AWSTemplateFormatVersion: '2010-09-09' Description: >- This template is intended to be installed into an existing VPC with two public subnets. It will create an auto-scaling group of RD Gateway instances in the public VPC subnets. **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1rud44tut) Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network configuration Parameters: - VPCID - PrivateSubnet1AID - PrivateSubnet2AID - Label: default: License configuration Parameters: - LicenseArn - GroupArn - Label: default: BYOL configuration Parameters: - NumberOfBYOLInstances - BYOLInstanceType - BYOLAMI - AdminPassword - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: AdminPassword: default: Admin password QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix QSS3BucketRegion: default: Quick Start S3 bucket Region VPCID: default: VPC ID LicenseArn: default: License ARN GroupArn: default: Group ARN NumberOfBYOLInstances: default: Number of BYOL instances VPCCIDR: default: VPC CIDR PrivateSubnet1AID: default: Private subnet 1 ID PrivateSubnet2AID: default: Private subnet 2 ID BYOLInstanceType: default: BYOL instance type BYOLAMI: default: BYOL AMI Parameters: AdminPassword: Description: Password for the administrative account. Must be at least 8 characters containing letters, numbers and symbols. Type: String MinLength: '8' MaxLength: '32' AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* NoEcho: 'true' LicenseArn: Description: specify license arn Type: String GroupArn: Description: specify group arn Type: String NumberOfBYOLInstances: AllowedValues: - '0' - '1' - '2' - '4' Default: '0' Description: Enter the number of BYOL Instances to be launched. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/16 Description: CIDR block for the VPC. Type: String PrivateSubnet1AID: Description: ID of the Private subnet 1 you want to provision the second Remote Desktop Gateway into (for example, subnet-e3246d8e). Type: AWS::EC2::Subnet::Id PrivateSubnet2AID: Description: ID of the Private subnet 2 that you want to provision the first Remote Desktop Gateway into (for example, subnet-a0246dcd). Type: AWS::EC2::Subnet::Id QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-microsoft-dedicated-host/ Description: S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.' Type: String BYOLInstanceType: Description: Amazon EC2 instance type for BYOL instances. Type: String Default: c5.xlarge AllowedValues: - c5.xlarge - c5.2xlarge - r5.xlarge - r5.2xlarge - m5.xlarge - m5.2xlarge BYOLAMI: Default: 'ami-077f1edd46ddb3129' Description: "Please specify ami ID" Type: String VPCID: Description: ID of the VPC (for example, vpc-0343606e). Type: AWS::EC2::VPC::Id Rules: SubnetsInVPC: Assertions: - Assert: !EachMemberIn - !ValueOfAll - AWS::EC2::Subnet::Id - VpcId - !RefAll 'AWS::EC2::VPC::Id' AssertDescription: All subnets must be in the VPC. Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: DHTemplate: Type: "AWS::EC2::LaunchTemplate" Properties: LaunchTemplateData: ImageId: !Ref 'BYOLAMI' InstanceType: !Ref 'BYOLInstanceType' SecurityGroupIds: - !Ref BYOLInstanceSG UserData: 'Fn::Base64': !Sub | $Admin=[adsi]("WinNT://$env:COMPUTERNAME/Administrator, user") $Admin.SetPassword(${AdminPassword}) #######end ########### BlockDeviceMappings: - DeviceName: /dev/sdk Ebs: VolumeSize: '50' - DeviceName: /dev/sdc VirtualName: ephemeral0 Placement: HostResourceGroupArn: !Ref 'GroupArn' LicenseSpecifications: - LicenseConfigurationArn: !Ref 'LicenseArn' AutoScalingGroup: Type: 'AWS::AutoScaling::AutoScalingGroup' DependsOn: - DHTemplate Properties: AutoScalingGroupName: !Sub "Dedicatedhost-${AWS::StackName}" VPCZoneIdentifier: - !Ref PrivateSubnet1AID - !Ref PrivateSubnet2AID MinSize: !Ref 'NumberOfBYOLInstances' MaxSize: !Ref 'NumberOfBYOLInstances' Tags: - Key: 'Launchedby' Value: 'Quickstart-Automation' PropagateAtLaunch: 'true' LaunchTemplate: LaunchTemplateId: !Ref 'DHTemplate' Version: !GetAtt 'DHTemplate.LatestVersionNumber' BYOLInstanceSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable RDP access from the VPC. VpcId: !Ref 'VPCID' SecurityGroupIngress: - IpProtocol: tcp FromPort: 3389 ToPort: 3389 CidrIp: !Ref 'VPCCIDR' - IpProtocol: tcp FromPort: 3389 ToPort: 3389 CidrIp: !Ref 'VPCCIDR' - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: !Ref 'VPCCIDR' - IpProtocol: udp FromPort: 3391 ToPort: 3391 CidrIp: !Ref 'VPCCIDR' - IpProtocol: icmp FromPort: -1 ToPort: -1 CidrIp: !Ref 'VPCCIDR'