--- AWSTemplateFormatVersion: '2010-09-09' Description: This template deploys two Windows Server Failover Clustering (Exchange) and Exchange Server 2016 or 2019. This template also deploys the required AD architecture outlined in "Implementing Active Directory Domain Services in the AWS Cloud" **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1qup6raep) Metadata: cfn-lint: config: ignore_checks: - W9006 - W9901 QuickStartDocumentation: EntrypointName: "Launch into a new VPC" Order: "1" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network Configuration Parameters: - AvailabilityZones - NumberOfAZs - ThirdAZ - VPCCIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PublicSubnet3CIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PrivateSubnet3CIDR - Label: default: Amazon EC2 Configuration Parameters: - KeyPairName - Label: default: Microsoft Active Directory Configuration Parameters: - DomainDNSName - DomainNetBIOSName - DomainAdminUser - DomainAdminPassword - ADServer1InstanceType - ADServer1NetBIOSName - ADServer1PrivateIP - ADServer2InstanceType - ADServer2NetBIOSName - ADServer2PrivateIP - Label: default: Remote Desktop Gateway Configuration Parameters: - RDGWCIDR - RDGWInstanceType - NumberOfRDGWHosts - Label: default: Exchange Server Configuration Parameters: - EnableBackups - ExchangeServerVersion - IncludeEdgeTransportRole - EdgeInstanceType - EdgeNode1NetBIOSName - EdgeNode1PrivateIP1 - EdgeNode2NetBIOSName - EdgeNode2PrivateIP1 - EnableReFSVolumes - EncryptDataVolumes - EncryptionKmsKey - SetupAppInsightsMonitoring - VolumeIops - VolumeSize - VolumeType - Label: default: Load Balancer Configuration Parameters: - DeployLoadBalancer - CertificateArn - Label: default: Failover Cluster Configuration Parameters: - ExchangeNodeInstanceType - ExchangeNode1NetBIOSName - ExchangeNode1PrivateIP1 - ExchangeNode1PrivateIP2 - ExchangeNode2NetBIOSName - ExchangeNode2PrivateIP1 - ExchangeNode2PrivateIP2 - ExchangeNode3NetBIOSName - ExchangeNode3PrivateIP1 - ExchangeNode3PrivateIP2 - FileServerInstanceType - FileServerNetBIOSName - FileServerPrivateIP - Label: default: AWS Quick Start Configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: ADServer1InstanceType: default: Domain Controller 1 instance type ADServer1NetBIOSName: default: Domain Controller 1 NetBIOS name ADServer1PrivateIP: default: Domain Controller 1 private IP address ADServer2InstanceType: default: Domain Controller 2 instance type ADServer2NetBIOSName: default: Domain Controller 2 NetBIOS name ADServer2PrivateIP: default: Domain Controller 2 private IP address AvailabilityZones: default: Availability Zones CertificateArn: default: Network Load Balancer Certificate DeployLoadBalancer: default: Deploy Network Load Balancer DomainAdminPassword: default: Domain Admin password DomainAdminUser: default: Domain Admin user name DomainDNSName: default: Domain DNS name DomainNetBIOSName: default: Domain NetBIOS name EnableBackups: default: Enable AWS Backups EdgeInstanceType: default: Edge Role instance type EdgeNode1NetBIOSName: default: Edge Node 1 NetBIOS name EdgeNode1PrivateIP1: default: Edge Node 1 private IP address EdgeNode2NetBIOSName: default: Edge Node 2 NetBIOS name EdgeNode2PrivateIP1: default: Edge Node 2 private IP address EnableReFSVolumes: default: Enable or disable ReFS EncryptDataVolumes: default: Encrypt data volumes EncryptionKmsKey: default: KMS key to encrypt volumes ExchangeServerVersion: default: Exchange Server version ExchangeNode1NetBIOSName: default: Exchange Node 1 NetBIOS name ExchangeNode1PrivateIP1: default: Exchange Node 1 private IP address 1 ExchangeNode1PrivateIP2: default: Exchange Node 1 private IP address 2 ExchangeNode2NetBIOSName: default: Exchange Node 2 NetBIOS name ExchangeNode2PrivateIP1: default: Exchange Node 2 private IP address 1 ExchangeNode2PrivateIP2: default: Exchange Node 2 private IP address 2 ExchangeNode3NetBIOSName: default: Exchange Node 3 NetBIOS name ExchangeNode3PrivateIP1: default: Exchange Node 3 private IP address 1 ExchangeNode3PrivateIP2: default: Exchange Node 3 private IP address 2 ExchangeNodeInstanceType: default: Instance type for Exchange nodes FileServerInstanceType: default: File Server instance type FileServerNetBIOSName: default: File Server NetBIOS name FileServerPrivateIP: default: File Server private IP address IncludeEdgeTransportRole: default: Deploy Edge servers KeyPairName: default: Key pair name NumberOfRDGWHosts: default: Number of RDGW Hosts NumberOfAZs: default: Number of Availability Zones PrivateSubnet1CIDR: default: Private Subnet 1 CIDR PrivateSubnet2CIDR: default: Private Subnet 2 CIDR PrivateSubnet3CIDR: default: Private Subnet 3 CIDR PublicSubnet1CIDR: default: Public Subnet 1 CIDR PublicSubnet2CIDR: default: Public Subnet 2 CIDR PublicSubnet3CIDR: default: Public Subnet 3 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 key prefix RDGWInstanceType: default: Remote Desktop Gateway instance type RDGWCIDR: default: Allowed Remote Desktop Gateway external access CIDR SetupAppInsightsMonitoring: default: Setup Application Insights Monitoring ThirdAZ: default: Third Availability Zone VolumeIops: default: Exchange Server volume IOPS VolumeSize: default: Exchange Server volume size (GiB) VolumeType: default: Exchange Server volume type VPCCIDR: default: VPC CIDR Parameters: ADServer1InstanceType: AllowedValues: - t3.medium - t3.large - t3.xlarge - t3.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: m5.xlarge Description: The Amazon EC2 instance type for the first Active Directory instance. Type: String ADServer1NetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: DC1 Description: The NetBIOS name of the first Active Directory server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ADServer1PrivateIP: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.0.10 Description: The private IP for the first Active Directory server located in Availability Zone 1. Type: String ADServer2InstanceType: AllowedValues: - t3.medium - t3.large - t3.xlarge - t3.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: m5.xlarge Description: The Amazon EC2 instance type for the second Active Directory instance. Type: String ADServer2NetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: DC2 Description: The NetBIOS name of the second Active Directory server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ADServer2PrivateIP: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.32.10 Description: The private IP for the second Active Directory server located in Availability Zone 2. Type: String AvailabilityZones: Description: 'List of Availability Zones to use for the subnets in the VPC. Note: You must specify two Availability Zones, unless you specify the Third AZ parameter. In this case, you must specify three Availability Zones. The Quick Start preserves the logical order you specify.' Type: List CertificateArn: AllowedPattern: '^(arn:[\w+=\/,.@-]+:[\w+=\/,.@-]+:[\w+=\/,.@-]*:[0-9]+:[\w+=,.@-]+(\/[\w+=,.@-]+)*)?$' Default: '' Description: (Conditional) If 'true' was chosen in Deploy Network Load Balancer option, specify the Certificate arn to be used by load balancer in arn:aws:acm:[REGION]:[ACCOUNTNUMBER]:certificate/[GUID] format. MaxLength: '90' Type: String DomainAdminPassword: AllowedPattern: '(?=^.{8,32}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*' Description: The password for the domain admin user. Must be at least 8 characters containing letters, numbers and symbols. MaxLength: '32' MinLength: '8' NoEcho: 'true' Type: String DomainAdminUser: AllowedPattern: '^[a-zA-Z0-9]+$' Default: StackAdmin Description: The user name for the account that will be added as Domain Administrator. This is separate from the default Administrator account. MaxLength: '25' MinLength: '5' Type: String DomainDNSName: AllowedPattern: '^[a-zA-Z0-9]+[a-zA-Z0-9\-]*\.[a-zA-Z0-9]+$' Default: example.com Description: The fully qualified domain name (FQDN) of the forest root domain e.g. example.com. MaxLength: '25' MinLength: '3' Type: String DomainNetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: example Description: The NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Windows e.g. EXAMPLE. MaxLength: '15' MinLength: '1' Type: String DeployLoadBalancer: AllowedValues: - 'false' - 'true' Default: 'false' Description: Choose true to deploy a Network Load Balancer (NLB). Type: String EdgeInstanceType: Description: The Amazon EC2 instance type for the Exchange Edge Transport servers. Type: String Default: m5.large AllowedValues: - t3.large - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge ConstraintDescription: Select a general purpose instance type EdgeNode1NetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: EdgeNode1 Description: The NetBIOS name of the first Edge server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String EdgeNode1PrivateIP1: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.128.12 Description: The primary private IP for the first Edge server located in Availability Zone 1. Type: String EdgeNode2NetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: EdgeNode2 Description: The NetBIOS name of the second Edge server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String EdgeNode2PrivateIP1: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.144.12 Description: The primary private IP for the second Edge server located in Availability Zone 1. Type: String EncryptDataVolumes: AllowedValues: - 'false' - 'true' Default: 'false' Description: Choose true to encrypt the data and log volumes on Exchange nodes. Type: String EnableReFSVolumes: AllowedValues: - 'false' - 'true' Default: 'true' Description: Choose false to format the data and log volumes on Exchange nodes using NTFS instead of ReFS. Type: String EnableBackups: AllowedValues: - 'yes' - 'no' Default: 'yes' Description: Creates a default daily/weekly backup schedule using AWS Backup Type: String EncryptionKmsKey: AllowedPattern: '^(arn:[\w+=\/,.@-]+:[\w+=\/,.@-]+:[\w+=\/,.@-]*:[0-9]+:[\w+=,.@-]+(\/[\w+=,.@-]+)*)?$' Default: '' Description: (Optional) Specify the KMS encryption arn in format arn:aws:kms:[REGION]:[ACCOUNTNUMBER]:key/[GUID]. Leave blank to use default EBS encryption key. MaxLength: '90' Type: String ExchangeNode1NetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: ExchangeNode1 Description: The NetBIOS name of the first Exchange node (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ExchangeNode1PrivateIP1: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.0.100 Description: The primary private IP for Exchange node 1. Type: String ExchangeNode1PrivateIP2: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.0.101 Description: The secondary private IP for Exchange node 1. Type: String ExchangeNode2NetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: ExchangeNode2 Description: The NetBIOS name of the second Exchange node (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ExchangeNode2PrivateIP1: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.32.100 Description: The primary private IP for Exchange node 2. Type: String ExchangeNode2PrivateIP2: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.32.101 Description: The secondary private IP for Exchange node 2. Type: String ExchangeNode3NetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: ExchangeNode3 Description: (Optional) The NetBIOS name of the third Exchange node (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ExchangeNode3PrivateIP1: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.64.100 Description: (Optional) The primary private IP for the Exchange node 3. Type: String ExchangeNode3PrivateIP2: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.64.101 Description: (Optional) The secondary private IP for the Exchange node 3. Type: String ExchangeNodeInstanceType: AllowedValues: - m5.xlarge - r4.xlarge - r4.2xlarge - r4.4xlarge - r4.8xlarge - r5.xlarge - r5.2xlarge - r5.4xlarge - r5.8xlarge ConstraintDescription: Only EBS Optimized instance types r4.*, r5.* allowed Default: r5.xlarge Description: The Amazon EC2 instance type for the Exchange nodes. Type: String ExchangeServerVersion: AllowedValues: - '2016' - '2019' Default: '2019' Description: Version of Exchange Server to install. Options include either "2016" or "2019". Type: String FileServerInstanceType: Default: t3.small AllowedValues: - t3.small - t3.large - m5.xlarge Description: The Amazon EC2 instance type for the file-share witness server. Type: String FileServerNetBIOSName: AllowedPattern: '^[a-zA-Z0-9]+$' Default: FileServer Description: The NetBIOS name of the file-share witness server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String FileServerPrivateIP: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' Default: 10.0.0.200 Description: The primary private IP for the file-share witness server. Type: String IncludeEdgeTransportRole: AllowedValues: - 'yes' - 'no' Default: 'no' Description: Choose yes to deploy Exchange Edge Transport servers in the public subnets. Type: String KeyPairName: Description: Public/private key pairs allow you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName NumberOfRDGWHosts: AllowedValues: - '0' - '1' - '2' - '3' - '4' Default: '0' Description: The number of Remote Desktop Gateway hosts to create. Type: String NumberOfAZs: AllowedValues: - "2" - "3" Default: "2" Description: Number of Availability Zones to use in the VPC. This must match your selections in the list of Availability Zones parameter. Type: String PrivateSubnet1CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' Default: 10.0.0.0/19 Description: CIDR Block for private subnet 1 located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' Default: 10.0.32.0/19 Description: CIDR Block for private subnet 2 located in Availability Zone 2. Type: String PrivateSubnet3CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' Default: 10.0.64.0/19 Description: (Optional) CIDR Block for private subnet 3 located in Availability Zone 3. Type: String PublicSubnet1CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' Default: 10.0.128.0/20 Description: CIDR Block for the public DMZ subnet 1 located in Availability Zone 1. Type: String PublicSubnet2CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' Default: 10.0.144.0/20 Description: CIDR Block for the public DMZ subnet 2 located in Availability Zone 2. Type: String PublicSubnet3CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' Default: 10.0.160.0/20 Description: (Optional) CIDR Block for the public DMZ subnet 3 located in Availability Zone 3. Type: String QSS3BucketName: AllowedPattern: '^[a-z0-9]+[a-z0-9\.\-]*[a-z0-9]+$' ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: The S3 bucket you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen. Type: String QSS3BucketRegion: AllowedPattern: '^[a-z]+\-[a-z\-]+\-[0-9]{1}$' Default: us-east-1 Description: The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value. Type: String QSS3KeyPrefix: AllowedPattern: '^[a-zA-Z0-9\-\/]+$' ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-microsoft-exchange/ Description: The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes, but should not start or end with a forward slash (which is automatically added). Type: String RDGWCIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: The allowed CIDR Block for external access to the Remote Desktop Gateways. Type: String RDGWInstanceType: AllowedValues: - t2.small - t2.medium - t2.large - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - t3a.micro - t3a.small - t3a.medium - t3a.large - t3a.xlarge - t3a.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5a.large - m5a.xlarge - m5a.2xlarge Default: t3.large Description: The Amazon EC2 instance type for the Remote Desktop Gateway instances. Type: String SetupAppInsightsMonitoring: AllowedValues: - 'true' - 'false' Default: 'false' Description: Setup Application Insights monitoring for Exchange resources. Type: String ThirdAZ: AllowedValues: - 'no' - witness - full Default: 'no' Description: Enable a 3 AZ deployment, the 3rd AZ can either be used just for the witness, or can be a full Exchange node. Note that if witness is chosen, the WFC File Server Private IP Address parameter must be set to an IP in the 3rd subnet range. Type: String VPCCIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR Block for the VPC. Type: String VolumeIops: Default: '3000' Description: The provisioned IOPS for the Exchange Data and Logs volumes. This parameter is only applicable when Exchange Server Volume Type is set to "gp3". MaxValue: '16000' MinValue: '3000' Type: Number VolumeSize: Default: '500' Description: The volume size for the Exchange Data and Logs volumes. MaxValue: '16000' MinValue: '125' Type: Number VolumeType: AllowedValues: - gp3 - st1 Default: gp3 Description: The volume type for the Exchange Data and Logs volumes. Type: String Conditions: IsTwoAz: !Equals - !Ref 'ThirdAZ' - 'no' IncludeRDGW: !Not - !Equals - !Ref NumberOfRDGWHosts - '0' UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] AppInsightsEnabled: !Equals [!Ref SetupAppInsightsMonitoring, true] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' NumberOfAZs: !Ref NumberOfAZs PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' PrivateSubnet3ACIDR: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'PrivateSubnet3CIDR' PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' PublicSubnet3CIDR: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'PublicSubnet3CIDR' VPCCIDR: !Ref 'VPCCIDR' ADStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-activedirectory/templates/ad-1.template' - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: ADServer1InstanceType: !Ref 'ADServer1InstanceType' ADServer1NetBIOSName: !Ref 'ADServer1NetBIOSName' ADServer1PrivateIP: !Ref 'ADServer1PrivateIP' ADServer2InstanceType: !Ref 'ADServer2InstanceType' ADServer2NetBIOSName: !Ref 'ADServer2NetBIOSName' ADServer2PrivateIP: !Ref 'ADServer2PrivateIP' DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-microsoft-activedirectory/' VPCCIDR: !Ref 'VPCCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' RDGWStack: Type: AWS::CloudFormation::Stack Condition: IncludeRDGW Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/templates/rdgw-domain.template' - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainMemberSGID: !GetAtt 'ADStack.Outputs.DomainMemberSGID' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' NumberOfRDGWHosts: !Ref 'NumberOfRDGWHosts' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/' RDGWInstanceType: !Ref 'RDGWInstanceType' RDGWCIDR: !Ref 'RDGWCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' ExchangeStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/exchange.template.yaml' - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: ADServer1NetBIOSName: !Ref 'ADServer1NetBIOSName' ADServer1PrivateIP: !Ref 'ADServer1PrivateIP' ADServer2NetBIOSName: !Ref 'ADServer2NetBIOSName' AppInsightsApplicationName: !If [AppInsightsEnabled, !Sub "ApplicationInsights-${AWS::StackName}", !Ref AWS::NoValue] CertificateArn: !Ref 'CertificateArn' DeployLoadBalancer: !Ref 'DeployLoadBalancer' DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainMemberSGID: !GetAtt 'ADStack.Outputs.DomainMemberSGID' DomainNetBIOSName: !Ref 'DomainNetBIOSName' EdgeInstanceType: !Ref 'EdgeInstanceType' EdgeNode1NetBIOSName: !Ref 'EdgeNode1NetBIOSName' EdgeNode1PrivateIP1: !Ref 'EdgeNode1PrivateIP1' EdgeNode2NetBIOSName: !Ref 'EdgeNode2NetBIOSName' EdgeNode2PrivateIP1: !Ref 'EdgeNode2PrivateIP1' EnableBackups: !Ref 'EnableBackups' EncryptionKmsKey: !Ref 'EncryptionKmsKey' ExchangeServerVersion: !Ref 'ExchangeServerVersion' EnableReFSVolumes: !Ref 'EnableReFSVolumes' EncryptDataVolumes: !Ref 'EncryptDataVolumes' FileServerInstanceType: !Ref 'FileServerInstanceType' FileServerPrivateIP: !Ref 'FileServerPrivateIP' FileServerNetBIOSName: !Ref 'FileServerNetBIOSName' IncludeEdgeTransportRole: !Ref 'IncludeEdgeTransportRole' KeyPairName: !Ref 'KeyPairName' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet1CIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' PrivateSubnet2CIDR: !Ref 'PrivateSubnet2CIDR' PrivateSubnet3ID: !If - IsTwoAz - !Ref 'AWS::NoValue' - !GetAtt 'VPCStack.Outputs.PrivateSubnet3AID' PrivateSubnet3CIDR: !Ref 'PrivateSubnet3CIDR' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' ThirdAZ: !Ref 'ThirdAZ' SetupAppInsightsMonitoring: !Ref SetupAppInsightsMonitoring VPCID: !GetAtt 'VPCStack.Outputs.VPCID' VPCCidrBlock: !GetAtt 'VPCStack.Outputs.VPCCIDR' VolumeSize: !Ref 'VolumeSize' VolumeType: !Ref 'VolumeType' VolumeIops: !Ref 'VolumeIops' ExchangeNodeInstanceType: !Ref 'ExchangeNodeInstanceType' ExchangeNode1NetBIOSName: !Ref 'ExchangeNode1NetBIOSName' ExchangeNode1PrivateIP1: !Ref 'ExchangeNode1PrivateIP1' ExchangeNode1PrivateIP2: !Ref 'ExchangeNode1PrivateIP2' ExchangeNode2NetBIOSName: !Ref 'ExchangeNode2NetBIOSName' ExchangeNode2PrivateIP1: !Ref 'ExchangeNode2PrivateIP1' ExchangeNode2PrivateIP2: !Ref 'ExchangeNode2PrivateIP2' ExchangeNode3NetBIOSName: !Ref 'ExchangeNode3NetBIOSName' ExchangeNode3PrivateIP1: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'ExchangeNode3PrivateIP1' ExchangeNode3PrivateIP2: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'ExchangeNode3PrivateIP2'