AWSTemplateFormatVersion: "2010-09-09" Description: This is the main template for the Qumulo Studio Q on AWS Quick Start. It spins up Qumulo, Adobe, and Teradici for a remote editorial environment. It calls subordinate CloudFormation templates to instantiate the infrastructure. (qs-1rkounelh) Metadata: QuickStartDocumentation: EntrypointName: "Parameters for launching into an existing VPC" Order: "2" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: AWS network configuration Parameters: - VpcId - VpcCidr - PublicSubnetId - PrivateSubnetId - Label: default: Qumulo file data platform configuration Parameters: - QCapacityType - QInstanceType - VolumesEncryptionKey - QClusterName - QSgCidr - ProvisioningServerAMI - SMBShareName - QInstanceRecoveryTopic - Label: default: Qumulo CloudWatch metrics and monitoring configuration Parameters: - SideCarUsername - SideCarPassword - SideCarTemplate - SideCarSNSTopic - Label: default: Adobe workstation configuration Parameters: - windowsGrxInstanceType - numberOfWorkstations - publicRemoteCidr - Label: default: Domain controller (Active Directory and DNS) configuration Parameters: - adServiceAccountUsername - adServiceAccountPassword - dcAdminUsername - dcAdminPassword - safeModeAdminPassword - testusername - testuserpassword - DirectoryServerAmi - domainName - qumuloFloatRecordName - Label: default: AWS Quick Start configuration Parameters: - KeyPair - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket Region QSS3KeyPrefix: default: Quick Start S3 key prefix KeyPair: default: "AWS key pair name" VpcId: default: "AWS VPC ID" PublicSubnetId: default: "Public subnet ID" PrivateSubnetId: default: "Private subnet ID" VpcCidr: default: "AWS VPC subnet" QClusterName: default: "Qumulo cluster name" QInstanceType: default: "Qumulo EC2 instance type" QCapacityType: default: "Qumulo usable capacity and media type" VolumesEncryptionKey: default: "(Optional) Amazon EBS volumes encryption key " QInstanceRecoveryTopic: default: "(Optional) Qumulo instance recovery topic" QSgCidr: default: "Qumulo security group " ProvisioningServerAMI: default: "Linux server for secondary configuration of Qumulo " SMBShareName: default: "SMB share name " SideCarTemplate: default: "Qumulo sidecar template URL " SideCarUsername: default: "Qumulo sidecar user name " SideCarPassword: default: "Qumulo sidecar password " SideCarSNSTopic: default: "(Optional) Qumulo sidecar SNS topic " windowsGrxInstanceType: default: "AWS Teradici instance type " publicRemoteCidr: default: "(Optional) Remote public IP CIDR" numberOfWorkstations: default: "(Optional) Total number of Adobe workstations" DirectoryServerAmi: default: "AWS directory server AMI " domainName: default: "Domain name " adServiceAccountUsername: default: "Active Directory service administrator user name " adServiceAccountPassword: default: "Active Directory service administrator password " dcAdminUsername: default: "Domain controller administrator user name " dcAdminPassword: default: "Domain controller administrator password " safeModeAdminPassword: default: "Domain controller safe-mode administrator password " testusername: default: "Active Directory accounts: base user name " testuserpassword: default: "Active Directory accounts: default password " qumuloFloatRecordName: default: "DNS record name for Qumulo Round Robin DNS " Parameters: QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.' Type: String QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). The prefix should end with a forward slash (/). Default: quickstart-qumulo-studio-q/ Description: S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. Type: String KeyPair: Description: Name of an existing EC2 key pair to enable authentication to instances. Type: AWS::EC2::KeyPair::KeyName Default: keypairname VpcId: Description: ID of the VPC (e.g., vpc-0343606e). Type: AWS::EC2::VPC::Id PublicSubnetId: Description: ID of the public subnet. Type: AWS::EC2::Subnet::Id PrivateSubnetId: Description: ID of the private subnet. Type: AWS::EC2::Subnet::Id VpcCidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" Description: Must be specified as an IPv4 address followed by / and a subnet mask of 0-32. Type: String Default: "10.0.0.0/16" QClusterName: AllowedPattern: "^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$" Description: Name must be an alphanumeric string between 2 and 15 characters. Dash (-) is allowed if not the first or last character. MaxLength: 15 MinLength: 2 Type: String Default: Cloud-Q QCapacityType: AllowedValues: - "1TB All Flash" - "12TB Hybrid" Description: "1 TB All Flash or 12 TB Hybrid (Flash First architecture with st1 backing disks)." Type: String Default: "1TB All Flash" QInstanceType: AllowedValues: - m5.2xlarge - m5.4xlarge - m5.8xlarge - c5n.9xlarge Description: "EC2 instance type for Qumulo nodes. Write/read max throughput in MBs for 1 TB All Flash: m5.2xlarge = 1400/2100, m5.8xlarge = 2000/2500, c5n.9xlarge = 2500/3800. Write/read max throughput in MBs for 12 TB Hybrid: m5.2xlarge = 800/2100, m5.8xlarge = 1100/2400." Type: String Default: "m5.2xlarge" VolumesEncryptionKey: Description: The AWS KMS key to encrypt the volumes. Use either a key ID, Amazon Resource Name (ARN), or an alias. Aliases must begin with alias/ followed by the name, such as alias/exampleKey. If empty, the default KMS EBS key is used. Choosing an invalid key name causes the instance to fail to launch. Type: String QInstanceRecoveryTopic: Description: Optionally enter the ARN of an SNS topic that receives messages when an instance alarm is triggered. Type: String Default: "" QSgCidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" Description: An IPv4 CIDR block for specifying the generated security group's allowed addresses for inbound traffic. Set to x.x.x.x/32 to allow one specific IP address access, 0.0.0.0/0 to allow all IP addresses access, or another CIDR range. Type: String Default: "10.0.0.0/16" ProvisioningServerAMI: Description: Linux server Amazon Machine Image (AMI). Type: 'AWS::SSM::Parameter::Value' Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' SMBShareName: AllowedPattern: '^[0-9a-zA-Z-_]*$' Description: Server Message Block (SMB) share name. Type: String Default: adobe-projects SideCarTemplate: Description: Do not change unless a newer version of Qumulo is being used. Type: String Default: "https://qumulo-sidecar-us-east-1.s3.amazonaws.com/4.2.0/sidecar_cft.json" SideCarUsername: Type: String Default: SideCarUser SideCarPassword: AllowedPattern: "^(?=.*[a-z])(?=.*[A-Z])(?=.*[@$!%*?&\\-_])[A-Za-z\\d@$!%*?&\\-_]{8,}$" Description: "Requires a minimum eight characters and must include one uppercase, one lowercase, and one special character." MaxLength: 128 MinLength: 8 Type: String NoEcho: "true" SideCarSNSTopic: Description: Optionally enter an SNS topic ARN to which Lambda errors and successful disk replacements are published. Type: String Default: "" publicRemoteCidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" Description: "Must be specified as an IPv4 address followed by / and a subnet mask of 0-32. 0.0.0.0/0 (any public source IP can attempt to access the workstation). If the public source network is not static or is unknown for the clients accessing the workstation, keep the default value of 0.0.0.0/0." Type: String Default: "0.0.0.0/0" windowsGrxInstanceType: AllowedValues: - g4dn.2xlarge - g4dn.4xlarge - g4dn.8xlarge - g4dn.16xlarge Description: "Adobe editorial personas: 2xlarge = news/simple edit, 4xlarge = creative, 8xlarge = promo." Type: String Default: "g4dn.2xlarge" numberOfWorkstations: AllowedValues: - "1" - "2" - "3" - "4" - "5" - "6" - "7" - "8" - "9" - "10" Description: "Specify the total number of workstations to build with the instance type." Type: String Default: "1" DirectoryServerAmi: Description: AWS Windows Server AMI for the domain controller and Active Directory. Type: AWS::SSM::Parameter::Value Default: '/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-Base' domainName: Description: Private DNS Fully Qualified Domain Name (FQDN). AllowedPattern: '[a-zA-Z0-9]+\..+' MaxLength: '255' MinLength: '2' Type: String Default: "studioq.local" adServiceAccountUsername: Description: User name for the service administrator account. AllowedPattern: '[a-zA-Z0-9]*' MinLength: 5 MaxLength: 25 Type: String Default: SvcAdmin adServiceAccountPassword: Description: Password for the service administrator user. Must be at least eight characters containing letters, numbers, and symbols. AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* MinLength: 8 MaxLength: 32 Type: String NoEcho: "true" dcAdminUsername: Description: User name for the domain administrator account. This account is not the same as the default administrator account. AllowedPattern: '[a-zA-Z0-9]*' MinLength: 5 MaxLength: 25 Type: String Default: administrator dcAdminPassword: Description: Password for the domain administrator user. Must be at least eight characters containing letters, numbers, and symbols. AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* MinLength: 8 MaxLength: 32 Type: String NoEcho: "true" safeModeAdminPassword: Description: Password for a separate administrator account when the domain controller is in restore mode. Must be at least eight characters containing letters, numbers, and symbols. AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* MinLength: 8 MaxLength: 32 Type: String NoEcho: "true" testusername: Description: "Base user name for the 20 Active Directory accounts that are created. For example, studioqUser1 through studioqUser20 are created with a base user name of studioqUser." AllowedPattern: '[a-zA-Z0-9]*' MinLength: 5 MaxLength: 25 Type: String Default: studioqUser testuserpassword: Description: Default password for the Active Directory accounts that are created. Must be at least eight characters containing letters, numbers, and symbols. AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* MinLength: 8 MaxLength: 32 Type: String NoEcho: "true" qumuloFloatRecordName: Description: Record name for Round Robin DNS entries for Qumulo cluster floating IPs. Type: String Default: qumulo Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] 4x5TBHybrid: !Equals - !Ref QCapacityType - "12TB Hybrid" Two: !Equals [!Ref numberOfWorkstations, "2"] Three: !Equals [!Ref numberOfWorkstations, "3"] Four: !Equals [!Ref numberOfWorkstations, "4"] Five: !Equals [!Ref numberOfWorkstations, "5"] Six: !Equals [!Ref numberOfWorkstations, "6"] Seven: !Equals [!Ref numberOfWorkstations, "7"] Eight: !Equals [!Ref numberOfWorkstations, "8"] Nine: !Equals [!Ref numberOfWorkstations, "9"] Ten: !Equals [!Ref numberOfWorkstations, "10"] Provision2: !Or [Condition: Two, Condition: Three, Condition: Four, Condition: Five, Condition: Six, Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision3: !Or [Condition: Three, Condition: Four, Condition: Five, Condition: Six, Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision4: !Or [Condition: Four, Condition: Five, Condition: Six, Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision5: !Or [Condition: Five, Condition: Six, Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision6: !Or [Condition: Six, Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision7: !Or [Condition: Seven, Condition: Eight, Condition: Nine, Condition: Ten] Provision8: !Or [Condition: Eight, Condition: Nine, Condition: Ten] Provision9: !Or [Condition: Nine, Condition: Ten] Resources: SECRETSSTACK: Type: "AWS::CloudFormation::Stack" Properties: Parameters: SideCarUsername: !Ref SideCarUsername SideCarPassword: !Ref SideCarPassword adServiceAccountUsername: !Ref adServiceAccountUsername adServiceAccountPassword: !Ref adServiceAccountPassword dcAdminUsername: !Ref dcAdminUsername dcAdminPassword: !Ref dcAdminPassword safeModeAdminPassword: !Ref safeModeAdminPassword testusername: !Ref testusername testuserpassword: !Ref testuserpassword TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/cfn/store-secrets.cft.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 SECURITYSTACK: Type: "AWS::CloudFormation::Stack" Properties: Parameters: VpcId: !Ref VpcId VpcCidr: !Ref VpcCidr PublicRemoteCidr: !Ref publicRemoteCidr TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/cfn/security-groups.cft.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 QIAMSTACK: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/cfn/qiam.cft.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 QSTACK: Type: "AWS::CloudFormation::Stack" Properties: Parameters: ClusterName: !Ref QClusterName FloatingIPCount: "3" IamInstanceProfile: !GetAtt QIAMSTACK.Outputs.QumuloIAMProfile InstanceRecoveryTopic: !Ref QInstanceRecoveryTopic InstanceType: !Ref QInstanceType KeyName: !Ref KeyPair SgCidr: !Ref QSgCidr SubnetId: !Ref PrivateSubnetId VolumesEncryptionKey: !Ref VolumesEncryptionKey VpcId: !Ref VpcId TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/cfn/${QTemplate} - QTemplate: !If [4x5TBHybrid, '4x5TiB-Hybrid-st1-SA.template.json', '4x600GiB-AF-SA.template.json'] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 DCSTACK: Type: "AWS::CloudFormation::Stack" Properties: Parameters: DirectoryServerAmi: !Ref DirectoryServerAmi DirectoryServerKeyName: !Ref KeyPair DirectoryServerSG: !GetAtt SECURITYSTACK.Outputs.AllowInternalSGId DirectoryServerSubnet: !Ref PrivateSubnetId DirectoryServerVPC: !Ref VpcId DomainNetBIOSName: !Select [0, !Split [".", !Ref domainName]] adServiceAccountPassword: !Ref adServiceAccountPassword adServiceAccountUsername: !Ref adServiceAccountUsername testusername: !Ref testusername testuserpassword: !Ref testuserpassword dcAdminPassword: !Ref dcAdminPassword dcInstanceType: "m5.large" domainName: !Ref domainName safeModeAdminPassword: !Ref safeModeAdminPassword floatIPs: !GetAtt QSTACK.Outputs.ClusterSecondaryPrivateIPs recordName: !Ref qumuloFloatRecordName BucketName: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] RootURL: !Sub - "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/" - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/cfn/dc.cft.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 QSIDECARSTACK: Type: "AWS::CloudFormation::Stack" Properties: Parameters: SecurityGroup: !GetAtt SECURITYSTACK.Outputs.AllowQumuloSGId SNSTopic: !Ref SideCarSNSTopic Subnet: !Ref PrivateSubnetId Username: !Ref SideCarUsername Password: !Ref SideCarPassword Hosts: !GetAtt QSTACK.Outputs.ClusterPrivateIPs TemplateURL: !Ref SideCarTemplate TimeoutInMinutes: 150 PROVISIONINGSTACK: Type: "AWS::CloudFormation::Stack" DependsOn: QSIDECARSTACK Properties: Parameters: ProvisioningServerAMI: !Ref ProvisioningServerAMI SecretsManagedPolicy: "arn:aws:iam::aws:policy/SecretsManagerReadWrite" KeyName: !Ref KeyPair Region: !Ref AWS::Region PrivateSubnetId: !Ref PrivateSubnetId VPCCidr: !Ref VpcCidr Node1IP: !Select [0, !Split [", ", !GetAtt QSTACK.Outputs.ClusterPrivateIPs]] InstanceIDs: !GetAtt QSTACK.Outputs.ClusterInstanceIDs FloatIPs: !GetAtt QSTACK.Outputs.ClusterSecondaryPrivateIPs SMBShareName: !Ref SMBShareName ClusterPwd: !GetAtt QSTACK.Outputs.TemporaryPassword VPCID: !Ref VpcId domainName: !Ref domainName dcServerIp: !GetAtt DCSTACK.Outputs.DirectoryserverPrivateIP DomainControllerSecretsArn: !GetAtt SECRETSSTACK.Outputs.DomainControllerSecretsArn SideCarSecretsArn: !GetAtt SECRETSSTACK.Outputs.SideCarSecretsArn CMK: !Ref VolumesEncryptionKey StackName: !Ref "AWS::StackName" QStackName: !GetAtt QSTACK.Outputs.AWSStackName BucketName: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] CMKPolicyPath: !Sub - ${S3Bucket}/${QSS3KeyPrefix}templates/ - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/cfn/provisioning-node.cft.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 CLOUDWATCHSTACK: Type: 'AWS::CloudFormation::Stack' Properties: Parameters: QClusterName: !Ref QClusterName QStackID: !GetAtt QSTACK.Outputs.AWSStackID QStackName: !GetAtt QSTACK.Outputs.AWSStackName TopStackName: !Ref AWS::StackName QAuditLog: "NO" Region: !Ref AWS::Region AllFlash: !If - 4x5TBHybrid - "Hybrid" - "AF" TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/cfn/cloud-watch.cft.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] WORKSTATIONSTACK: Type: "AWS::CloudFormation::Stack" DependsOn: DCSTACK Properties: Parameters: FirstStation: "TRUE" WorkstationNumber: "1" adServiceAccountPassword: !Ref adServiceAccountPassword adServiceAccountUsername: !Ref adServiceAccountUsername domainName: !Ref domainName gfxworkstationKeyName: !Ref KeyPair gfxworkstationSG: !GetAtt SECURITYSTACK.Outputs.AllowRdpSGId gfxworkstationSubnet: !Ref PublicSubnetId pcoipAgentFilename: "null" pcoipAgentLocationUrl: "https://downloads.teradici.com/win/stable/" pcoipRegistrationCode: "X60YKMSS4VEE@0633-9958-E79C-F865" windowsGrxInstanceType: !Ref windowsGrxInstanceType workstationAdminPassword: !Ref adServiceAccountPassword SMBShareName: !Ref SMBShareName FloatDNSName: !Ref qumuloFloatRecordName DomainControllerSecretsName: !GetAtt SECRETSSTACK.Outputs.DomainControllerSecretsName BucketName: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] RootURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/ - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/cfn/gfx-workstation.cft.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 WORKSTATIONSTACK2: Type: "AWS::CloudFormation::Stack" Condition: Provision2 Properties: Parameters: WorkstationStackName: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationStackName windowsGrxInstanceType: !Ref windowsGrxInstanceType WorkstationNumber: "2" TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/qs-studioq-add-workstation.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 WORKSTATIONSTACK3: Type: "AWS::CloudFormation::Stack" Condition: Provision3 Properties: Parameters: WorkstationStackName: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationStackName windowsGrxInstanceType: !Ref windowsGrxInstanceType WorkstationNumber: "3" TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/qs-studioq-add-workstation.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 WORKSTATIONSTACK4: Type: "AWS::CloudFormation::Stack" Condition: Provision4 Properties: Parameters: WorkstationStackName: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationStackName windowsGrxInstanceType: !Ref windowsGrxInstanceType WorkstationNumber: "4" TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/qs-studioq-add-workstation.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 WORKSTATIONSTACK5: Type: "AWS::CloudFormation::Stack" Condition: Provision5 Properties: Parameters: WorkstationStackName: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationStackName windowsGrxInstanceType: !Ref windowsGrxInstanceType WorkstationNumber: "5" TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/qs-studioq-add-workstation.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 WORKSTATIONSTACK6: Type: "AWS::CloudFormation::Stack" Condition: Provision6 Properties: Parameters: WorkstationStackName: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationStackName windowsGrxInstanceType: !Ref windowsGrxInstanceType WorkstationNumber: "6" TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/qs-studioq-add-workstation.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 WORKSTATIONSTACK7: Type: "AWS::CloudFormation::Stack" Condition: Provision7 Properties: Parameters: WorkstationStackName: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationStackName windowsGrxInstanceType: !Ref windowsGrxInstanceType WorkstationNumber: "7" TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/qs-studioq-add-workstation.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 WORKSTATIONSTACK8: Type: "AWS::CloudFormation::Stack" Condition: Provision8 Properties: Parameters: WorkstationStackName: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationStackName windowsGrxInstanceType: !Ref windowsGrxInstanceType WorkstationNumber: "8" TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/qs-studioq-add-workstation.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 WORKSTATIONSTACK9: Type: "AWS::CloudFormation::Stack" Condition: Provision9 Properties: Parameters: WorkstationStackName: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationStackName windowsGrxInstanceType: !Ref windowsGrxInstanceType WorkstationNumber: "9" TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/qs-studioq-add-workstation.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 WORKSTATIONSTACK10: Type: "AWS::CloudFormation::Stack" Condition: Ten Properties: Parameters: WorkstationStackName: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationStackName windowsGrxInstanceType: !Ref windowsGrxInstanceType WorkstationNumber: "10" TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/qs-studioq-add-workstation.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] TimeoutInMinutes: 150 Outputs: QumuloPrivateIP: Description: Private IP for Qumulo cluster management. Value: !GetAtt QSTACK.Outputs.LinkToManagement QumuloTempPassword: Description: Temporary password for Qumulo cluster. Value: !GetAtt QSTACK.Outputs.TemporaryPassword QumuloKnowledgeBase: Description: Qumulo knowledge base. Value: !GetAtt QSTACK.Outputs.QumuloKnowledgeBase WorkstationStackName: Description: Use this stack name for adding new Adobe workstations with the qs-studioq-add-workstation.template.yaml template. Value: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationStackName TeradiciPCoIPClientURL: Description: Use this URL to download the PCoIP client for your Windows/Mac/Linux local machine. Value: "https://docs.teradici.com/find/product/software-and-mobile-clients" WorkstationPublicIP1: Description: "Public IP for Adobe workstation #1." Value: !GetAtt WORKSTATIONSTACK.Outputs.GFXWorkstationPublicIP WorkstationPublicIP2: Description: "Public IP for Adobe workstation #2." Value: !GetAtt WORKSTATIONSTACK2.Outputs.GFXWorkstationPublicIP Condition: Provision2 WorkstationPublicIP3: Description: "Public IP for Adobe workstation #3." Value: !GetAtt WORKSTATIONSTACK3.Outputs.GFXWorkstationPublicIP Condition: Provision3 WorkstationPublicIP4: Description: "Public IP for Adobe workstation #4." Value: !GetAtt WORKSTATIONSTACK4.Outputs.GFXWorkstationPublicIP Condition: Provision4 WorkstationPublicIP5: Description: "Public IP for Adobe workstation #5." Value: !GetAtt WORKSTATIONSTACK5.Outputs.GFXWorkstationPublicIP Condition: Provision5 WorkstationPublicIP6: Description: "Public IP for Adobe workstation #6." Value: !GetAtt WORKSTATIONSTACK6.Outputs.GFXWorkstationPublicIP Condition: Provision6 WorkstationPublicIP7: Description: "Public IP for Adobe workstation #7." Value: !GetAtt WORKSTATIONSTACK7.Outputs.GFXWorkstationPublicIP Condition: Provision7 WorkstationPublicIP8: Description: "Public IP for Adobe workstation #8." Value: !GetAtt WORKSTATIONSTACK8.Outputs.GFXWorkstationPublicIP Condition: Provision8 WorkstationPublicIP9: Description: "Public IP for Adobe workstation #9." Value: !GetAtt WORKSTATIONSTACK9.Outputs.GFXWorkstationPublicIP Condition: Provision9 WorkstationPublicIP10: Description: "Public IP for Adobe workstation #10." Value: !GetAtt WORKSTATIONSTACK10.Outputs.GFXWorkstationPublicIP Condition: Ten Postdeployment: Description: "See the deployment guide for post-deployment steps." Value: "https://fwd.aws/9aNgD?"