AWSTemplateFormatVersion: '2010-09-09' Description: >- This template creates a VPC infrastructure for a multi-AZ, multi-tier deployment of a Windows based Application infrastructure. It will deploy managed NAT gateways into the public subnet for each Availability Zone. **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1rud44trf) Metadata: QuickStartDocumentation: EntrypointName: "Parameters for deploying into a new VPC" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network configuration Parameters: - AvailabilityZones - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - Label: default: Amazon EC2 configuration Parameters: - KeyPairName - RDGWInstanceType - Label: default: Microsoft Remote Desktop Gateway configuration Parameters: - NumberOfRDGWHosts - AdminUser - AdminPassword - DomainDNSName - RDGWCIDR - Label: default: AWS License Manager configuration Parameters: - LMConfigRuleName - LicenseCountingType - LicenseCount - LicenseCountHardLimit - PlatformName - PlatformVersion - Label: default: Host resource group configuration Parameters: - HostResourceGroupName - AllowedInstanceFamily - AutoAllocateHost - AutoRecoverHost - AutoReleaseHost - Label: default: BYOL configuration Parameters: - BYOLAMI - BYOLInstanceType - NumberOfBYOLInstances - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: AdminPassword: default: Admin password AdminUser: default: Admin user name DomainDNSName: default: Domain DNS name AutoAllocateHost: default: Automatically allocate host AutoRecoverHost: default: Automatically recover host AutoReleaseHost: default: Automatically release host KeyPairName: default: Key pair name NumberOfBYOLInstances: default: Number of BYOL instances BYOLInstanceType: default: BYOL instance type BYOLAMI: default: BYOL instance AMI HostResourceGroupName: default: Host resource group name LMConfigRuleName: default: LCM config rule name LicenseCountingType: default: License counting type LicenseCount: default: License count LicenseCountHardLimit: default: License count hard limit NumberOfRDGWHosts: default: Number of Remote Desktop Gateway hosts PlatformName: default: Platform name PlatformVersion: default: Platform version AllowedInstanceFamily: default: Allowed instance family PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix QSS3BucketRegion: default: Quick Start S3 bucket Region RDGWInstanceType: default: Remote Desktop Gateway instance type RDGWCIDR: default: Allowed Remote Desktop Gateway external access CIDR VPCCIDR: default: VPC CIDR Parameters: AdminPassword: Description: Password for the administrative account. Must be at least 8 characters containing letters, numbers, and symbols. Type: String MinLength: '8' MaxLength: '32' AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* NoEcho: 'true' AdminUser: Description: User name for the new local administrator account. Type: String Default: StackAdmin MinLength: '5' MaxLength: '25' AllowedPattern: '[a-zA-Z0-9]*' DomainDNSName: Description: Fully qualified domain name (FQDN), such as example.com. Type: String Default: example.com MinLength: '2' MaxLength: '255' AllowedPattern: '[a-zA-Z0-9\-]+\..+' AvailabilityZones: Description: 'List of Availability Zones to use for the subnets in the VPC. The logical order is preserved, and only two Availability Zones are used for this deployment.' Type: List KeyPairName: Description: Public/private key pairs allow you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName NumberOfRDGWHosts: AllowedValues: - '0' - '1' - '2' - '3' - '4' Default: '1' Description: The number of Remote Desktop Gateway hosts to create. If set to 0, the Remote Desktop Gateway Auto Scaling group is not created. Type: String NumberOfBYOLInstances: AllowedValues: - '0' - '1' - '2' - '4' Default: '0' Description: The number of BYOL instances to launch. Type: String PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/19 Description: CIDR block for private subnet 1 located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.32.0/19 Description: CIDR block for private subnet 2 located in Availability Zone 2. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.128.0/20 Description: CIDR Block for the public perimeter zone subnet 1 located in Availability Zone. 1. Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.144.0/20 Description: CIDR Block for the public perimeter zone subnet 2 located in Availability Zone. 2. Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-microsoft-dedicated-host/ Description: S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. Type: String QSS3BucketRegion: Default: 'us-east-1' Description: "Region of staging bucket (BucketName)." Type: String RDGWInstanceType: Description: Amazon EC2 instance type for the Remote Desktop Gateway instances. Type: String Default: t2.large AllowedValues: - t2.large - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - t3a.micro - t3a.small - t3a.medium - t3a.large - t3a.xlarge - t3a.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5a.large - m5a.xlarge - m5a.2xlarge BYOLInstanceType: Description: Amazon EC2 instance type for BYOL instances. Type: String Default: c5.xlarge AllowedValues: - c5.xlarge - c5.2xlarge - r5.xlarge - r5.2xlarge - m5.xlarge - m5.2xlarge BYOLAMI: Default: 'ami-077f1edd46ddb3129' Description: "AMI ID." Type: String RDGWCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x. Description: Allowed CIDR block for external access to the Remote Desktop Gateway instances. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/16 Description: CIDR block for the VPC. Type: String HostResourceGroupName: Default: 'WindowsHost' Description: "The host resource group name." Type: String LMConfigRuleName: Default: 'demorule' Description: "The license configuration rule name." Type: String LicenseCountingType: Default: 'Core' Description: "The license type." AllowedValues: - Core - vCPU Type: String LicenseCount: Default: 100 Description: "The total license count." Type: Number LicenseCountHardLimit: Default: 'true' Description: "Specify whether a hard limit exists for the license count." AllowedValues: - true - false Type: String PlatformName: Default: windows-server-datacenter Description: "The platform name." AllowedValues: - windows-server-datacenter Type: String PlatformVersion: Default: '2016' Description: "The platform version." AllowedValues: - '2016' - '2012' - '2008' - '2008 R2' Type: String AllowedInstanceFamily: Default: 'c5' Description: "The allowed instance family." AllowedValues: - c5 - r5 - m5 Type: String AutoAllocateHost: Default: 'true' Description: "Specify whether to automatically allocate the host." AllowedValues: - true - false Type: String AutoRecoverHost: Default: 'true' Description: "Specify whether to automatically recover the host." AllowedValues: - true - false Type: String AutoReleaseHost: Default: 'true' Description: "Specify whether to automatically release the host." AllowedValues: - true - false Type: String Rules: ValidC5InstanceType: RuleCondition: !Equals - !Ref AllowedInstanceFamily - c5 Assertions: - Assert: !Or - !Equals [!Ref BYOLInstanceType, 'c5.xlarge'] - !Equals [!Ref BYOLInstanceType, 'c5.2xlarge'] AssertDescription: "Instance type must match instance family." ValidR5InstanceType: RuleCondition: !Equals - !Ref AllowedInstanceFamily - r5 Assertions: - Assert: !Or - !Equals [!Ref BYOLInstanceType, 'r5.xlarge'] - !Equals [!Ref BYOLInstanceType, 'r5.2xlarge'] AssertDescription: "Instance type must match instance family." ValidM5InstanceType: RuleCondition: !Equals - !Ref AllowedInstanceFamily - m5 Assertions: - Assert: !Or - !Equals [!Ref BYOLInstanceType, 'm5.xlarge'] - !Equals [!Ref BYOLInstanceType, 'm5.2xlarge'] AssertDescription: "Instance type must match instance family" Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] IncludeRDGW: !Not - !Equals - !Ref NumberOfRDGWHosts - '0' Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If [UsingDefaultBucket, !Sub '${AWS::Region}', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' VPCCIDR: !Ref 'VPCCIDR' LMStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/licensemanager.template.yaml' - S3Region: !If [UsingDefaultBucket, !Sub '${AWS::Region}', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: LMConfigRuleName: !Ref 'LMConfigRuleName' LicenseCountingType: !Ref 'LicenseCountingType' LicenseCount: !Ref 'LicenseCount' LicenseCountHardLimit: !Ref 'LicenseCountHardLimit' HostResourceGroupName: !Ref 'HostResourceGroupName' AllowedInstanceFamily: !Ref 'AllowedInstanceFamily' AutoAllocateHost: !Ref 'AutoAllocateHost' AutoRecoverHost: !Ref 'AutoRecoverHost' AutoReleaseHost: !Ref 'AutoReleaseHost' PlatformName: !Ref 'PlatformName' PlatformVersion: !Ref 'PlatformVersion' DHStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/dedicatedhost.template.yaml' - S3Region: !If [UsingDefaultBucket, !Sub '${AWS::Region}', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AdminPassword: !Ref 'AdminPassword' NumberOfBYOLInstances: !Ref 'NumberOfBYOLInstances' QSS3BucketName: !Ref 'QSS3BucketName' QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' QSS3BucketRegion: !Ref QSS3BucketRegion LicenseArn: !GetAtt 'LMStack.Outputs.LicenseArn' GroupArn: !GetAtt 'LMStack.Outputs.GroupArn' PrivateSubnet1AID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2AID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' BYOLAMI: !Ref 'BYOLAMI' BYOLInstanceType: !Ref 'BYOLInstanceType' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' VPCCIDR: !Ref 'VPCCIDR' RDGWStack: Condition: IncludeRDGW Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/templates/rdgw-standalone.template' - S3Region: !If [UsingDefaultBucket, !Sub '${AWS::Region}', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AdminUser: !Ref 'AdminUser' AdminPassword: !Ref 'AdminPassword' DomainDNSName: !Ref 'DomainDNSName' KeyPairName: !Ref 'KeyPairName' NumberOfRDGWHosts: !Ref 'NumberOfRDGWHosts' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/' RDGWInstanceType: !Ref 'RDGWInstanceType' RDGWCIDR: !Ref 'RDGWCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID'