--- AWSTemplateFormatVersion: 2010-09-09 Description: 'v5.67: Trend Micro Deep Security Marketplace main template. For more information see http://aws.trendmicro.com. (qs-1ngr590jt)' Metadata: cfn-lint: config: ignore_checks: [W3005,W7001,W8001] ignore_reasons: W3005:'DSMNode2, DSMNode1NoDB and DSIDSMSecurityGroup needs to depend on resource DSIDSMSecurityGroup to make sure the stack will create not fail' W7001:'Definition is used by another template' W8001:'Conditions are referenced by other template' AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Deep Security Manager Configuration Parameters: - DSCAdminName - DSCAdminPassword - DSIPInstanceType - AWSIKeyPairName - DSIPLicense - DSIMultiNode - DSIPLicenseKey - DSIPGUIPort - DSIPHeartbeatPort - DSCLicenseType - Label: default: Network Configuration Parameters: - AWSIVPC - DSISubnetID - DBISubnet1 - DBISubnet2 - DSELBPosture - DSProxyUrl - Label: default: Database Configuration Parameters: - DBICAdminName - DBICAdminPassword - DBPName - DBPMultiAZ - DBPEngine - DBPCreateDbInstance - DBIRDSInstanceSize - DBIStorageAllocation - DBPBackupDays - DBPEndpoint ParameterLabels: AWSIKeyPairName: default: EC2 Key Pair for SSH access AWSIVPC: default: VPC for Deep Security Components DSISubnetID: default: Subnet for Deep Security Managers. Must be public subnet if deploying Internet-facing infrastructure, else must be private. DBIRDSInstanceSize: default: RDS Instance Type DBIStorageAllocation: default: RDS Storage Size DBPBackupDays: default: Backup Retention DBPCreateDbInstance: default: Create new DB Instance? DBICAdminName: default: Admin username for Database DBICAdminPassword: default: Admin password for Database DBPEngine: default: Choose PostgreSQL, MSSQL, Oracle or Aurora PostgreSQL Engine DBPEndpoint: default: Existing Database Endpoint if not creating new DBPName: default: Name of database DSCAdminName: default: Admin username for Deep Security DSCAdminPassword: default: Admin password for Deep Security DSIMultiNode: default: Number of Deep Security Managers to deploy DSIPLicenseKey: default: License Key DSIPHeartbeatPort: default: TCP port for Deep Security Agents DSIPGUIPort: default: TCP port for Deep Security Console DSIPInstanceType: default: EC2 Instance Type for Deep Security Manager DBISubnet1: default: Primary private subnet for RDS DBISubnet2: default: Secondary private subnet for RDS DSIPLicense: default: Deep Security License Type DBPMultiAZ: default: Single- or Multi- AZ RDS instance DSCLicenseType: default: Select Enterprise or Network License Key Type DSELBPosture: default: Use internal or internet-facing ELB DSProxyUrl: default: Url for a proxy server for internet traffic in the format of host:port. Leave blank if not required Parameters: AWSIKeyPairName: Description: Existing key pair to use for connecting to your Deep Security Manager Instance Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: Select an existing EC2 Key Pair. AWSIVPC: Description: Existing VPC to deploy Deep Security Manager. Must contain at least 1 public and 2 private subnets Type: AWS::EC2::VPC::Id AllowedPattern: '[-_a-zA-Z0-9]*' DSISubnetID: Description: Choose a public subnet for Deep Security Manager. Must be in same AZ as primary RDS subnet. Type: AWS::EC2::Subnet::Id AllowedPattern: '[-_a-zA-Z0-9]*' ConstraintDescription: Subnet ID must exist in the chosen VPC DBIRDSInstanceSize: Default: db.m5.large Description: Trend Micro Deep Security Database instance class Type: String AllowedValues: - db.m4.large - db.m4.xlarge - db.m4.2xlarge - db.m4.4xlarge - db.m3.medium - db.m3.large - db.m3.xlarge - db.m3.2xlarge - db.m5.medium - db.m5.large - db.m5.xlarge - db.m5.2xlarge - db.r3.large - db.r3.xlarge - db.r3.2xlarge - db.r3.4xlarge - db.r3.8xlarge - db.r4.large - db.r4.xlarge - db.r4.2xlarge - db.r4.4xlarge - db.r4.8xlarge - db.r5.large - db.r5.xlarge - db.r5.2xlarge - db.r5.4xlarge - db.r5.8xlarge ConstraintDescription: must select a valid database instance type. DBIStorageAllocation: Default: 100 Description: The Storage Allocated to Database Instance (in GB). Minimum 200 for SQL Server, 10 for Oracle. Type: Number MinValue: 10 MaxValue: 3072 ConstraintDescription: must be between 10 and 3072Gb. DBPBackupDays: Default: 1 Description: Days to keep automatic RDS backups (0-35) Type: Number MinValue: 0 MaxValue: 35 ConstraintDescription: must be between 0 and 35 days. DBPCreateDbInstance: Description: Choose whether or not to create an RDS instance for the Deep Security Manager Deployment Type: String Default: 'Yes' AllowedValues: - 'Yes' DBICAdminName: Default: dsadmin Description: Admin account username to be used for the database instance Type: String MinLength: 1 MaxLength: 16 AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' ConstraintDescription: must begin with a letter and contain only alphanumeric characters. DBICAdminPassword: NoEcho: true Description: Password to be used for the database admin account. 8-41 alphanumeric characters Type: String MinLength: 8 MaxLength: 41 AllowedPattern: '[a-zA-Z0-9!^*\-_+]*' ConstraintDescription: Can only contain alphanumeric characters or the following special characters !^*-_+ Min length 8, max length 41 DBPEngine: Description: Choose PostgreSQL, Microsoft SQL, Oracle or Aurora PostgreSQL for DSM database Engine Type: String Default: PostgreSQL AllowedValues: - SQL - Oracle - PostgreSQL - AuroraPostgreSQL DBPEndpoint: Type: String Description: If you have an existing oracle instance, enter the endpoint address here, else this field will be ignored Default: Enter Oracle Address here if needed DBPName: Default: dsm Description: Name to be assigned to the database Type: String MinLength: 1 MaxLength: 64 AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' ConstraintDescription: must begin with a letter and contain only alphanumeric characters. DSCAdminName: Default: admin Description: The Deep Security Manager administrator account username for Web Console Access Type: String MinLength: 1 MaxLength: 16 AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' ConstraintDescription: must begin with a letter and contain only alphanumeric characters. DSCAdminPassword: NoEcho: true Description: The Deep Security Manager administrator account password Type: String MinLength: 8 MaxLength: 41 AllowedPattern: '[a-zA-Z0-9!^*\-_+]*' ConstraintDescription: Can only contain alphanumeric characters or the following special characters !^*-_+ Min length 8, max length 41 DSIMultiNode: Description: Select number of Deep Security Managers to Deploy Type: Number AllowedValues: - '1' - '2' DSIPLicenseKey: Description: Deep Security License key including dashes. Only required for BYOL license type. (e.g. AP-E9RM-99WHE-B5UR5-BV8YB-HVYM8-HYYVG) Type: String MinLength: 37 MaxLength: 37 AllowedPattern: '[A-Z0-9]{2}-[A-Z0-9]{4}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}' ConstraintDescription: Key can only contain ASCII characters. Default: XX-XXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX DSIPHeartbeatPort: Description: The heartbeat port used by Deep Security Agents and appliances to communicate with the Deep Security Manager. Type: Number MinValue: 0 MaxValue: 65535 Default: '4120' ConstraintDescription: Must be a valid TCP port. DSIPGUIPort: Description: The Deep Security Manager application and GUI port. Type: Number MinValue: 0 MaxValue: 65535 Default: '443' ConstraintDescription: Must be a valid TCP port. DSIPInstanceType: Description: Amazon EC2 instance type for BYOL Deep Security Manager Node Instances (ignored for other license types) Type: String Default: m5.xlarge AllowedValues: - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.10xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5.8xlarge - c3.xlarge - c3.2xlarge - c3.4xlarge - c3.8xlarge - c4.xlarge - c4.2xlarge - c4.4xlarge - c4.8xlarge - c5.4xlarge - c5.9xlarge - r3.large - r3.xlarge - r3.2xlarge - r3.4xlarge - r3.8xlarge - i2.xlarge - i2.2xlarge - i2.4xlarge - i2.8xlarge - g2.2xlarge - r4.large - r4.xlarge DBISubnet1: Description: Choose a primary private subnet for RDS instance. Must be in same AZ as Deep Security Manager Type: AWS::EC2::Subnet::Id ConstraintDescription: RDS Subnet Groups must be comprised of 2 subnets in seperate availability zones with the specified VPC for deploying this template DBISubnet2: Description: Choose a secondary private subnet for RDS instance. Must not be the same as primary subnet. Type: AWS::EC2::Subnet::Id ConstraintDescription: RDS Subnet Groups must be comprised of 2 subnets in seperate availability zones with the specified VPC for deploying this template DSIPLicense: Description: Choose License Model. If choosing BYOL you may enter the license below Type: String AllowedValues: - PerHost - BYOL DBPMultiAZ: Description: Use Multi-AZ or SQL Mirroring Option Group for RDS Instance Type: String AllowedValues: - 'true' - 'false' Default: 'false' DSELBPosture: Description: Use internal or internet-facing ELB Type: String AllowedValues: - Internet-facing - Internal Default: Internet-facing QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-trendmicro-deepsecurity/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String DSCLicenseType: Type: String Default: Enterprise AllowedValues: - Enterprise - Network DSProxyUrl: Type: String Default: '' AllowedPattern: '^$|^(?!(?i)http)(.+):[\d]+$|^(?=\d+\.\d+\.\d+\.\d+\:\d+$)(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\.?){4}:(6553[0-5]|655[0-2][0-9]\d|65[0-4](\d){2}|6[0-4](\d){3}|[1-5](\d){4}|[1-9](\d){0,3}){1}$' Mappings: DSMNodeDependency: Node1DB: String: DSDatabaseAbstract Node2DB: String: DSM95Node1 Node1NoDB: String: DSISecurityGroups Node2NoDB: String: DSM95Node2NoDB Resources: DSMNode1: Type: AWS::CloudFormation::Stack DependsOn: - DSDatabaseAbstract - DSIDSMSecurityGroup Condition: LaunchRDSInstance Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/marketplace/dsm-mp.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AWSIKeyPairName: !Ref AWSIKeyPairName AWSIVPC: !Ref AWSIVPC DSIPLicense: !Ref DSIPLicense DSIPLicenseKey: !Ref DSIPLicenseKey DSCAdminName: !Ref DSCAdminName DSCAdminPassword: !Ref DSCAdminPassword DBPRDSEndpoint: !GetAtt DSDatabaseAbstract.Outputs.DSDBEndpoint DBPName: !Ref DBPName DBICAdminName: !Ref DBICAdminName DBICAdminPassword: !Ref DBICAdminPassword DSIPGUIPort: !Ref DSIPGUIPort DSIPHeartbeatPort: !Ref DSIPHeartbeatPort DSMPMNode: 'No' DSISubnetID: !Ref DSISubnetID DSMSG: !GetAtt DSIDSMSecurityGroup.Outputs.DSMSG DBPEngine: !Ref DBPEngine DSIPInstanceType: !Ref DSIPInstanceType CreateEIP: 'False' DSIELB: !GetAtt DSIELB.Outputs.DSIELB DSM1CompleteWaitHandle: !Ref DSM1CompleteWaitHandle DSIELBFQDN: !GetAtt DSIELB.Outputs.ELBFQDN DSELBPosture: !Ref DSELBPosture QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix DSCLicenseType: !Ref DSCLicenseType DSProxyUrl: !Ref DSProxyUrl DSMNode2: Type: AWS::CloudFormation::Stack DependsOn: - DSIDSMSecurityGroup - DSM1CompleteWaitCondition Condition: DSMNode2DB Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/marketplace/dsm-mp.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AWSIKeyPairName: !Ref AWSIKeyPairName AWSIVPC: !Ref AWSIVPC DSIPLicense: !Ref DSIPLicense DSIPLicenseKey: !Ref DSIPLicenseKey DSCAdminName: !Ref DSCAdminName DSCAdminPassword: !Ref DSCAdminPassword DBPRDSEndpoint: !GetAtt DSDatabaseAbstract.Outputs.DSDBEndpoint DBPName: !Ref DBPName DBICAdminName: !Ref DBICAdminName DBICAdminPassword: !Ref DBICAdminPassword DSIPGUIPort: !Ref DSIPGUIPort DSIPHeartbeatPort: !Ref DSIPHeartbeatPort DSMPMNode: 'Yes' DSISubnetID: !Ref DSISubnetID DSMSG: !GetAtt DSIDSMSecurityGroup.Outputs.DSMSG DBPEngine: !Ref DBPEngine DSIPInstanceType: !Ref DSIPInstanceType CreateEIP: 'False' DSIELB: !GetAtt DSIELB.Outputs.DSIELB DSELBPosture: !Ref DSELBPosture QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix DSProxyUrl: !Ref DSProxyUrl DSMNode1NoDB: Type: AWS::CloudFormation::Stack DependsOn: - DSIDSMSecurityGroup Condition: DoNotLaunchRDSInstance Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/marketplace/dsm-mp.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AWSIKeyPairName: !Ref AWSIKeyPairName AWSIVPC: !Ref AWSIVPC DSIPLicense: !Ref DSIPLicense DSIPLicenseKey: !Ref DSIPLicenseKey DSCAdminName: !Ref DSCAdminName DSCAdminPassword: !Ref DSCAdminPassword DBPRDSEndpoint: !Ref DBPEndpoint DBPName: !Ref DBPName DBICAdminName: !Ref DBICAdminName DBICAdminPassword: !Ref DBICAdminPassword DSIPGUIPort: !Ref DSIPGUIPort DSIPHeartbeatPort: !Ref DSIPHeartbeatPort DSMPMNode: 'No' DSISubnetID: !Ref DSISubnetID DSMSG: !GetAtt DSIDSMSecurityGroup.Outputs.DSMSG DBPEngine: !Ref DBPEngine DSIPInstanceType: !Ref DSIPInstanceType CreateEIP: 'False' DSM1NoDBCompleteWaitHandle: !Ref DSM1NoDBCompleteWaitHandle DSIELB: !GetAtt DSIELB.Outputs.DSIELB DSIELBFQDN: !GetAtt DSIELB.Outputs.ELBFQDN DSELBPosture: !Ref DSELBPosture QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix DSProxyUrl: !Ref DSProxyUrl DSMNode2NoDB: Type: AWS::CloudFormation::Stack DependsOn: DSM1NoDBCompleteWaitCondition Condition: DSMNode2NoDB Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/marketplace/dsm-mp.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AWSIKeyPairName: !Ref AWSIKeyPairName AWSIVPC: !Ref AWSIVPC DSIPLicense: !Ref DSIPLicense DSIPLicenseKey: !Ref DSIPLicenseKey DSCAdminName: !Ref DSCAdminName DSCAdminPassword: !Ref DSCAdminPassword DBPRDSEndpoint: !Ref DBPEndpoint DBPName: !Ref DBPName DBICAdminName: !Ref DBICAdminName DBICAdminPassword: !Ref DBICAdminPassword DSIPGUIPort: !Ref DSIPGUIPort DSIPHeartbeatPort: !Ref DSIPHeartbeatPort DSMPMNode: 'Yes' DSISubnetID: !Ref DSISubnetID DSMSG: !GetAtt DSIDSMSecurityGroup.Outputs.DSMSG DBPEngine: !Ref DBPEngine DSIPInstanceType: !Ref DSIPInstanceType CreateEIP: 'False' DSIELB: !GetAtt DSIELB.Outputs.DSIELB DSELBPosture: !Ref DSELBPosture QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix DSProxyUrl: !Ref DSProxyUrl DSDatabaseAbstract: Type: AWS::CloudFormation::Stack Condition: LaunchRDSInstance DependsOn: DSIRDSSecurityGroup Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/common/db/ds-db-abstract.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AWSIKeyPairName: !Ref AWSIKeyPairName DBPName: !Ref DBPName DBIStorageAllocation: !Ref DBIStorageAllocation DBIRDSInstanceSize: !Ref DBIRDSInstanceSize DBPEngine: !Ref DBPEngine DBICAdminName: !Ref DBICAdminName DBICAdminPassword: !Ref DBICAdminPassword RDSSG: !GetAtt DSIRDSSecurityGroup.Outputs.RDSSG MultiAZ: !Ref DBPMultiAZ StorageType: gp2 DBPBackupDays: !Ref DBPBackupDays DBISubnet1: !Ref DBISubnet1 DBISubnet2: !Ref DBISubnet2 QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix DSIRDSSecurityGroup: Type: AWS::CloudFormation::Stack Condition: LaunchRDSInstance Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/common/security-groups/rds-security-group.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AWSIVPC: !Ref AWSIVPC DBPEngine: !Ref DBPEngine DSMSG: !GetAtt DSIDSMSecurityGroup.Outputs.DSMSG DSIDSMSecurityGroup: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/common/security-groups/dsm-security-group.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AWSIVPC: !Ref AWSIVPC DSIPGUIPort: !Ref DSIPGUIPort DSIPHeartbeatPort: !Ref DSIPHeartbeatPort DSIELB: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/common/dsm-elb.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AWSIVPC: !Ref AWSIVPC DSIPHeartbeatPort: !Ref DSIPHeartbeatPort DSIPGUIPort: !Ref DSIPGUIPort DSISubnetID: !Ref DSISubnetID DSELBPosture: !Ref DSELBPosture QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix DSIDSMSecurityGroupIngressRules: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/common/security-groups/dsm-sg-ingress-rules.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: DSMSG: !GetAtt DSIDSMSecurityGroup.Outputs.DSMSG ELBSourceSG: !GetAtt DSIELB.Outputs.ELBSourceSecurityGroup DSIPHeartbeatPort: !Ref DSIPHeartbeatPort DSIPGUIPort: !Ref DSIPGUIPort DSM1CompleteWaitHandle: Condition: LaunchRDSInstance Type: AWS::CloudFormation::WaitConditionHandle DSM1CompleteWaitCondition: Condition: LaunchRDSInstance Type: AWS::CloudFormation::WaitCondition DependsOn: - DSMNode1 Properties: Handle: !Ref DSM1CompleteWaitHandle Timeout: '3000' DSM1NoDBCompleteWaitHandle: Condition: DoNotLaunchRDSInstance Type: AWS::CloudFormation::WaitConditionHandle DSM1NoDBCompleteWaitCondition: Condition: DoNotLaunchRDSInstance Type: AWS::CloudFormation::WaitCondition DependsOn: - DSMNode1NoDB Properties: Handle: !Ref DSM1CompleteWaitHandle Timeout: '3000' Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] DSIsMultiNode: !Equals - !Ref DSIMultiNode - '2' LaunchRDSInstance: !Equals - !Ref DBPCreateDbInstance - 'Yes' DoNotLaunchRDSInstance: !Equals - !Ref DBPCreateDbInstance - 'No' DSMNode2DB: !And - !Condition DSIsMultiNode - !Condition LaunchRDSInstance DSMNode2NoDB: !And - !Condition DSIsMultiNode - !Condition DoNotLaunchRDSInstance InternetFacingELB: !Equals - !Ref DSELBPosture - Internet-facing GovCloudCondition: !Or - !Equals - !Ref AWS::Region - us-gov-west-1 - !Equals - !Ref AWS::Region - us-gov-east-1 Outputs: DeepSecurityConsole: Value: Fn::Sub: https://${DSIELB.Outputs.ELBFQDN}:${DSIPGUIPort} DeepSecurityHeartbeat: Value: Fn::Sub: dsm://${DSIELB.Outputs.ELBFQDN}:${DSIPHeartbeatPort}/ ELBCanonicalHostedZoneNameID: Value: !GetAtt DSIELB.Outputs.ELBCanonicalHostedZoneNameID ELBDNSName: Value: !GetAtt DSIELB.Outputs.ELBDNSName ...