AWSTemplateFormatVersion: '2010-09-09' Description: Deploys Autodesk VRED 3D and Nvidia CloudXR on the AWS Cloud into an existing VPC. This option provisions VRED in your existing AWS infrastructure. (qs-1t26ph9er) Metadata: cfn-lint: config: ignore_checks: - W9006 - W2030 AWSAMIRegionMap: Filters: NVIDIAWIN: name: cloudxr-agent-windows-2019-aws-market* owner-alias: aws-marketplace product-code.type: marketplace product-code: bwhppj014bz7uf8lehfv4u8hs AWS::CloudFormation::Interface: ParameterGroups: - Label: default: VPC configuration Parameters: - VPCID - PublicSubnetAID - PublicSubnetBID - PublicSubnetCID - Label: default: VRED Amazon EC2 instance configuration Parameters: - WorkloadInstanceType - CloudxrStorageVolumeSize - KeyPairName - InstanceCount - PublicRemoteCidr - PrimaryNodeIP - LicenseServerIP - VredInstanceTag - Label: default: Autodesk VRED 3D media configuration Parameters: - MediaS3Bucket - MediaS3Key - SceneAddress - Label: default: AWS Partner Solution configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: VPCID: default: VPC ID PublicSubnetAID: default: Public Subnet A ID PublicSubnetBID: default: Public Subnet B ID PublicSubnetCID: default: Public Subnet C ID QSS3BucketName: default: Partner Solution S3 bucket name QSS3BucketRegion: default: Partner Solution S3 bucket Region QSS3KeyPrefix: default: Partner Solution S3 key prefix WorkloadInstanceType: default: Workload servers EC2 instance type VredInstanceTag: default: EC2 instance tag (environment) CloudxrStorageVolumeSize: default: Secondary EBS volume size KeyPairName: default: Key pair name InstanceCount: default: Instance count PublicRemoteCidr: default: CIDR for customer access PrimaryNodeIP: default: Primary node IP address LicenseServerIP: default: Network License Manager IP address MediaS3Bucket: default: Autodesk VRED 3D media bucket MediaS3Key: default: Autodesk VRED 3D media key prefix SceneAddress: default: Scene file Parameters: VPCID: Description: ID of existing VPC for deployment (VPC must have internet connectivity). Type: AWS::EC2::VPC::Id PublicSubnetAID: Description: CIDR block for public (DMZ) subnet located in Availability Zone 1. CIDR block must be in format (x.x.x.x/16-28). Type: AWS::EC2::Subnet::Id PublicSubnetBID: Description: CIDR block for public (DMZ) subnet located in Availability Zone 2. CIDR block must be in format (x.x.x.x/16-28). Type: AWS::EC2::Subnet::Id PublicSubnetCID: Description: CIDR block for public (DMZ) subnet located in Availability Zone 3. CIDR block must be in format (x.x.x.x/16-28). Type: AWS::EC2::Subnet::Id QSS3BucketName: AllowedPattern: ^[0-9a-z]+([0-9a-z-\.]*[0-9a-z])*$ ConstraintDescription: >- The S3 bucket name can include numbers, lowercase letters, and hyphens (-), but it cannot start or end with a hyphen. Default: aws-quickstart Description: >- Name of the S3 bucket for your copy of the deployment assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new location. MinLength: 3 MaxLength: 63 Type: String QSS3BucketRegion: Default: us-east-1 Description: >- AWS Region where the S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing the Region updates code references to point to a new location. When using your own bucket, specify the Region. Type: String QSS3KeyPrefix: AllowedPattern: ^([0-9a-zA-Z!-_\.\*'\(\)/]+/)*$ ConstraintDescription: >- The S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), underscores (_), periods (.), asterisks (*), single quotes ('), open parenthesis ((), close parenthesis ()), and forward slashes (/). End the prefix with a forward slash. Default: quickstart-nvidia-cloudxr/ Description: >- S3 key prefix that is used to simulate a folder for your copy of the deployment assets. Keep the default prefix unless you are customizing the template. Changing the prefix updates code references to point to a new location. Type: String KeyPairName: Description: Name of existing public/private key pair. Allows you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName WorkloadInstanceType: AllowedValues: - g4dn.xlarge - g4dn.2xlarge - g4dn.4xlarge - g4dn.8xlarge - g4dn.12xlarge - g4dn.16xlarge - g5.xlarge - g5.2xlarge - g5.4xlarge - g5.8xlarge - g5.12xlarge - g5.16xlarge ConstraintDescription: Must contain valid instance type. Default: g4dn.2xlarge Description: Amazon EC2 instance type for Autodesk VRED instances. Type: String CloudxrStorageVolumeSize: Type: Number Default: 200 ConstraintDescription: Must be between 200 GB and 16,000 GB (16 TB). MinValue: 1 MaxValue: 16000 Description: Size of CloudXR virtualized storage in GBs. VredInstanceTag: Type: String Default: VRED Description: Environment tag value for VRED instances. InstanceCount: Description: Number of EC2 instances for collaboration (excludes primary node). Type: Number Default: 1 MinValue: 1 MaxValue: 10 ConstraintDescription: Must be between between 1 and 10. PublicRemoteCidr: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in format (x.x.x.x/x). Default: 0.0.0.0/0 Description: CIDR IP range permitted to access bastion hosts and Autodesk VRED. We recommend you set this value to a trusted IP range. For example, grant only your corporate network access to the software. CIDR block must be in format (x.x.x.x/x). Type: String PrimaryNodeIP: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Default: 11.0.0.69 Description: IP for primary node of VRED Cluster. Primary private IP for first cluster node located in Public Subnet A—Availability Zone 1. Type: String LicenseServerIP: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ Description: IP for VRED NLM server. Ensure public subnet is able to connect to NLM server subnet. Refer to NLM instructions for more information. Type: String MediaS3Bucket: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Bbucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Description: S3 bucket created to store Autodesk VRED and SteamVR installation media. Type: String MediaS3Key: ConstraintDescription: Partner Solution key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). Description: S3 key prefix used to simulate a folder for your copy of installation media. Autodesk VRED 3D (*.sfx.exe), SteamVR installation binaries (SteamVR.zip) and your scene file under this key prefix. Follow prerequisites (see documentation for more details). End with a forward slash. Type: String Default: replace-me-quickstart-nvidia-cloudxr-media/ SceneAddress: Description: Autodesk VRED 3D Scene file. Address should be in format (MediaS3Key/Scene.vpb). Type: String Default: replace-me-quickstart-nvidia-cloudxr-media/my_scene.vpb ImageId: Type: AWS::SSM::Parameter::Value Description: CloudXR is NVIDIA's streaming SDK. Default: /aws/service/marketplace/prod-7msqr5zacq4i6/cloudxr-3.2-vgpu-14.1 Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: WorkstationSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: "This security group was generated by AWS Marketplace and is based on recommended settings for NVIDIA CloudXR AMI Introductory Offer - WinServer 2019 version CloudXR 3.1 VGPU 13.1 provided by NVIDIA." SecurityGroupIngress: - IpProtocol: tcp FromPort: 3389 ToPort: 3389 CidrIp: !Ref PublicRemoteCidr - IpProtocol: tcp FromPort: 48010 ToPort: 48010 CidrIp: !Ref PublicRemoteCidr - IpProtocol: udp FromPort: 48010 ToPort: 48010 CidrIp: !Ref PublicRemoteCidr - IpProtocol: udp FromPort: 47998 ToPort: 48000 CidrIp: !Ref PublicRemoteCidr - IpProtocol: udp FromPort: 48005 ToPort: 48005 CidrIp: !Ref PublicRemoteCidr - IpProtocol: tcp FromPort: 47998 ToPort: 48000 CidrIp: !Ref PublicRemoteCidr - IpProtocol: tcp FromPort: 48005 ToPort: 48005 CidrIp: !Ref PublicRemoteCidr - IpProtocol: udp FromPort: 48002 ToPort: 48002 CidrIp: !Ref PublicRemoteCidr - IpProtocol: tcp FromPort: 48002 ToPort: 48002 CidrIp: !Ref PublicRemoteCidr - IpProtocol: tcp FromPort: 8443 ToPort: 8443 CidrIp: !Ref PublicRemoteCidr VpcId: !Ref VPCID CollaborationSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: "Allow from WorkstationSG." VpcId: !Ref VPCID SecurityGroupIngress: - IpProtocol: tcp FromPort: 8889 ToPort: 8889 SourceSecurityGroupId: !Ref WorkstationSG WorkstationAccessRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - "sts:AssumeRole" Path: / Policies: - PolicyName: WorkstationS3Access PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - "s3:Get*" - "s3:List*" Resource: - !Sub "arn:${AWS::Partition}:s3:::ec2-windows-nvidia-drivers" - !Sub "arn:${AWS::Partition}:s3:::ec2-windows-nvidia-drivers/*" - !Sub ['arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}*', S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]] - !Sub ['arn:${AWS::Partition}:s3:::${S3Bucket}', S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]] - !Sub "arn:${AWS::Partition}:s3:::${MediaS3Bucket}/*" - !Sub "arn:${AWS::Partition}:s3:::${MediaS3Bucket}'" - PolicyName: NiceDCVLicenseS3BucketAccess PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - s3:GetObject Resource: !Sub "arn:${AWS::Partition}:s3:::dcv-license.${AWS::Region}/*" WorkstationAccessProfile: Type: "AWS::IAM::InstanceProfile" Properties: Path: / Roles: - !Ref WorkstationAccessRole PrimaryNode: Type: AWS::EC2::Instance Metadata: AWS::CloudFormation::Authentication: S3AccessCreds: type: S3 roleName: !Ref WorkstationAccessRole buckets: - !Ref QSS3BucketName - 'ec2-windows-nvidia-drivers' AWS::CloudFormation::Init: configSets: setup: - Install Install: commands: a-install-vred: command: !Join - '' - - powershell.exe -Command "C:\cfn\scripts\install-vred.ps1 -S3Bucket ' - !Ref MediaS3Bucket - ''' -InstallerPrefix ''' - !Ref MediaS3Key - ''' -SceneKeyOrUrl ''' - !Ref SceneAddress - ''' -LicenseServer ''' - !Ref LicenseServerIP - ''' -CollaborationServer ''' - !Ref PrimaryNodeIP - '''"' files: C:\cfn\scripts\install-vred.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/install-vred.ps1 - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] C:\cfn\scripts\run-vred.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/run-vred.ps1 - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] C:\cfn\scripts\vred-library.psm1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/vred-library.psm1 - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Properties: ImageId: !Ref ImageId InstanceType: !Ref WorkloadInstanceType IamInstanceProfile: !Ref WorkstationAccessProfile Tags: - Key: Name Value: !Sub "${VredInstanceTag}-Primary" NetworkInterfaces: - DeleteOnTermination: true DeviceIndex: '0' SubnetId: !Ref 'PublicSubnetAID' GroupSet: - !Ref 'WorkstationSG' - !Ref 'CollaborationSG' PrivateIpAddresses: - Primary: true PrivateIpAddress: !Ref 'PrimaryNodeIP' BlockDeviceMappings: - Ebs: VolumeType: gp3 VolumeSize: !Ref CloudxrStorageVolumeSize DeleteOnTermination: true Encrypted: false DeviceName: /dev/sda1 KeyName: !Ref KeyPairName UserData: !Base64 Fn::Join: - '' - - '' CreationPolicy: ResourceSignal: Timeout: PT1H LaunchConfig: Type: "AWS::AutoScaling::LaunchConfiguration" DependsOn: PrimaryNode Metadata: AWS::CloudFormation::Authentication: S3AccessCreds: type: S3 roleName: !Ref WorkstationAccessRole buckets: - !Ref QSS3BucketName - 'ec2-windows-nvidia-drivers' AWS::CloudFormation::Init: configSets: setup: - Install Install: commands: a-install-vred: command: !Join - '' - - powershell.exe -Command "C:\cfn\scripts\install-vred.ps1 -S3Bucket ' - !Ref MediaS3Bucket - ''' -InstallerPrefix ''' - !Ref MediaS3Key - ''' -SceneKeyOrUrl ''' - !Ref SceneAddress - ''' -LicenseServer ''' - !Ref LicenseServerIP - ''' -CollaborationServer ''' - !Ref PrimaryNodeIP - '''"' files: C:\cfn\scripts\install-vred.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/install-vred.ps1 - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] C:\cfn\scripts\run-vred.ps1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/run-vred.ps1 - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] C:\cfn\scripts\vred-library.psm1: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/vred-library.psm1 - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Properties: AssociatePublicIpAddress: true KeyName: !Ref KeyPairName InstanceType: !Ref WorkloadInstanceType IamInstanceProfile: !Ref 'WorkstationAccessProfile' SecurityGroups: [!Ref 'WorkstationSG', !Ref 'CollaborationSG'] ImageId: !Ref ImageId BlockDeviceMappings: - Ebs: VolumeType: gp3 VolumeSize: !Ref CloudxrStorageVolumeSize DeleteOnTermination: true Encrypted: false DeviceName: /dev/sda1 UserData: !Base64 Fn::Join: - '' - - ' WindowsNvidiaWorkstation: Type: "AWS::AutoScaling::AutoScalingGroup" Properties: VPCZoneIdentifier: - !Ref PublicSubnetAID - !Ref PublicSubnetBID - !Ref PublicSubnetCID LaunchConfigurationName: !Ref 'LaunchConfig' MinSize: '0' MaxSize: !Ref InstanceCount DesiredCapacity: !Ref InstanceCount Tags: - Key: Name PropagateAtLaunch: true Value: !Sub "${VredInstanceTag}-Collab" Outputs: VredInstanceID: Description: EC2 instance ID. Value: !Ref PrimaryNode VredSecurityGroup: Description: Security group for VRED instances. Value: !GetAtt WorkstationSG.GroupId VredPrimaryNodeURL: Description: URL to access VRED primary node (login as administrator). Value: !Sub "https://${PrimaryNode.PublicIp}:8443" VredAutoScalingGroup: Description: Auto Scaling group details. Value: !Ref WindowsNvidiaWorkstation NiceDCVdownload: Description: Nice DCV client download URL. Value: https://download.nice-dcv.com/latest.html