxLength: '64' MinLength: '2' Type: String DomainNetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: example Description: NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Windows e.g. EXAMPLE MaxLength: '15' MinLength: '1' Type: String EntCaServerNetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: ENTCA1 Description: NetBIOS name of the Enterprise Root or Subordinate CA server (up to 15 characters) MaxLength: '15' MinLength: '1' Type: String KeyPairName: Description: Public/private key pairs allow you to securely connect to your instance after it launches Type: AWS::EC2::KeyPair::KeyName NumberOfAZs: AllowedValues: - '2' - '3' Default: '2' Description: Number of Availability Zones to use in the VPC. This must match your selections in the list of Availability Zones parameter Type: String NumberOfRDGWHosts: AllowedValues: - '0' - '1' - '2' - '3' - '4' Default: '0' Description: Enter the number of Remote Desktop Gateway instances to create Type: String OrCaServerNetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: ORCA1 Description: NetBIOS name of the Offline Root CA server (Only Used For Two Tier PKI) (up to 15 characters) MaxLength: '15' MinLength: '1' Type: String OrCaValidityPeriodUnits: Default: '10' Description: Validity Period in Years (Only Used For Two Tier PKI) MinValue: '1' Type: Number PKI: AllowedValues: - One-Tier - Two-Tier - 'No' Default: 'No' Description: Deploy Two Tier (Offline Root with Subordinate Enterprise CA) or One Tier (Enterprise Root CA) PKI Infrastructure Type: String PKIEnableAdvancedAudtingandMetrics: AllowedValues: - 'true' - 'false' Default: 'false' Description: Enable advanced auditing and metrics and upload them to CloudWatch using the Amazon Kinesis Agent for Microsoft Windows Type: String PrivateSubnet1CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Description: CIDR block for private subnet 1 located in Availability Zone 1 Type: String PrivateSubnet2CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Description: CIDR block for private subnet 2 located in Availability Zone 2 Type: String PrivateSubnet3CIDR: AllowedPattern: '^$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' Default: 10.0.64.0/19 Description: CIDR block for private subnet 3 located in Availability Zone 3 Type: String PublicSubnet1CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/20 Description: CIDR Block for the public subnet 1 located in Availability Zone 1 Type: String PublicSubnet2CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.144.0/20 Description: CIDR Block for the public subnet 2 located in Availability Zone 2 Type: String PublicSubnet3CIDR: AllowedPattern: '^$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' Default: 10.0.64.0/19 Description: CIDR Block for the public subnet 3 located in Availability Zone 3 Type: String QSS3BucketName: AllowedPattern: '^[a-z0-9]+[a-z0-9\.\-]*[a-z0-9]+$' ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-) Default: aws-quickstart Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-) Type: String QSS3BucketRegion: AllowedPattern: '^[a-z]+\-[a-z\-]+\-[0-9]{1}$' Default: us-east-1 Description: The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value Type: String QSS3KeyPrefix: AllowedPattern: '^[a-zA-Z0-9\-\/]+$' ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/) Default: quickstart-microsoft-activedirectory/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/) Type: String RDGWCIDR: AllowedPattern: '^$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Default: 10.0.0.0/16 Description: Allowed CIDR Block for external access to the Remote Desktop Gateways Type: String RDGWInstanceType: AllowedValues: - t2.small - t2.medium - t2.large - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - t3a.micro - t3a.small - t3a.medium - t3a.large - t3a.xlarge - t3a.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5a.large - m5a.xlarge - m5a.2xlarge Default: t3.large Description: Amazon EC2 instance type for the Remote Desktop Gateway instances Type: String SetupAppInsightsMonitoring: AllowedValues: - 'true' - 'false' Default: 'false' Type: String S3CRLBucketName: AllowedPattern: '^[a-z0-9]+[a-z0-9\.\-]*[a-z0-9]+$' Default: examplebucket Description: S3 bucket name for CA CRL(s) storage. Bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-) Type: String TombstoneLifetime: Default: '180' Description: The number of days before a deleted object is removed from Active Directory, minimum number is 2 Type: Number MinValue: '2' UseS3ForCRL: AllowedValues: - 'Yes' - 'No' Default: 'No' Description: Store CA CRL(s) in an S3 bucket Type: String VPCCIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR Block for the VPC Type: String Conditions: AppInsightsEnabled: !Equals [!Ref SetupAppInsightsMonitoring, true] IncludeRDGW: !Not [!Equals [!Ref NumberOfRDGWHosts, '0']] IsTwoAz: !Equals [!Ref NumberOfAZs, '2'] UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Rules: CheckSupportedInstances: RuleCondition: !Or - !Contains [[m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge], !Ref ADServer1InstanceType] - !Contains [[m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge], !Ref ADServer2InstanceType] Assertions: - Assert: !Not [!Contains [[eu-west-3], !Ref AWS::Region]] AssertDescription: M4 instances are not available in the Paris region S3CRLBucketNameValidation: RuleCondition: !And - !Equals [!Ref UseS3ForCRL, 'Yes'] - !Not [!Equals [!Ref PKI, 'No']] Assertions: - AssertDescription: CRL BucketName cannot must be valid BucketName Assert: !Not [!Equals [!Ref S3CRLBucketName, 'examplebucket']] ValidateRdgw: RuleCondition: !Not - !Equals - !Ref NumberOfRDGWHosts - '0' Assertions: - Assert: !Not - !Equals - !Ref RDGWCIDR - '' AssertDescription: if condition IncludeRDGW is true, then RDGWCIDR cannot be left empty Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join [',', !Ref AvailabilityZones] NumberOfAZs: !If [IsTwoAz, '2', '3'] PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR PrivateSubnet3ACIDR: !If [IsTwoAz, !Ref AWS::NoValue, !Ref PrivateSubnet3CIDR] PublicSubnet1CIDR: !Ref PublicSubnet1CIDR PublicSubnet2CIDR: !Ref PublicSubnet2CIDR PublicSubnet3CIDR: !If [IsTwoAz, !Ref AWS::NoValue, !Ref PublicSubnet3CIDR] VPCCIDR: !Ref VPCCIDR ADStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/ad-1.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: ADServer1InstanceType: !Ref ADServer1InstanceType ADServer1NetBIOSName: !Ref ADServer1NetBIOSName ADServer1PrivateIP: !Ref ADServer1PrivateIP ADServer2InstanceType: !Ref ADServer2InstanceType ADServer2NetBIOSName: !Ref ADServer2NetBIOSName ADServer2PrivateIP: !Ref ADServer2PrivateIP EnableAdvancedAudtingandMetrics: !Ref ADServerEnableAdvancedAudtingandMetrics CaDataDriveSizeGiB: !Ref CaDataDriveSizeGiB CaHashAlgorithm: !Ref CaHashAlgorithm CaKeyLength: !Ref CaKeyLength CaServerInstanceType: !Ref CaServerInstanceType CaValidityPeriodUnits: !Ref CaValidityPeriodUnits CreateDefaultOUs: !Ref CreateDefaultOUs DHCPOptionSet: !Ref DHCPOptionSet DataDriveSizeGiB: !Ref DataDriveSizeGiB DeletedObjectLifetime: !Ref DeletedObjectLifetime DomainAdminPassword: !Ref DomainAdminPassword DomainAdminUser: !Ref DomainAdminUser DomainDNSName: !Ref DomainDNSName DomainNetBIOSName: !Ref DomainNetBIOSName EntCaServerNetBIOSName: !Ref EntCaServerNetBIOSName KeyPairName: !Ref KeyPairName OrCaServerNetBIOSName: !Ref OrCaServerNetBIOSName OrCaValidityPeriodUnits: !Ref OrCaValidityPeriodUnits PKI: !Ref PKI PKIEnableAdvancedAudtingandMetrics: !Ref PKIEnableAdvancedAudtingandMetrics PrivateSubnet1ID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID PrivateSubnet2ID: !GetAtt VPCStack.Outputs.PrivateSubnet2AID QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix SetupAppInsightsMonitoring: !Ref SetupAppInsightsMonitoring S3CRLBucketName: !Ref S3CRLBucketName TombstoneLifetime: !Ref TombstoneLifetime UseS3ForCRL: !Ref UseS3ForCRL VPCCIDR: !Ref VPCCIDR VPCID: !GetAtt VPCStack.Outputs.VPCID RDGWStack: Condition: IncludeRDGW Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/templates/rdgw-domain.template' - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: DomainAdminPassword: !Ref DomainAdminPassword DomainAdminUser: !Ref DomainAdminUser DomainDNSName: !Ref DomainDNSName DomainMemberSGID: !GetAtt ADStack.Outputs.DomainMemberSGID DomainNetBIOSName: !Ref DomainNetBIOSName KeyPairName: !Ref KeyPairName NumberOfRDGWHosts: !Ref NumberOfRDGWHosts PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Sub ${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/ RDGWCIDR: !Ref RDGWCIDR RDGWInstanceType: !Ref RDGWInstanceType VPCID: !GetAtt VPCStack.Outputs.VPCID