AWSTemplateFormatVersion: "2010-09-09" Description: This is the main template for deploying the Qumulo Studio Q on AWS Quick Start into a new VPC. It spins up Qumulo, Adobe, and Teradici for a remote editorial environment. It calls subordinate CloudFormation templates to instantiate the infrastructure. (qs-1rkouneo6) Metadata: QuickStartDocumentation: EntrypointName: "Parameters for launching into a new VPC" Order: "1" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: AWS network configuration Parameters: - AvailabilityZone - VpcCidr - PublicSubnetCidr - PrivateSubnetCidr - Label: default: Qumulo file data platform configuration Parameters: - QCapacityType - QInstanceType - VolumesEncryptionKey - QClusterName - QSgCidr - SMBShareName - QInstanceRecoveryTopic - Label: default: Qumulo CloudWatch metrics and monitoring configuration Parameters: - SideCarUsername - SideCarPassword - SideCarTemplate - SideCarSNSTopic - Label: default: Adobe workstation configuration Parameters: - windowsGrxInstanceType - numberOfWorkstations - publicRemoteCidr - Label: default: Domain controller (Active Directory and DNS) configuration Parameters: - adServiceAccountUsername - adServiceAccountPassword - dcAdminUsername - dcAdminPassword - safeModeAdminPassword - testusername - testuserpassword - domainName - qumuloFloatRecordName - Label: default: AWS Quick Start configuration Parameters: - KeyPair - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket Region QSS3KeyPrefix: default: Quick Start S3 key prefix KeyPair: default: "AWS key-pair name" AvailabilityZone: default: "Specify an Availability Zone" VpcCidr: default: "AWS VPC subnet" PublicSubnetCidr: default: "AWS VPC public subnet" PrivateSubnetCidr: default: "AWS VPC private subnet" QClusterName: default: "Qumulo cluster name" QInstanceType: default: "Qumulo EC2 instance type" QCapacityType: default: "Qumulo usable capacity and media type" VolumesEncryptionKey: default: "(Optional) Amazon EBS volumes encryption key " QInstanceRecoveryTopic: default: "(Optional) Qumulo instance recovery topic" QSgCidr: default: "Qumulo security group" SMBShareName: default: "SMB share name " SideCarTemplate: default: "Qumulo sidecar template URL " SideCarUsername: default: "Qumulo sidecar user name " SideCarPassword: default: "Qumulo sidecar password " SideCarSNSTopic: default: "(Optional) Qumulo sidecar SNS topic " windowsGrxInstanceType: default: "AWS Teradici instance type " publicRemoteCidr: default: "(Optional) Remote public IP CIDR" numberOfWorkstations: default: "(Optional) Total number of Adobe workstations" domainName: default: "Domain name " adServiceAccountUsername: default: "Active Directory service administrator user name " adServiceAccountPassword: default: "Active Directory service administrator password " dcAdminUsername: default: "Domain controller administrator user name " dcAdminPassword: default: "Domain controller administrator password " safeModeAdminPassword: default: "Domain controller safe-mode administrator password " testusername: default: "Active Directory accounts: base user name " testuserpassword: default: "Active Directory accounts: default password " qumuloFloatRecordName: default: "DNS record name for Qumulo Round Robin DNS " Parameters: QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.' Type: String QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). The prefix should end with a forward slash (/). Default: quickstart-qumulo-studio-q/ Description: S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. Type: String KeyPair: Description: Name of an existing EC2 key pair to enable authentication to instances. Type: AWS::EC2::KeyPair::KeyName AvailabilityZone: Description: All resources are created in this Availability Zone. Type: AWS::EC2::AvailabilityZone::Name VpcCidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" Description: Must be specified as an IPv4 address followed by / and a subnet mask of 0-32. Type: String Default: "10.0.0.0/16" PublicSubnetCidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" Description: Must be an IPv4 address followed by / and a subnet mask of 0-32. Type: String Default: "10.0.1.0/24" PrivateSubnetCidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" Description: Must be an IPv4 address followed by / and a subnet mask of 0-32. Type: String Default: "10.0.2.0/24" QClusterName: AllowedPattern: "^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$" Description: Name must be an alphanumeric string between 2 and 15 characters. Dash (-) is allowed if not the first or last character. MaxLength: 15 MinLength: 2 Type: String Default: Cloud-Q QCapacityType: AllowedValues: - "1TB All Flash" - "12TB Hybrid" Description: "1 TB All Flash or 12 TB Hybrid (Flash First architecture with st1 backing disks)." Type: String Default: "1TB All Flash" QInstanceType: AllowedValues: - m5.2xlarge - m5.4xlarge - m5.8xlarge - c5n.9xlarge Description: "EC2 instance type for Qumulo nodes. Write/read max throughput in MBs for 1-TB All Flash: m5.2xlarge = 1400/2100, m5.8xlarge = 2000/2500, c5n.9xlarge = 2500/3800. Write/read max throughput in MBs for 12-TB hybrid: m5.2xlarge = 800/2100, m5.8xlarge = 1100/2400." Type: String Default: "m5.2xlarge" VolumesEncryptionKey: Description: The AWS Key Management Service (AWS KMS) key to encrypt the volumes. Use either a key ID, Amazon Resource Name (ARN), or an alias. Aliases must begin with alias/ followed by the name, such as alias/exampleKey. If empty, the default Amazon EBS key is used. Choosing an invalid key name causes the instance to fail to launch. Type: String Default: '' QInstanceRecoveryTopic: Description: Optionally enter the ARN of an SNS topic that receives messages when an instance alarm is triggered. Type: String Default: "" QSgCidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" Description: An IPv4 CIDR block for specifying the generated security group's allowed addresses for inbound traffic. Set to x.x.x.x/32 to allow one specific IP address access, 0.0.0.0/0 to allow all IP addresses access, or another CIDR range. Type: String Default: "10.0.0.0/16" SMBShareName: AllowedPattern: '^[0-9a-zA-Z-_]*$' Description: Server Message Block (SMB) share name. Type: String Default: adobe-projects SideCarTemplate: Description: Do not change unless a newer version of Qumulo is being used. Type: String Default: "https://qumulo-sidecar-us-east-1.s3.amazonaws.com/4.2.0/sidecar_cft.json" SideCarUsername: Type: String Default: SideCarUser SideCarPassword: AllowedPattern: "^(?=.*[a-z])(?=.*[A-Z])(?=.*[@$!%*?&\\-_])[A-Za-z\\d@$!%*?&\\-_]{8,}$" Description: "Requires a minumum of 8 characters and must include at least one uppercase, one lowercase, and one special character." MaxLength: 128 MinLength: 8 Type: String NoEcho: "true" SideCarSNSTopic: Description: Optionally enter an SNS topic ARN to which Lambda errors and successful disk replacements are published. Type: String Default: "" publicRemoteCidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" Description: "Must be specified as an IPv4 address followed by / and a subnet mask of 0-32. 0.0.0.0/0 (any public source IP can attempt to access the workstation). If the public source network is not static or is unknown for the clients accessing the workstation, keep the default value of 0.0.0.0/0." Type: String Default: "0.0.0.0/0" windowsGrxInstanceType: AllowedValues: - g4dn.2xlarge - g4dn.4xlarge - g4dn.8xlarge - g4dn.16xlarge Description: "Adobe editorial personas: 2xlarge = news/simple edit, 4xlarge = creative, 8xlarge = promo." Type: String Default: "g4dn.2xlarge" numberOfWorkstations: AllowedValues: - "1" - "2" - "3" - "4" - "5" - "6" - "7" - "8" - "9" - "10" Description: "The total number of workstations to build with the instance type." Type: String Default: "1" domainName: Description: Private DNS Fully Qualified Domain Name (FQDN). AllowedPattern: '[a-zA-Z0-9]+\..+' MaxLength: '255' MinLength: '2' Type: String Default: "studioq.local" adServiceAccountUsername: Description: User name for the service administrator account. AllowedPattern: '[a-zA-Z0-9]*' MinLength: 5 MaxLength: 25 Type: String Default: SvcAdmin adServiceAccountPassword: Description: Password for the service administrator user. Must be at least 8 characters containing letters, numbers, and symbols. AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* MinLength: 8 MaxLength: 32 Type: String NoEcho: "true" dcAdminUsername: Description: User name for the domain administrator account. This account is not the same as the default administrator account. AllowedPattern: '[a-zA-Z0-9]*' MinLength: 5 MaxLength: 25 Type: String Default: administrator dcAdminPassword: Description: Password for the domain administrator user. Must be at least 8 characters containing letters, numbers, and symbols. AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* MinLength: 8 MaxLength: 32 Type: String NoEcho: "true" safeModeAdminPassword: Description: Password for a separate administrator account when the domain controller is in restore mode. Must be at least 8 characters containing letters, numbers, and symbols. AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* MinLength: 8 MaxLength: 32 Type: String NoEcho: "true" testusername: Description: "Base user name for 20 Active Directory accounts that will be created. For example, studioqUser1 through studioqUser20 will be created with a base user name of studioqUser." AllowedPattern: '[a-zA-Z0-9]*' MinLength: 5 MaxLength: 25 Type: String Default: studioqUser testuserpassword: Description: Default password for the Active Directory accounts that will be created. Must be at least 8 characters containing letters, numbers, and symbols. AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* MinLength: 8 MaxLength: 32 Type: String NoEcho: "true" qumuloFloatRecordName: Description: Record name for Round Robin DNS entries for Qumulo cluster floating IPs. Type: String Default: qumulo Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Two: !Equals [!Ref numberOfWorkstations, "2"] Three: !Equals [!Ref numberOfWorkstations, "3"] Four: !Equals [!Ref numberOfWorkstations, "4"] Five: !Equals [!Ref numberOfWorkstations, "5"] Six: !Equals [!Ref numberOfWorkstations, "6"] Seven: !Equals [!Ref numberOfWorkstations, "7"] Eight: !Equals [!Ref numberOfWorkstations, "8"] Nine: !Equals [!Ref numberOfWorkstations, "9"] Ten: !Equals [!Ref numberOfWorkstations, "10"] Provision2: !Or [Condition: Two, Condition: Three, Condition: Four, Condition: Five, Condition: Six, Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision3: !Or [Condition: Three, Condition: Four, Condition: Five, Condition: Six, Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision4: !Or [Condition: Four, Condition: Five, Condition: Six, Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision5: !Or [Condition: Five, Condition: Six, Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision6: !Or [Condition: Six, Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision7: !Or [Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision8: !Or [Condition: Eight, Condition: Nine, Condition: Ten] Provision9: !Or [Condition: Nine, Condition: Ten] Resources: AWSVPCSTACK: Type: "AWS::CloudFormation::Stack" Properties: Parameters: PrivateSubnetCidr: !Ref PrivateSubnetCidr PublicSubnetCidr: !Ref PublicSubnetCidr VpcCidr: !Ref VpcCidr AvailabilityZone: !Ref AvailabilityZone TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/cfn/aws-vpc.cft.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 StudioQStack: Type: "AWS::CloudFormation::Stack" Properties: Parameters: adServiceAccountPassword: !Ref adServiceAccountPassword adServiceAccountUsername: !Ref adServiceAccountUsername dcAdminPassword: !Ref dcAdminPassword dcAdminUsername: !Ref dcAdminUsername domainName: !Ref domainName KeyPair: !Ref KeyPair numberOfWorkstations: !Ref numberOfWorkstations PrivateSubnetId: !GetAtt AWSVPCSTACK.Outputs.PrivateSubnetId PublicSubnetId: !GetAtt AWSVPCSTACK.Outputs.PublicSubnetId publicRemoteCidr: !Ref publicRemoteCidr QCapacityType: !Ref QCapacityType QClusterName: !Ref QClusterName QInstanceRecoveryTopic: !Ref QInstanceRecoveryTopic QInstanceType: !Ref QInstanceType QSgCidr: !Ref QSgCidr QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix qumuloFloatRecordName: !Ref qumuloFloatRecordName safeModeAdminPassword: !Ref safeModeAdminPassword SideCarPassword: !Ref SideCarPassword SideCarSNSTopic: !Ref SideCarSNSTopic SideCarTemplate: !Ref SideCarTemplate SideCarUsername: !Ref SideCarUsername SMBShareName: !Ref SMBShareName testusername: !Ref testusername testuserpassword: !Ref testuserpassword VolumesEncryptionKey: !Ref VolumesEncryptionKey VpcCidr: !Ref VpcCidr VpcId: !GetAtt AWSVPCSTACK.Outputs.VPCID windowsGrxInstanceType: !Ref windowsGrxInstanceType TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/qs-studioq-main.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Outputs: QumuloPrivateIP: Description: Private IP for Qumulo cluster management. Value: !GetAtt StudioQStack.Outputs.QumuloPrivateIP QumuloTempPassword: Description: Temporary password for Qumulo cluster. Value: !GetAtt StudioQStack.Outputs.QumuloTempPassword QumuloKnowledgeBase: Description: Qumulo knowledge base. Value: !GetAtt StudioQStack.Outputs.QumuloKnowledgeBase WorkstationStackName: Description: Stack name to use when adding new Adobe workstations with the qs-studioq-add-workstation.template.yaml template. Value: !GetAtt StudioQStack.Outputs.WorkstationStackName TeradiciPCoIPClientURL: Description: URL to download the PCoIP client for your Windows/Mac/Linux local machine. Value: "https://docs.teradici.com/find/product/software-and-mobile-clients" WorkstationPublicIP1: Description: "Public IP for Adobe workstation #1." Value: !GetAtt StudioQStack.Outputs.WorkstationPublicIP1 WorkstationPublicIP2: Description: "Public IP for Adobe workstation #2." Value: !GetAtt StudioQStack.Outputs.WorkstationPublicIP2 Condition: Provision2 WorkstationPublicIP3: Description: "Public IP for Adobe workstation #3." Value: !GetAtt StudioQStack.Outputs.WorkstationPublicIP3 Condition: Provision3 WorkstationPublicIP4: Description: "Public IP for Adobe workstation #4." Value: !GetAtt StudioQStack.Outputs.WorkstationPublicIP4 Condition: Provision4 WorkstationPublicIP5: Description: "Public IP for Adobe workstation #5." Value: !GetAtt StudioQStack.Outputs.WorkstationPublicIP5 Condition: Provision5 WorkstationPublicIP6: Description: "Public IP for Adobe workstation #6." Value: !GetAtt StudioQStack.Outputs.WorkstationPublicIP6 Condition: Provision6 WorkstationPublicIP7: Description: "Public IP for Adobe workstation #7." Value: !GetAtt StudioQStack.Outputs.WorkstationPublicIP7 Condition: Provision7 WorkstationPublicIP8: Description: "Public IP for Adobe workstation #8." Value: !GetAtt StudioQStack.Outputs.WorkstationPublicIP8 Condition: Provision8 WorkstationPublicIP9: Description: "Public IP for Adobe workstation #9." Value: !GetAtt StudioQStack.Outputs.WorkstationPublicIP9 Condition: Provision9 WorkstationPublicIP10: Description: "Public IP for Adobe workstation #10." Value: !GetAtt StudioQStack.Outputs.WorkstationPublicIP10 Condition: Ten Postdeployment: Description: "See the deployment guide for post-deployment steps." Value: "https://fwd.aws/9aNgD?"