AWSTemplateFormatVersion: '2010-09-09' Description: >- This template deploys two Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Group nodes. This template also deploys the require AD architecture outlined in "Implementing Active Directory Domain Services in the AWS Cloud" **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1tsaami1d) Metadata: cfn-lint: config: ignore_checks: - W9002 - W9003 - W9006 - E0002 - E9007 Parameters: KeyPairName: Description: Public/private key pairs allow you to securely connect to your instance after it launches Type: AWS::EC2::KeyPair::KeyName ADInstanceType: Description: Amazon EC2 instance type for the first Active Directory Instance Type: String Default: m4.xlarge AllowedValues: - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge AD2InstanceType: Description: Amazon EC2 instance type for the second Active Directory Instance Type: String Default: m4.xlarge AllowedValues: - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge NATInstanceType: Description: Amazon EC2 instance type for the NAT Instances Type: String Default: t2.small AllowedValues: - t2.small - t2.medium RDGWInstanceType: Description: Amazon EC2 instance type for the Remote Desktop Gatweway Instance Type: String Default: m5.xlarge AllowedValues: - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge WSFCNode1InstanceType: Description: Amazon EC2 instance type for the 1st WSFC Node Type: String Default: r3.2xlarge AllowedValues: - r3.xlarge - r3.2xlarge - r3.4xlarge ConstraintDescription: Only EBS Optimized instance types r3.xlarge, r3.2xlarge, r3.4xlarge allowed WSFCNode2InstanceType: Description: Amazon EC2 instance type for the 1st WSFC Node Type: String Default: r3.2xlarge AllowedValues: - r3.xlarge - r3.2xlarge - r3.4xlarge ConstraintDescription: Only EBS Optimized instance types r3.xlarge, r3.2xlarge, r3.4xlarge allowed DomainDNSName: Description: Fully qualified domain name (FQDN) of the forest root domain e.g. example.com Type: String Default: example.com MinLength: '3' MaxLength: '25' AllowedPattern: '[a-zA-Z0-9\-]+\..+' DomainNetBIOSName: Description: NetBIOS name of the domain (upto 15 characters) for users of earlier versions of Windows e.g. EXAMPLE Type: String Default: example MinLength: '1' MaxLength: '15' AllowedPattern: '[a-zA-Z0-9\-]+' ADServerNetBIOSName1: Description: NetBIOS name of the 1st AD Server (upto 15 characters) Type: String Default: DC1 MinLength: '1' MaxLength: '15' AllowedPattern: '[a-zA-Z0-9\-]+' ADServerNetBIOSName2: Description: NetBIOS name of the 2nd AD Server (upto 15 characters) Type: String Default: DC2 MinLength: '1' MaxLength: '15' AllowedPattern: '[a-zA-Z0-9\-]+' WSFCNode1NetBIOSName: Description: NetBIOS name of the 1st WSFC Node (up to 15 characters) Type: String Default: WSFCNode1 MinLength: '1' MaxLength: '15' AllowedPattern: '[a-zA-Z0-9\-]+' WSFCNode2NetBIOSName: Description: NetBIOS name of the 2nd WSFC Node (up to 15 characters) Type: String Default: WSFCNode2 MinLength: '1' MaxLength: '15' AllowedPattern: '[a-zA-Z0-9\-]+' RestoreModePassword: Description: Password for a separate Administrator account when the domain controller is in Restore Mode. Must be at least 8 characters containing letters, numbers and symbols Type: String MinLength: '8' MaxLength: '32' AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* NoEcho: 'True' DomainAdminUser: Description: User name for the account that will be added as Domain Administrator. This is separate from the default "Administrator" account Type: String Default: StackAdmin MinLength: '5' MaxLength: '25' AllowedPattern: '[a-zA-Z0-9]*' DomainAdminPassword: Description: Password for the domain admin user. Must be at least 8 characters containing letters, numbers and symbols Type: String MinLength: '8' MaxLength: '32' AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* NoEcho: 'true' SQLServiceAccount: Description: User name for the SQL Server Service Account. This Account is a Domain User. Type: String Default: sqlsa MinLength: '5' MaxLength: '25' AllowedPattern: '[a-zA-Z0-9]*' SQLServiceAccountPassword: Description: Password for the SQL Service account. Must be at least 8 characters containing letters, numbers and symbols Type: String MinLength: '8' MaxLength: '32' AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* NoEcho: 'true' UserCount: Description: Total number of test user accounts to create in Active Directory Type: Number Default: '25' DMZ1CIDR: Description: CIDR Block for the Public DMZ Subnet located in AZ1 Type: String Default: 10.0.32.0/20 AllowedPattern: '[a-zA-Z0-9]+\..+' DMZ2CIDR: Description: CIDR Block for the Public DMZ Subnet located in AZ2 Type: String Default: 10.0.96.0/20 AllowedPattern: '[a-zA-Z0-9]+\..+' PrivSub1CIDR: Description: CIDR block for the AD Server tier located in AZ1. Type: String Default: 10.0.0.0/19 AllowedPattern: '[a-zA-Z0-9]+\..+' PrivSub2CIDR: Description: CIDR block for the AD Server tier located in AZ2. Type: String Default: 10.0.64.0/19 AllowedPattern: '[a-zA-Z0-9]+\..+' VPCCIDR: Description: CIDR Block for the VPC Type: String Default: 10.0.0.0/16 AllowedPattern: '[a-zA-Z0-9]+\..+' AD1PrivateIp: Description: Fixed private IP for the first Active Directory server located in AZ1 Type: String Default: 10.0.0.10 AD2PrivateIp: Description: Fixed private IP for the second Active Directory serverr located in AZ2 Type: String Default: 10.0.64.10 WSFCNode1PrivateIp: Description: Primary private IP for the 1st WSFC Node located in AZ1 Type: String Default: 10.0.0.100 WSFCNode1PrivateIp2: Description: Secondary private IP for WSFC cluster on 1st WSFC Node Type: String Default: 10.0.0.101 WSFCNode1PrivateIp3: Description: Third private IP for Availability Group Listner on 1st WSFC Node Type: String Default: 10.0.0.102 WSFCNode2PrivateIp: Description: Primary private IP for the 2nd WSFC Node located in AZ2 Type: String Default: 10.0.64.100 WSFCNode2PrivateIp2: Description: Secondary private IP for WSFC cluster on 2nd WSFC Node Type: String Default: 10.0.64.101 WSFCNode2PrivateIp3: Description: Third private IP for Availability Group Listner on 2nd WSFC Node Type: String Default: 10.0.64.102 SQLServerVersion: Description: Version of SQL Server to install on WSFC Nodes. Options include either "2014" or "2012" Type: String AllowedValues: - '2014' - '2012' Default: '2014' Resources: ADStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: https://s3.amazonaws.com/aws-quickstart/quickstart-microsoft-activedirectory/templates/Template_1_AD_2012.template Parameters: AD1PrivateIp: !Ref 'AD1PrivateIp' AD2InstanceType: !Ref 'AD2InstanceType' AD2PrivateIp: !Ref 'AD2PrivateIp' ADInstanceType: !Ref 'ADInstanceType' ADServerNetBIOSName1: !Ref 'ADServerNetBIOSName1' ADServerNetBIOSName2: !Ref 'ADServerNetBIOSName2' DMZ1CIDR: !Ref 'DMZ1CIDR' DMZ2CIDR: !Ref 'DMZ2CIDR' DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' NATInstanceType: !Ref 'NATInstanceType' PrivSub1CIDR: !Ref 'PrivSub1CIDR' PrivSub2CIDR: !Ref 'PrivSub2CIDR' RDGWInstanceType: !Ref 'RDGWInstanceType' RestoreModePassword: !Ref 'RestoreModePassword' UserCount: !Ref 'UserCount' VPCCIDR: !Ref 'VPCCIDR' SQLStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: https://s3.amazonaws.com/aws-quickstart/quickstart-microsoft-sql/templates/Template_1_SQL_AlwaysOn.template Parameters: ADServer1PrivateIp: !Ref 'AD1PrivateIp' ADServer2PrivateIp: !Ref 'AD2PrivateIp' ADServerNetBIOSName1: !Ref 'ADServerNetBIOSName1' ADServerNetBIOSName2: !Ref 'ADServerNetBIOSName2' SQLServerVersion: !Ref 'SQLServerVersion' DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainMemberSGID: !GetAtt 'ADStack.Outputs.DomainMemberSGID' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' SQLServiceAccount: !Ref 'SQLServiceAccount' SQLServiceAccountPassword: !Ref 'SQLServiceAccountPassword' VPC: !GetAtt 'ADStack.Outputs.VPC' PrivSub1CIDR: !Ref 'PrivSub1CIDR' WSFCNode1InstanceType: !Ref 'WSFCNode1InstanceType' WSFCNode1NetBIOSName: !Ref 'WSFCNode1NetBIOSName' WSFCNode1PrivateIp: !Ref 'WSFCNode1PrivateIp' WSFCNode1PrivateIp2: !Ref 'WSFCNode1PrivateIp2' WSFCNode1PrivateIp3: !Ref 'WSFCNode1PrivateIp3' PrivateSubnet1Id: !GetAtt 'ADStack.Outputs.PrivateSubnet1Id' PrivSub2CIDR: !Ref 'PrivSub2CIDR' WSFCNode2InstanceType: !Ref 'WSFCNode2InstanceType' WSFCNode2NetBIOSName: !Ref 'WSFCNode2NetBIOSName' WSFCNode2PrivateIp: !Ref 'WSFCNode2PrivateIp' WSFCNode2PrivateIp2: !Ref 'WSFCNode2PrivateIp2' WSFCNode2PrivateIp3: !Ref 'WSFCNode2PrivateIp3' PrivateSubnet2Id: !GetAtt 'ADStack.Outputs.PrivateSubnet2Id' VPCCIDR: !GetAtt 'ADStack.Outputs.VPCCIDR'