AWSTemplateFormatVersion: '2010-09-09' Description: >- This template creates a VPC infrastructure for a multi-AZ, multi-tier deployment of a Windows based Application infrastructure. It will deploy a Remote Desktop Gateway and managed NAT gateways into the public subnet for each Availability Zone. **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1qup6rafe) Metadata: QuickStartDocumentation: EntrypointName: "Parameters for deploying into a new VPC" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network configuration Parameters: - AvailabilityZones - VPCTenancy - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - RDGWCIDR - Label: default: Amazon EC2 configuration Parameters: - KeyPairName - RDGWInstanceType - Label: default: Microsoft Remote Desktop Gateway configuration Parameters: - NumberOfRDGWHosts - AdminUser - AdminPassword - SetupAppInsightsMonitoring - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: AvailabilityZones: default: Availability Zones AdminPassword: default: Admin password AdminUser: default: Admin user name KeyPairName: default: Key pair name NumberOfRDGWHosts: default: Number of RDGW hosts PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix QSS3BucketRegion: default: Quick Start S3 bucket Region RDGWInstanceType: default: Remote Desktop Gateway instance type RDGWCIDR: default: Allowed Remote Desktop Gateway external access CIDR SetupAppInsightsMonitoring: default: Setup Application Insights Monitoring VPCCIDR: default: VPC CIDR VPCTenancy: default: VPC tenancy Parameters: AdminPassword: Description: Password for the administrative account. Must be at least 8 characters containing letters, numbers and symbols. Type: String MinLength: '8' MaxLength: '32' AllowedPattern: '(?=^.{8,32}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*' NoEcho: 'true' AdminUser: Description: User name for the new local administrator account. Type: String Default: StackAdmin MinLength: '5' MaxLength: '25' AllowedPattern: '^[a-zA-Z0-9]+$' AvailabilityZones: Description: 'List of Availability Zones (AZs) to use for the subnets in the VPC. Note: The logical order is preserved and only 2 AZs are used for this deployment.' Type: List KeyPairName: Description: Public/private key pairs allow you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName NumberOfRDGWHosts: AllowedValues: - '1' - '2' - '3' - '4' Default: '1' Description: Enter the number of Remote Desktop Gateway hosts to create. Type: String PrivateSubnet1CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/19 Description: CIDR block for private subnet 1 located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.32.0/19 Description: CIDR block for private subnet 2 located in Availability Zone 2. Type: String PublicSubnet1CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.128.0/20 Description: CIDR Block for the public DMZ subnet 1 located in Availability Zone 1. Type: String PublicSubnet2CIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.144.0/20 Description: CIDR Block for the public DMZ subnet 2 located in Availability Zone 2. Type: String QSS3BucketName: AllowedPattern: '^[a-z0-9]+[a-z0-9\.\-]*[a-z0-9]+$' ConstraintDescription: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. MinLength: '3' MaxLength: '63' Type: String QSS3KeyPrefix: AllowedPattern: '^[a-zA-Z0-9\-\/]+$' ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-microsoft-rdgateway/ Description: S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. Type: String QSS3BucketRegion: AllowedPattern: '^[a-z]+\-[a-z\-]+\-[0-9]{1}$' Default: 'us-east-1' Description: "Region of staging bucket (BucketName)." Type: String RDGWInstanceType: Description: Amazon EC2 instance type for the Remote Desktop Gateway instances. Type: String Default: t3.2xlarge AllowedValues: - t2.large - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - t3a.micro - t3a.small - t3a.medium - t3a.large - t3a.xlarge - t3a.2xlarge - m5.large - m5.xlarge - m5.2xlarge - m5a.large - m5a.xlarge - m5a.2xlarge RDGWCIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x. Description: Allowed CIDR block for external access to the Remote Desktop Gateways. Type: String SetupAppInsightsMonitoring: AllowedValues: - 'true' - 'false' Default: 'false' Description: Setup Application Insights monitoring for RDGW resources. Type: String VPCCIDR: AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$' ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/16 Description: CIDR block for the VPC. Type: String VPCTenancy: AllowedValues: - default - dedicated Default: default Description: The allowed tenancy of instances launched into the VPC. Type: String Rules: CheckSupportedInstances: RuleCondition: !Not - !Not - !Contains - - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.large - !Ref 'RDGWInstanceType' Assertions: - Assert: !Not - !Contains - - eu-west-3 - !Ref 'AWS::Region' AssertDescription: M4 instances are not available in the Paris region. Conditions: AppInsightsEnabled: !Equals [!Ref SetupAppInsightsMonitoring, true] UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If [UsingDefaultBucket, !Sub '${AWS::Region}', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' VPCCIDR: !Ref 'VPCCIDR' VPCTenancy: !Ref 'VPCTenancy' RDGWStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/rdgw-standalone.template' - S3Region: !If [UsingDefaultBucket, !Sub '${AWS::Region}', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AdminPassword: !Ref 'AdminPassword' AdminUser: !Ref 'AdminUser' AppInsightsApplicationName: !If [AppInsightsEnabled, !Sub "ApplicationInsights-${AWS::StackName}", !Ref AWS::NoValue] KeyPairName: !Ref 'KeyPairName' NumberOfRDGWHosts: !Ref 'NumberOfRDGWHosts' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' QSS3BucketRegion: !Ref QSS3BucketRegion RDGWInstanceType: !Ref 'RDGWInstanceType' RDGWCIDR: !Ref 'RDGWCIDR' SetupAppInsightsMonitoring: !Ref SetupAppInsightsMonitoring VPCID: !GetAtt 'VPCStack.Outputs.VPCID'