AWSTemplateFormatVersion: '2010-09-09' Description: >- Creates a VPC with multi-AZ deployment of enterprise class Oracle Database and Grid Infrastructure 12c. It will deploy database instances into the private subnets in separate Availability Zones. ***NOTE*** You must have Oracle Enterprise licensing to use Oracle Data Guard. See the deployment guide at http://aws.amazon.com/quickstart for details. Creates Amazon EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. Files needed: linuxamd64_12102_database_1of2.zip, linuxamd64_12102_database_2of2.zip, linuxamd64_12102_grid_1of2.zip and linuxamd64_12102_grid_2of2.zip for Oracle 12.1.0.2 Version, and linuxx64_12201_database.zip and linuxx64_12201_grid_home.zip for Oracle 12.2.0.1 Version, oracleasm-support-2.1.8-1.el6.x86_64.rpm and oracleasmlib-2.0.4-1.el6.x86_64.rpm for Oracle Linux 6.7 or RHEL 7.2, and oracleasmlib-2.0.12-1.el7.x86_64.rpm for Oracle Linux 7.3. OracleSecureBackup needs: osbws_installer.zip. (qs-1qui35es5) Metadata: QuickStartDocumentation: EntrypointName: "Launch into a new VPC" OptionalParameters: - OSBInstall AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network Configuration Parameters: - AvailabilityZones - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - RemoteAccessCIDR - Label: default: Amazon EC2 Configuration Parameters: - KeyPairName - OracleAMIOS - OracleInstanceType - PrimaryIPAddress - StandbyIPAddress - EnableCWL - Label: default: Oracle Database Configuration Parameters: - OracleVersion - DomainName - DatabasePort - DatabaseName - DataGuardConfig - CharacterSet - StandbyName - DatabasePass - AsmPass - EBSData - DataVolumeType - DataIOPS - EBSReco - RecoVolumeType - RecoIOPS - InstallBucketName - InstallBucketPrefix - Label: default: Oracle Secure Backup Cloud Module (Optional) Parameters: - OSBInstall - OSBOTN - OSBPass - OSBBucketName - OSBKey - OSBSecret - Label: default: Linux Bastion Configuration Parameters: - BastionAMIOS - BastionInstanceType - EnableBanner - BastionBanner - Label: default: AWS Quick Start Configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: OracleVersion: default: Oracle Version AsmPass: default: ASM Password AvailabilityZones: default: Availability Zones BastionInstanceType: default: Bastion Instance Type BastionAMIOS: default: Bastion AMI Operating System BastionBanner: default: Bastion Banner CharacterSet: default: Character Set DataIOPS: default: Data - IOPS per EBS Volume DataVolumeType: default: Data Diskgroup Volume Type DatabaseName: default: Primary Database Name DatabasePass: default: Database Password DatabasePort: default: Database Port Number DataGuardConfig: default: Data Guard Configuration DomainName: default: Domain Name EBSData: default: Data Diskgroup GiB/Disk EBSReco: default: Recovery (Reco) Diskgroup GiB/Disk EnableBanner: default: Enable Banner InstallBucketName: default: Binaries Bucket Name InstallBucketPrefix: default: Binaries Bucket Key Prefix KeyPairName: default: Key Pair Name OracleAMIOS: default: Database Operating System OracleInstanceType: default: Database Instance Type OSBBucketName: default: S3 Bucket for Backups OSBInstall: default: Install Oracle Secure Backup OSBKey: default: AWS Access Key ID OSBOTN: default: OTN Account Email/Login OSBPass: default: OTN Account Password OSBSecret: default: AWS Secret Access Key PrimaryIPAddress: default: Primary Database Private IP PrivateSubnet1CIDR: default: Private Subnet 1 CIDR PrivateSubnet2CIDR: default: Private Subnet 2 CIDR PublicSubnet1CIDR: default: Public Subnet 1 CIDR PublicSubnet2CIDR: default: Public Subnet 2 CIDR QSS3BucketName: default: Quick Start S3 Bucket Name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 Key Prefix RecoIOPS: default: Reco - IOPS per EBS Volume RecoVolumeType: default: Reco Diskgroup Volume Type RemoteAccessCIDR: default: Allowed Bastion External Access CIDR StandbyIPAddress: default: Standby Database Private IP StandbyName: default: Standby Database Name VPCCIDR: default: VPC CIDR EnableCWL: default: Enable CloudWatch Logs Parameters: AsmPass: AllowedPattern: ([A-Za-z0-9_#$]{3,30}) ConstraintDescription: Input your ASM Password, Min 3, Maximum of 30 characters. Description: Enter your ASM Password, Min 3, maximum of 30 characters. This password is used for the SYSASM, ASM Monitor, and ASM EM admin users of Oracle ASM. NoEcho: 'true' Type: String AvailabilityZones: Description: 'List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved and only 2 AZs are used for this deployment.' Type: List BastionInstanceType: AllowedValues: - t2.nano - t2.micro - t2.small - t2.medium - t2.large - m3.large - m3.xlarge - m3.2xlarge - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge Default: t2.micro Description: Amazon EC2 instance type for the second bastion instance Type: String BastionAMIOS: AllowedValues: - Amazon-Linux2-HVM - CentOS-7-HVM - Ubuntu-Server-20.04-LTS-HVM - SUSE-SLES-15-HVM Default: Amazon-Linux2-HVM Description: The Linux distribution for the AMI to be used for the bastion instances Type: String BastionBanner: Default: https://aws-quickstart.s3.amazonaws.com/quickstart-oracle-database/submodules/quickstart-linux-bastion/scripts/banner_message.txt Description: Banner text to display upon login Type: String OracleVersion: AllowedValues: - 12.1.0.2 - 12.2.0.1 ConstraintDescription: Default is 12.1.0.2. Default: 12.2.0.1 Description: Version of Oracle Database Software. Type: String CharacterSet: AllowedValues: - AL32UTF8 - AR8ISO8859P6 - AR8MSWIN1256 - BLT8ISO8859P13 - BLT8MSWIN1257 - CL8ISO8859P5 - CL8MSWIN1251 - EE8ISO8859P2 - EE8MSWIN1250 - EL8ISO8859P7 - EL8MSWIN1253 - IW8ISO8859P8 - IW8MSWIN1255 - JA16EUC - JA16EUCTILDE - JA16SJIS - JA16SJISTILDE - KO16MSWIN949 - NE8ISO8859P10 - NEE8ISO8859P4 - TH8TISASCII - TR8MSWIN1254 - US7ASCII - UTF8 - VN8MSWIN1258 - WE8ISO8859P1 - WE8ISO8859P15 - WE8ISO8859P9 - WE8MSWIN1252 - ZHS16GBK - ZHT16HKSCS - ZHT16MSWIN950 - ZHT32EUC ConstraintDescription: Default is AL32UTF8, Unicode 6.2 UTF-8 Universal character set. Default: AL32UTF8 Description: Character set for Oracle Database. Type: String DataGuardConfig: AllowedValues: - Data Guard - Single ConstraintDescription: Single - One instance only, Data Guard - Two instances (Primary + Standby) Default: Data Guard Description: 'Configuration: Single - One instance only, Data Guard - Two instances (Primary + Standby)' Type: String DataIOPS: ConstraintDescription: The number of IOPS that are provisioned for the volume, Maximum of 20000 IOPS per volume. Default: '600' Description: 'IOPS per EBS Volume, only for io1 types. DATA diskgroup total IOPS will be this value x 6. Maximum of 20000 IOPS per volume. Limited to 50 IOPS : 1 GiB.' MaxValue: '20000' MinValue: '0' Type: Number DataVolumeType: AllowedValues: - gp2 - io1 ConstraintDescription: Only gp2 or io1 are allowed. Default: gp2 Description: 'Disk type for EBS Data Diskgroup. gp2 (performance ratio of 3 IOPS: 1 GiB) or io1 (performance ratio up to 50 IOPS : 1 GiB).' Type: String DatabaseName: AllowedPattern: ([A-Za-z0-9-]{3,8}) ConstraintDescription: No special chars, Min 3, Maximum of 8 characters. Default: orcl Description: Enter your Database Name, Min 3, Maximum of 8 characters (limited by DB_NAME). Primary instance will have the same name of this. Type: String DatabasePass: AllowedPattern: ([A-Za-z0-9_#$]{3,30}) ConstraintDescription: Input your database Password, Min 3, Maximum of 30 characters. Description: Enter your Database Password, Min 3, maximum of 30 characters. This password is used for the SYS, SYSTEM, and DBSNMP users of Oracle Database. NoEcho: 'true' Type: String DatabasePort: ConstraintDescription: Database port Number usually 1521, but avoid this number for production use 1530, for example Default: '1525' Description: Oracle Database listener port number. Type: Number DomainName: ConstraintDescription: String domain name. Default: dataguard-env Description: Name of Domain to reach your Database Endpoint after setup. Type: String EBSData: ConstraintDescription: Must be a valid Number from 4 GiB to 16000 GiB Default: '20' Description: Enter the number of Gigabytes for Each ASM Disk (EBS) for DATA Diskgroup total of 6 (six) volumes, maximum of 16000 GiB each. MaxValue: '16000' MinValue: '4' Type: Number EBSReco: ConstraintDescription: Must be a valid Number from 4 GiB to 16000 GiB Default: '6' Description: Enter the number of Gigabytes for Each ASM Disk (EBS) for RECO Diskgroup total of 3 (three) volumes, maximum of 16000 GiB each. MaxValue: '16000' MinValue: '4' Type: Number EnableBanner: AllowedValues: - 'true' - 'false' Default: 'false' Description: To include a banner to be displayed when connecting via SSH to the bastion, set this parameter to true Type: String InstallBucketName: AllowedPattern: ^[0-9a-zA-Z-]+([0-9a-zA-Z-]+)*$ ConstraintDescription: Bucket name can include numbers, lowercase letters, uppercase letters, hyphens (-). Description: Name of your S3 bucket with your Oracle Binaries (e.g., bucket-name) Type: String InstallBucketPrefix: AllowedPattern: ^[0-9a-zA-Z-]+(/[0-9a-zA-Z-]+)*$ ConstraintDescription: Key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). It cannot start or end with forward slash (/) because they are automatically appended. Description: Name of your S3 prefix with your Oracle Binaries (e.g., key/prefix) Type: String Default: oracle/database/12 KeyPairName: Description: Public/private key pairs allow you to securely connect to your instance after it launches Type: AWS::EC2::KeyPair::KeyName OSBBucketName: ConstraintDescription: Enter your bucket name, must be an existing bucket. Description: Name of your S3 bucket to store your Oracle backups. Type: String OSBInstall: AllowedValues: - 'true' - 'false' Default: 'false' Description: Install (true) or don't install (false) optional Oracle Secure Backup. Type: String OSBKey: Description: The AWS Access Key to access your backup bucket, something like AKIAIV3KL4XXIT7DXXYY. Type: String OSBOTN: Description: Your OTN (Oracle Technology Network) account login. Type: String OSBPass: Description: Password of your OTN (Oracle Technology Network) account. NoEcho: 'true' Type: String OSBSecret: Description: The AWS Secret Key to access your backup bucket, something like c/ZeLyzixxx3HfxPVLX9IOKMXEdSbqks3Acz7QHj. NoEcho: 'true' Type: String OracleAMIOS: AllowedValues: - Red-Hat-Enterprise-Linux-7.2-HVM - Oracle-Linux-7.3-HVM Default: Red-Hat-Enterprise-Linux-7.2-HVM Description: Operating system and version for main/worker nodes. Type: String OracleInstanceType: AllowedValues: - t2.medium - t2.large - m3.medium - m3.large - m3.xlarge - m3.2xlarge - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.10xlarge - m4.16xlarge - r3.large - r3.xlarge - r3.2xlarge - r3.4xlarge - r3.8xlarge - r4.large - r4.xlarge - r4.2xlarge - r4.4xlarge - r4.8xlarge - r4.16xlarge - x1.16xlarge - x1.32xlarge ConstraintDescription: Must be a valid EC2 instance type. Default: r3.2xlarge Description: Choose your Oracle Database instance type. Type: String PrimaryIPAddress: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ ConstraintDescription: IP address parameter must be in the form x.x.x.x Default: 10.0.0.5 Description: This must be a valid IP address for private subnet 1. Type: String PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Description: CIDR block for private subnet 1 located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Description: CIDR block for private subnet 2 located in Availability Zone 2. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/20 Description: CIDR Block for the public DMZ subnet 1 located in Availability Zone 1 Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.144.0/20 Description: CIDR Block for the public DMZ subnet 2 located in Availability Zone 2 Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-oracle-database/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String RecoIOPS: ConstraintDescription: The number of IOPS that are provisioned for the volume, Maximum of 20000 IOPS per volume. Default: '200' Description: 'IOPS per EBS Volume, only for io1 types. RECO diskgroup total IOPS will be this value x 3. Maximum of 20000 IOPS per volume. Limited to 50 IOPS : 1 GiB.' MaxValue: '20000' MinValue: '0' Type: Number RecoVolumeType: AllowedValues: - gp2 - io1 ConstraintDescription: Only gp2 or io1 are allowed. Default: gp2 Description: 'Disk type for EBS Reco Diskgroup. gp2 (performance ratio of 3 IOPS: 1 GiB) or io1 (performance ratio up to 50 IOPS : 1 GiB).' Type: String RemoteAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: Allowed CIDR block for external SSH access to the bastions Type: String StandbyIPAddress: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ ConstraintDescription: IP address parameter must be in the form x.x.x.x Default: 10.0.32.5 Description: This must be a valid IP address for private subnet 2. Type: String StandbyName: AllowedPattern: ([A-Za-z0-9-]{3,12}) ConstraintDescription: Only Letters and Numbers, Min 3, Maximum of 12 characters. Default: orclsb Description: Enter your Standby instance name, Min 3, Maximum of 12 characters. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR Block for the VPC Type: String EnableCWL: AllowedValues: - 'true' - 'false' Default: 'false' Description: enable pushing instance logs to CloudWatch Logs Type: String Rules: OL73SupportedRegionsRule: RuleCondition: !Equals - !Ref 'OracleAMIOS' - Oracle-Linux-7.3-HVM Assertions: - Assert: !Not - !Contains - - ap-south-1 - ca-central-1 - eu-west-2 - us-east-2 - !Ref 'AWS::Region' AssertDescription: Oracle Linux 7.3 is not available in this region Conditions: GovCloudCondition: !Equals - !Ref 'AWS::Region' - us-gov-west-1 UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' VPCCIDR: !Ref 'VPCCIDR' BastionStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: BastionInstanceType: !Ref 'BastionInstanceType' BastionAMIOS: !Ref 'BastionAMIOS' BastionBanner: !Ref 'BastionBanner' EnableBanner: !Ref 'EnableBanner' KeyPairName: !Ref 'KeyPairName' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Join - '' - - !Ref 'QSS3KeyPrefix' - 'submodules/quickstart-linux-bastion/ ' RemoteAccessCIDR: !Ref 'RemoteAccessCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' OracleStack: DependsOn: BastionStack Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/oracle-database.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: OracleVersion: !Ref 'OracleVersion' AsmPass: !Ref 'AsmPass' BastionSecurityGroupID: !GetAtt 'BastionStack.Outputs.BastionSecurityGroupID' CharacterSet: !Ref 'CharacterSet' DataGuardConfig: !Ref 'DataGuardConfig' DataIOPS: !Ref 'DataIOPS' DataVolumeType: !Ref 'DataVolumeType' DatabaseName: !Ref 'DatabaseName' DatabasePass: !Ref 'DatabasePass' DatabasePort: !Ref 'DatabasePort' DomainName: !Ref 'DomainName' EBSData: !Ref 'EBSData' EBSReco: !Ref 'EBSReco' InstallBucketName: !Ref 'InstallBucketName' InstallBucketPrefix: !Ref 'InstallBucketPrefix' KeyPairName: !Ref 'KeyPairName' OracleAMIOS: !Ref 'OracleAMIOS' OracleInstanceType: !Ref 'OracleInstanceType' OSBBucketName: !Ref 'OSBBucketName' OSBInstall: !Ref 'OSBInstall' OSBKey: !Ref 'OSBKey' OSBOTN: !Ref 'OSBOTN' OSBPass: !Ref 'OSBPass' OSBSecret: !Ref 'OSBSecret' PrimaryIPAddress: !Ref 'PrimaryIPAddress' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' RecoIOPS: !Ref 'RecoIOPS' RecoVolumeType: !Ref 'RecoVolumeType' StandbyIPAddress: !Ref 'StandbyIPAddress' StandbyName: !Ref 'StandbyName' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' EnableCWL: !Ref 'EnableCWL'