AWSTemplateFormatVersion: '2010-09-09' Description: >- This template deploys two Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Group nodes. This template also deploys the required AD architecture outlined in "Implementing Active Directory Domain Services in the AWS Cloud" **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1sddrm0t1) Metadata: cfn-lint: config: ignore_checks: - E0002 - E9101 - W9006 QuickStartDocumentation: EntrypointName: "Parameters for deploying into a new VPC" Order: "1" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network configuration Parameters: - AvailabilityZones - ThirdAZ - VPCCIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PublicSubnet3CIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PrivateSubnet3CIDR - Label: default: Amazon EC2 configuration Parameters: - KeyPairName - HostType - DedicatedHostAMI - Label: default: Active Directory configuration Parameters: - ADScenarioType - DomainDNSName - DomainNetBIOSName - DomainAdminUser - DomainAdminPassword - Label: default: Self-managed Active Directory configuration Parameters: - ADServer1InstanceType - ADServer1NetBIOSName - ADServer1PrivateIP - ADServer2InstanceType - ADServer2NetBIOSName - ADServer2PrivateIP - Label: default: Remote Desktop Gateway configuration Parameters: - RDGWCIDR - NumberOfRDGWHosts - RDGWInstanceType - Label: default: SQL Server configuration Parameters: - SQLServerVersion - SQLServiceAccount - SQLServiceAccountPassword - SQLLicenseProvided - AvailabiltyGroupName - VolumeIops - VolumeSize - VolumeType - SQL2016Media - SQL2017Media - SQL2019Media - Label: default: Failover cluster configuration Parameters: - ClusterName - WitnessType - WSFCNodeInstanceType - WSFCNode1NetBIOSName - WSFCNode1PrivateIP1 - WSFCNode1PrivateIP2 - WSFCNode1PrivateIP3 - WSFCNode2NetBIOSName - WSFCNode2PrivateIP1 - WSFCNode2PrivateIP2 - WSFCNode2PrivateIP3 - WSFCNode3NetBIOSName - WSFCNode3PrivateIP1 - WSFCNode3PrivateIP2 - WSFCNode3PrivateIP3 - WSFCFileServerNetBIOSName - WSFCFileServerInstanceType - WSFCFileServerPrivateIP - Label: default: Application Insights configuration Parameters: - EnableAppInsights - ApplicationName - ResourceGroupName - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: ApplicationName: default: Application Insights application name EnableAppInsights: default: Enable Application Insights ResourceGroupName: default: Resource Group name ADScenarioType: default: AD scenario type ADServer1InstanceType: default: Domain controller 1 instance type ADServer1NetBIOSName: default: Domain controller 1 NetBIOS name ADServer1PrivateIP: default: Domain controller 1 private IP address ADServer2InstanceType: default: Domain controller 2 instance type ADServer2NetBIOSName: default: Domain controller 2 NetBIOS name ADServer2PrivateIP: default: Domain controller 2 private IP address AvailabilityZones: default: Availability Zones AvailabiltyGroupName: default: Availability group name ClusterName: default: Cluster NetBIOS name DedicatedHostAMI: default: BYOL AMI to use on dedicated host DomainAdminPassword: default: Domain admin password DomainAdminUser: default: Domain admin user name DomainDNSName: default: Domain DNS name DomainNetBIOSName: default: Domain NetBIOS name HostType: default: Tenancy KeyPairName: default: Key pair name NumberOfRDGWHosts: default: Number of RDGW hosts PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR PrivateSubnet3CIDR: default: Private subnet 3 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR PublicSubnet3CIDR: default: Public subnet 3 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket Region QSS3KeyPrefix: default: Quick Start S3 key prefix RDGWInstanceType: default: RDGW instance type RDGWCIDR: default: Allowed RDGW external access CIDR SQL2016Media: default: SQL Server 2016 installation media location SQL2017Media: default: SQL Server 2017 installation media location SQL2019Media: default: SQL Server 2019 installation media location SQLLicenseProvided: default: Amazon-provided SQL Server license SQLServerVersion: default: SQL Server version SQLServiceAccount: default: Service account name SQLServiceAccountPassword: default: Service account password ThirdAZ: default: Third Availability Zone VolumeIops: default: SQL Server volume IOPS VolumeSize: default: SQL Server volume size VolumeType: default: SQL Server volume type VPCCIDR: default: VPC CIDR WitnessType: default: File share witness type WSFCFileServerInstanceType: default: File server instance type WSFCFileServerNetBIOSName: default: File server NetBIOS name WSFCFileServerPrivateIP: default: File server private IP address WSFCNode1NetBIOSName: default: Cluster node 1 NetBIOS name WSFCNode1PrivateIP1: default: Cluster node 1 private IP address 1 WSFCNode1PrivateIP2: default: Cluster node 1 private IP address 2 WSFCNode1PrivateIP3: default: Cluster node 1 private IP address 3 WSFCNode2NetBIOSName: default: Cluster node 2 NetBIOS name WSFCNode2PrivateIP1: default: Cluster node 2 private IP address 1 WSFCNode2PrivateIP2: default: Cluster node 2 private IP address 2 WSFCNode2PrivateIP3: default: Cluster node 2 private IP address 3 WSFCNode3NetBIOSName: default: Cluster node 3 NetBIOS name WSFCNode3PrivateIP1: default: Cluster node 3 private IP address 1 WSFCNode3PrivateIP2: default: Cluster node 3 private IP address 2 WSFCNode3PrivateIP3: default: Cluster node 3 private IP address 3 WSFCNodeInstanceType: default: Instance type for cluster nodes Parameters: ApplicationName: Default: MSSQL Description: Application Insights application name Type: String EnableAppInsights: Type: String Default: 'false' Description: Select whether to enable Application Insights AllowedValues: - 'true' - 'false' ResourceGroupName: Type: String Default: SQL Description: Application Resource Group name ADScenarioType: AllowedValues: - AWS Directory Service for Microsoft AD (Enterprise Edition) - Microsoft AD on Amazon EC2 Default: AWS Directory Service for Microsoft AD (Enterprise Edition) Description: 'Select the type of AD DS deployment to use: AWS Directory Service for Microsoft AD or managing your own Amazon EC2 AD instances.' Type: String ADServer1InstanceType: AllowedValues: - t2.large - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: m5.xlarge Description: Amazon EC2 instance type for the first Active Directory instance. Type: String ADServer1NetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: DC1 Description: NetBIOS name of the first Active Directory server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ADServer1PrivateIP: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.0.10 Description: Fixed private IP for the first Active Directory server located in Availability Zone 1. Type: String ADServer2InstanceType: AllowedValues: - t2.large - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: m5.xlarge Description: Amazon EC2 instance type for the second Active Directory instance. Type: String ADServer2NetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: DC2 Description: NetBIOS name of the second Active Directory server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String ADServer2PrivateIP: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.32.10 Description: Fixed private IP for the second Active Directory server located in Availability Zone 2. Type: String AvailabilityZones: Description: >- List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved and 2 zones must be provided unless the Third Availability Zone parameter is specified, in which case 3 zones must be provided. Type: List ClusterName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: "WSFCCluster1" Description: "NetBIOS name of the cluster (up to 15 characters)." MaxLength: '15' MinLength: '1' Type: "String" AvailabiltyGroupName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: "SQLAG1" Description: "NetBIOS name of the Availablity Group (up to 15 characters)." MaxLength: '15' MinLength: '1' Type: "String" DedicatedHostAMI: Default: '' Description: If host type is set to "Dedicated" or "Dedicated Host", you need to specify your imported BYOL AMI ID. Type: String DomainAdminPassword: AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: Password for the domain admin user. Must be at least 8 characters containing letters, numbers, and symbols. MaxLength: '32' MinLength: '8' NoEcho: 'true' Type: String DomainAdminUser: AllowedPattern: '[a-zA-Z0-9]*' Default: Admin Description: >- User name for the account that will be added as domain administrator. This is separate from the default administrator account. Note: This user is used for Self-Managed AD Scenario, when using AWS Directory Service for Microsoft AD "Admin" is the default regardless of the value provided. provided. MaxLength: '25' MinLength: '5' Type: String DomainDNSName: AllowedPattern: '[a-zA-Z0-9\-]+\..+' Default: example.com Description: Fully qualified domain name (FQDN) of the forest root domain. MaxLength: '255' MinLength: '2' Type: String DomainNetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: example Description: NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Windows. MaxLength: '15' MinLength: '1' Type: String HostType: AllowedValues: - Shared - Dedicated - Dedicated Host Default: Shared Description: Host type. If Dedicated or Dedicated Host is selected, hosts will be created in each Availability Zone. Type: String KeyPairName: Description: Public/private key pairs allow you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName NumberOfRDGWHosts: AllowedValues: - '0' - '1' - '2' - '3' - '4' Default: '1' Description: Enter the number of Remote Desktop Gateway hosts to create. Type: String PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.0.0/19 Description: CIDR block for private subnet 1 located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.32.0/19 Description: CIDR block for private subnet 2 located in Availability Zone 2. Type: String PrivateSubnet3CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.64.0/19 Description: (Optional) CIDR block for optional private subnet 3 located in Availability Zone 3. Type: String PublicSubnet1CIDR: Default: 10.0.128.0/20 Description: CIDR block for the public subnet 2 located in Availability Zone 2. Type: String PublicSubnet2CIDR: Default: 10.0.144.0/20 Description: CIDR block for the optional public subnet 3 located in Availability Zone 3. Type: String PublicSubnet3CIDR: Default: 10.0.160.0/20 Description: (Optional) CIDR block for the optional public subnet 3 located in Availability Zone 3. Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. Type: String QSS3BucketRegion: Default: us-east-1 Description: 'AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.' Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). The prefix should end with a forward slash (/). Default: quickstart-microsoft-sql/ Description: S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. Type: String RDGWInstanceType: AllowedValues: - t2.small - t2.medium - t2.large - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: t2.large Description: Amazon EC2 instance type for the Remote Desktop Gateway instances. Type: String RDGWCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: Allowed CIDR block for external access to the Remote Desktop Gateway instances. Type: String SQL2016Media: Default: https://download.microsoft.com/download/9/0/7/907AD35F-9F9C-43A5-9789-52470555DB90/ENU/SQLServer2016SP1-FullSlipstream-x64-ENU.iso Description: SQL Server 2016 installation media location Type: String SQL2017Media: Default: https://download.microsoft.com/download/E/F/2/EF23C21D-7860-4F05-88CE-39AA114B014B/SQLServer2017-x64-ENU.iso Description: SQL Server 2017 installation media location Type: String SQL2019Media: Default: https://go.microsoft.com/fwlink/?linkid=866664 Description: SQL Server 2019 installation media location Type: String SQLLicenseProvided: AllowedValues: - 'yes' - 'no' Default: 'yes' Description: License SQL Server from AWS Marketplace. Type: String SQLServerVersion: AllowedValues: - '2016' - '2017' - '2019' Default: '2019' Description: Version of SQL Server to install on failover cluster nodes. Type: String SQLServiceAccount: AllowedPattern: '[a-zA-Z0-9]*' Default: sqlsa Description: User name for the SQL Server service account. This account is a domain user. MaxLength: '25' MinLength: '5' Type: String SQLServiceAccountPassword: AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: Password for the SQL Server service account. Must be at least 8 characters, containing letters, numbers and symbols. MaxLength: '32' MinLength: '8' NoEcho: 'true' Type: String ThirdAZ: AllowedValues: - 'no' - witness - full Default: 'no' Description: >- Enable a deployment with three Availability Zones. The third Availability Zone can either be used just for the witness, or it can be a full SQL cluster node. Note that if witness is chosen, the file server private IP address parameter must be set to an IP in the third subnet range. Type: String VolumeIops: Default: '1000' Description: Provisioned IOPS for the SQL data, logs and tempDb volumes. This parameter is applicable only when the SQL Server volume type is set to "io1". MaxValue: '20000' MinValue: '100' Type: Number VolumeSize: Default: '500' Description: Volume size for the SQL data, logs and tempDb volumes, in GiB. MaxValue: '16000' MinValue: '100' Type: Number VolumeType: AllowedValues: - gp2 - io1 Default: gp2 Description: Volume type for the SQL data, logs and tempDb volumes. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR block for the VPC. Type: String WitnessType: AllowedValues: - FSx - Windows file share Default: Windows file share Description: Type of file share to use for failover cluster witness. Type: String WSFCFileServerNetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: WSFCFileServer Description: NetBIOS name of the witness file server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String WSFCFileServerInstanceType: AllowedValues: - t2.small - t2.medium - t2.large - t3.small - t3.medium - t3.large - m5.large Default: m5.large Description: Amazon EC2 instance type for a fileserver for witness and replication folders. Type: String WSFCFileServerPrivateIP: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.0.200 Description: Primary private IP for the fileserver located in Availability Zone 1. Type: String WSFCNode1NetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: WSFCNode1 Description: NetBIOS name of the first failover cluster node (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String WSFCNode1PrivateIP1: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.0.100 Description: Primary private IP for the first cluster node located in Availability Zone 1. Type: String WSFCNode1PrivateIP2: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.0.101 Description: Secondary private IP for failover cluster on first cluster node. Type: String WSFCNode1PrivateIP3: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.0.102 Description: Third private IP for SQL Server availability group listener on first cluster node. Type: String WSFCNode2NetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: WSFCNode2 Description: NetBIOS name of the second WSFC node (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String WSFCNode2PrivateIP1: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.32.100 Description: Primary private IP for the second cluster node located in Availability Zone 2. Type: String WSFCNode2PrivateIP2: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.32.101 Description: Secondary private IP for failover cluster on second cluster node. Type: String WSFCNode2PrivateIP3: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.32.102 Description: Third private IP for SQL Server availability group listener on second cluster node. Type: String WSFCNode3NetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: WSFCNode3 Description: NetBIOS name of the optional third WSFC node (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String WSFCNode3PrivateIP1: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.64.100 Description: Primary private IP for the optional third cluster node located in Availability Zone 3. Type: String WSFCNode3PrivateIP2: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.64.101 Description: Secondary private IP for failover cluster on optional third cluster node. Type: String WSFCNode3PrivateIP3: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 10.0.64.102 Description: Third private IP for SQL Server availability group listener on optional third cluster node. Type: String WSFCNodeInstanceType: AllowedValues: - r4.xlarge - r4.2xlarge - r4.4xlarge - r4.8xlarge - r5.large - r5.xlarge - r5.2xlarge - r5.4xlarge - r5.12xlarge ConstraintDescription: Only EBS Optimized instance types r4.xlarge, r4.2xlarge, r4.4xlarge, r4.8xlarge allowed Default: r5.2xlarge Description: Amazon EC2 instance type for the failover cluster nodes. Type: String Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] UseAWSDirectoryServiceEE: !Equals - !Ref 'ADScenarioType' - AWS Directory Service for Microsoft AD (Enterprise Edition) IsTwoAz: !Equals - !Ref 'ThirdAZ' - 'no' HostTypeIsDefault: !Equals - !Ref 'HostType' - Shared CreateDediHosts: !Not - !Equals - !Ref 'HostType' - Shared HostTypeIsDediHost: !Equals - !Ref 'HostType' - Dedicated Host IncludeRDGW: !Not - !Equals - !Ref NumberOfRDGWHosts - '0' Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' NumberOfAZs: !If - IsTwoAz - '2' - '3' PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' PrivateSubnet3ACIDR: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'PrivateSubnet3CIDR' PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' PublicSubnet3CIDR: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'PublicSubnet3CIDR' VPCCIDR: !Ref 'VPCCIDR' ADStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-activedirectory/templates/${QSADTemplate} - QSADTemplate: !If - UseAWSDirectoryServiceEE - ad-3.template - ad-1.template S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: !If - UseAWSDirectoryServiceEE - DomainAdminPassword: !Ref 'DomainAdminPassword' DomainDNSName: !Ref 'DomainDNSName' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-microsoft-activedirectory/' VPCCIDR: !Ref 'VPCCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' - ADServer1InstanceType: !Ref 'ADServer1InstanceType' ADServer1NetBIOSName: !Ref 'ADServer1NetBIOSName' ADServer1PrivateIP: !Ref 'ADServer1PrivateIP' ADServer2InstanceType: !Ref 'ADServer2InstanceType' ADServer2NetBIOSName: !Ref 'ADServer2NetBIOSName' ADServer2PrivateIP: !Ref 'ADServer2PrivateIP' DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-microsoft-activedirectory/' VPCCIDR: !Ref 'VPCCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' RDGWStack: Condition: IncludeRDGW Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/templates/rdgw-domain.template' - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !If - UseAWSDirectoryServiceEE - admin - !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainMemberSGID: !GetAtt 'ADStack.Outputs.DomainMemberSGID' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' NumberOfRDGWHosts: !Ref 'NumberOfRDGWHosts' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/' RDGWInstanceType: !Ref 'RDGWInstanceType' RDGWCIDR: !Ref 'RDGWCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' DediHostStack: DependsOn: VPCStack Condition: CreateDediHosts Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/dedicated-hosts.template - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: 3rdAZ: !If - IsTwoAz - 'no' - 'yes' AutoPlacement: !If - HostTypeIsDediHost - 'off' - 'on' AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' WSFCNodeInstanceType: !Ref 'WSFCNodeInstanceType' SQLStack: Condition: HostTypeIsDefault Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/sql.template.yaml - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: ApplicationName: !Ref 'ApplicationName' EnableAppInsights: !Ref 'EnableAppInsights' ResourceGroupName: !Ref 'ResourceGroupName' ADScenarioType: !Ref 'ADScenarioType' ADServer1PrivateIP: !If - UseAWSDirectoryServiceEE - !GetAtt 'ADStack.Outputs.ADServer1PrivateIP' - !Ref 'ADServer1PrivateIP' ADServer2PrivateIP: !If - UseAWSDirectoryServiceEE - !GetAtt 'ADStack.Outputs.ADServer2PrivateIP' - !Ref 'ADServer2PrivateIP' ClusterName: !Ref 'ClusterName' AvailabiltyGroupName: !Ref 'AvailabiltyGroupName' DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !If - UseAWSDirectoryServiceEE - admin - !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainMemberSGID: !GetAtt 'ADStack.Outputs.DomainMemberSGID' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' PrivateSubnet3ID: !If - IsTwoAz - !Ref 'AWS::NoValue' - !GetAtt 'VPCStack.Outputs.PrivateSubnet3AID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' SQLLicenseProvided: !Ref 'SQLLicenseProvided' SQL2016Media: !Ref 'SQL2016Media' SQL2017Media: !Ref 'SQL2017Media' SQL2019Media: !Ref 'SQL2019Media' SQLServerVersion: !Ref 'SQLServerVersion' SQLServiceAccount: !Ref 'SQLServiceAccount' SQLServiceAccountPassword: !Ref 'SQLServiceAccountPassword' ThirdAZ: !Ref 'ThirdAZ' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' Volume1Iops: !Ref 'VolumeIops' Volume1Size: !Ref 'VolumeSize' Volume1Type: !Ref 'VolumeType' Volume2Iops: !Ref 'VolumeIops' Volume2Size: !Ref 'VolumeSize' Volume2Type: !Ref 'VolumeType' Volume3Iops: !Ref 'VolumeIops' Volume3Size: !Ref 'VolumeSize' Volume3Type: !Ref 'VolumeType' WitnessType: !Ref 'WitnessType' WSFCFileServerInstanceType: !Ref 'WSFCFileServerInstanceType' WSFCFileServerNetBIOSName: !Ref 'WSFCFileServerNetBIOSName' WSFCFileServerPrivateIP: !Ref 'WSFCFileServerPrivateIP' WSFCNode1InstanceType: !Ref 'WSFCNodeInstanceType' WSFCNode1NetBIOSName: !Ref 'WSFCNode1NetBIOSName' WSFCNode1PrivateIP1: !Ref 'WSFCNode1PrivateIP1' WSFCNode1PrivateIP2: !Ref 'WSFCNode1PrivateIP2' WSFCNode1PrivateIP3: !Ref 'WSFCNode1PrivateIP3' WSFCNode2InstanceType: !Ref 'WSFCNodeInstanceType' WSFCNode2NetBIOSName: !Ref 'WSFCNode2NetBIOSName' WSFCNode2PrivateIP1: !Ref 'WSFCNode2PrivateIP1' WSFCNode2PrivateIP2: !Ref 'WSFCNode2PrivateIP2' WSFCNode2PrivateIP3: !Ref 'WSFCNode2PrivateIP3' WSFCNode3NetBIOSName: !Ref 'WSFCNode3NetBIOSName' WSFCNode3PrivateIP1: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'WSFCNode3PrivateIP1' WSFCNode3PrivateIP2: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'WSFCNode3PrivateIP2' WSFCNode3PrivateIP3: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'WSFCNode3PrivateIP3' SQLDediStack: Condition: HostTypeIsDediHost Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/sql-dedicated-hosts.template - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: ADScenarioType: !Ref 'ADScenarioType' ADServer1PrivateIP: !If - UseAWSDirectoryServiceEE - !GetAtt 'ADStack.Outputs.ADServer1PrivateIP' - !Ref 'ADServer1PrivateIP' ADServer2PrivateIP: !If - UseAWSDirectoryServiceEE - !GetAtt 'ADStack.Outputs.ADServer2PrivateIP' - !Ref 'ADServer2PrivateIP' ClusterName: !Ref 'ClusterName' AvailabiltyGroupName: !Ref 'AvailabiltyGroupName' DedicatedHostAMI: !Ref 'DedicatedHostAMI' DedicatedHostIDNode1: !GetAtt 'DediHostStack.Outputs.DedicatedHost1' DedicatedHostIDNode2: !GetAtt 'DediHostStack.Outputs.DedicatedHost2' DedicatedHostIDNode3: !GetAtt 'DediHostStack.Outputs.DedicatedHost3' DomainAdminPassword: !Ref 'DomainAdminPassword' DomainAdminUser: !If - UseAWSDirectoryServiceEE - admin - !Ref 'DomainAdminUser' DomainDNSName: !Ref 'DomainDNSName' DomainMemberSGID: !GetAtt 'ADStack.Outputs.DomainMemberSGID' DomainNetBIOSName: !Ref 'DomainNetBIOSName' KeyPairName: !Ref 'KeyPairName' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' PrivateSubnet3ID: !If - IsTwoAz - !Ref 'AWS::NoValue' - !GetAtt 'VPCStack.Outputs.PrivateSubnet3AID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' SQL2016Media: !Ref 'SQL2016Media' SQL2017Media: !Ref 'SQL2017Media' SQL2019Media: !Ref 'SQL2019Media' SQLServerVersion: !Ref 'SQLServerVersion' SQLServiceAccount: !Ref 'SQLServiceAccount' SQLServiceAccountPassword: !Ref 'SQLServiceAccountPassword' ThirdAZ: !Ref 'ThirdAZ' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' Volume1Iops: !Ref 'VolumeIops' Volume1Size: !Ref 'VolumeSize' Volume1Type: !Ref 'VolumeType' Volume2Iops: !Ref 'VolumeIops' Volume2Size: !Ref 'VolumeSize' Volume2Type: !Ref 'VolumeType' Volume3Iops: !Ref 'VolumeIops' Volume3Size: !Ref 'VolumeSize' Volume3Type: !Ref 'VolumeType' WitnessType: !Ref 'WitnessType' WSFCFileServerInstanceType: !Ref 'WSFCFileServerInstanceType' WSFCFileServerNetBIOSName: !Ref 'WSFCFileServerNetBIOSName' WSFCFileServerPrivateIP: !Ref 'WSFCFileServerPrivateIP' WSFCNode1InstanceType: !Ref 'WSFCNodeInstanceType' WSFCNode1NetBIOSName: !Ref 'WSFCNode1NetBIOSName' WSFCNode1PrivateIP1: !Ref 'WSFCNode1PrivateIP1' WSFCNode1PrivateIP2: !Ref 'WSFCNode1PrivateIP2' WSFCNode1PrivateIP3: !Ref 'WSFCNode1PrivateIP3' WSFCNode2InstanceType: !Ref 'WSFCNodeInstanceType' WSFCNode2NetBIOSName: !Ref 'WSFCNode2NetBIOSName' WSFCNode2PrivateIP1: !Ref 'WSFCNode2PrivateIP1' WSFCNode2PrivateIP2: !Ref 'WSFCNode2PrivateIP2' WSFCNode2PrivateIP3: !Ref 'WSFCNode2PrivateIP3' WSFCNode3NetBIOSName: !Ref 'WSFCNode3NetBIOSName' WSFCNode3PrivateIP1: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'WSFCNode3PrivateIP1' WSFCNode3PrivateIP2: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'WSFCNode3PrivateIP2' WSFCNode3PrivateIP3: !If - IsTwoAz - !Ref 'AWS::NoValue' - !Ref 'WSFCNode3PrivateIP3'