AWSTemplateFormatVersion: '2010-09-09' Description: >- This master template creates a VPC infrastructure for a multi-AZ, multi-tier deployment of a workload on AWS. It deploys a VPC and WSUS instance. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1q77hsjuo) Metadata: cfn-lint: config: ignore_checks: - W9006 AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Amazon VPC configuration Parameters: - AvailabilityZones - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - Label: default: Amazon EC2 configuration Parameters: - WSUSServerNetBIOSName - KeyPairName - StorageVolumeSize - WindowsVersion - WorkloadInstanceType - Label: default: WSUS configuration Parameters: - WSUSLanguagesList - WSUSProductList - WSUSClassification - WSUSNumOfSyncsPerDay - Label: default: Remote Desktop Gateway configuration Parameters: - IncludeRDGW - RDGWCIDR - NumberOfRDGWHosts - RDGWInstanceType - AdminUser - AdminPassword - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: AdminUser: default: RD Gateway admin user AdminPassword: default: RD Gateway admin password AvailabilityZones: default: Availability Zones IncludeRDGW: default: Include RD Gateway NumberOfRDGWHosts: default: Number of RD Gateway hosts PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 key prefix RDGWInstanceType: default: RD Gateway instance type RDGWCIDR: default: Allowed RD Gateway external access CIDR VPCCIDR: default: VPC CIDR KeyPairName: default: SSH key name StorageVolumeSize: default: Storage volume size WorkloadInstanceType: default: Workload server instance type WSUSServerNetBIOSName: default: Server NetBIOS name WSUSLanguagesList: default: Supported languages WSUSProductList: default: WSUS products WSUSClassification: default: WSUS classifications WSUSNumOfSyncsPerDay: default: Number of WSUS synchronizations per day WindowsVersion: default: Windows version Parameters: AdminPassword: Description: Password for the RD Gateway administrative account. Must be at least 8 characters containing letters, numbers and symbols. Type: String MinLength: 8 MaxLength: 32 AllowedPattern: "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*" NoEcho: true AdminUser: Description: User name for the RD Gateway administrative account. Type: String Default: Admin MinLength: 5 MaxLength: 25 AllowedPattern: "[a-zA-Z0-9]*" AvailabilityZones: Description: List of Availability Zones to use for the subnets in the VPC. Only two Availability Zones are used for this deployment, and the logical order of your selections is preserved. Type: List IncludeRDGW: AllowedValues: - "Yes. Please include a Rempde Desktop Gateway autoscaling group." - "No. Please do not include a Remote Desktop Gateway autoscaling group." ConstraintDescription: If no is selected, other RD Gateway related parameters will be ignored. Default: "No. Please do not include a Remote Desktop Gateway autoscaling group." Description: Remote Desktop Gateway (RD Gateway). Choose Yes to include an RD Gateway in an Auto Scaling group. Type: String NumberOfRDGWHosts: AllowedValues: - '1' - '2' - '3' - '4' Default: '1' Description: The number of RD Gateway hosts to create. Type: String PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Description: CIDR block for private subnet 1 located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Description: CIDR block for private subnet 2 located in Availability Zone 2. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/20 Description: CIDR block for the public (DMZ) subnet 1 located in Availability Zone 1. Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.144.0/20 Description: CIDR block for the public (DMZ) subnet 2 located in Availability Zone 2. Type: String RDGWInstanceType: AllowedValues: - t2.small - t2.medium - t2.large - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge Default: t2.large Description: EC2 instance type for the RD Gateway instances. Type: String RDGWCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Default: 10.0.0.0/16 Description: Allowed CIDR block for external access to the RD Gateway instances. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR block for the VPC Type: String KeyPairName: Description: Name of an existing EC2 key pair. All instances will launch with this key pair. Type: AWS::EC2::KeyPair::KeyName StorageVolumeSize: Description: Capacity of the volume used to store update files (GB). Default: '500' Type: Number QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3BucketRegion: Default: 'us-east-1' Description: "The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value." Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-microsoft-wsus/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String WSUSServerNetBIOSName: AllowedPattern: '[a-zA-Z0-9\-]+' Default: WSUS Description: NetBIOS name of the WSUS server (up to 15 characters). MaxLength: '15' MinLength: '1' Type: String WSUSLanguagesList: Default: en Description: Comma-delimited list of WSUS enabled languages. Type: String WSUSProductList: Default: Microsoft SQL Server 2012 R2, Microsoft SQL Server 2016, Microsoft SQL Server 2017, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 Description: Configure the Platforms that you want WSUS to receive updates Type: String WSUSClassification: Default: Applications, Update Rollups, Security Updates, Critical Updates, Service Packs, Updates, Drivers, Driver Sets Description: Types of updates that can be obtained through WSUS. Type: String WSUSNumOfSyncsPerDay: Default: '1' Description: The number of WSUS synchronizations per day. Type: Number WindowsVersion: AllowedValues: - Windows2019Full - Windows2019Core - Windows2019Full_MSSQL2017Standard ConstraintDescription: Must be one of supported Windows versions Default: Windows2019Core Description: The Windows version for running WSUS. Windows Core is recommended for production environments. Type: String WorkloadInstanceType: AllowedValues: - t3a.2xlarge - t3.2xlarge - r5a.xlarge - r5a.2xlarge - r5a.4xlarge - r5a.8xlarge - r5.large - r5.xlarge - r5.2xlarge - r5.4xlarge - r5.8xlarge - r4.xlarge - r4.2xlarge - r4.4xlarge - r4.8xlarge - z1d.large - z1d.xlarge ConstraintDescription: Must contain valid instance type Default: r5.2xlarge Description: Type of EC2 instance for the workload instance. Type: String Conditions: RDGWSelected: Fn::Equals: - Ref: IncludeRDGW - "Yes. Please include a Rempde Desktop Gateway autoscaling group." GovCloudCondition: Fn::Equals: - Ref: AWS::Region - "us-gov-west-1" UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' VPCCIDR: !Ref 'VPCCIDR' WorkloadStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: Fn::Sub: - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/quickstart-microsoft-wsus-workload.template' - S3Region: !If - UsingDefaultBucket - !Ref AWS::Region - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: KeyPairName: !Ref 'KeyPairName' StorageVolumeSize: !Ref 'StorageVolumeSize' WSUSServerNetBIOSName: !Ref 'WSUSServerNetBIOSName' DomainJoin: No. Please keep WSUS as a standalone Windows instance. DomainAdminPassword: '' DomainAdminUser: StackAdmin DomainDNSName: example.com DomainMemberSGID: '' DomainNetBIOSName: EXAMPLE WSUSLanguagesList: !Ref 'WSUSLanguagesList' WSUSProductList: !Ref 'WSUSProductList' WSUSClassification: !Ref 'WSUSClassification' WSUSNumOfSyncsPerDay: !Ref 'WSUSNumOfSyncsPerDay' WindowsVersion: !Ref 'WindowsVersion' WorkloadInstanceType: !Ref 'WorkloadInstanceType' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' RDGWStack: Condition: RDGWSelected Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/templates/rdgw-standalone.template - QSS3Region: !If - GovCloudCondition - s3-us-gov-west-1 - s3 Parameters: AdminPassword: !Ref 'AdminPassword' AdminUser: !Ref 'AdminUser' KeyPairName: !Ref 'KeyPairName' NumberOfRDGWHosts: !Ref 'NumberOfRDGWHosts' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-microsoft-rdgateway/' RDGWInstanceType: !Ref 'RDGWInstanceType' RDGWCIDR: !Ref 'RDGWCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID'