AWSTemplateFormatVersion: 2010-09-09 Description: >- This template creates a multi-Availability Zone, multi-subnet VPC infrastructure with UIPath Automation Suite deployed in private subnets, with a load balancer behind Amazon Route 53 in public subnets. (qs-1r2g4122s) Metadata: QuickStartDocumentation: EntrypointName: Launch into a new VPC Order: "1" 'AWS::CloudFormation::Interface': ParameterGroups: - Label: default: Availability Zone configuration Parameters: - AvailabilityZones - NumberOfAZs - DeployBastion - Label: default: Automation Suite instance configuration Parameters: - KeyPairName - AmiId - GpuAmiId - IamRoleArn - IamRoleName - Label: default: Automation Suite deployment configuration Parameters: - MultiNode - EnableBackup - UseSharedBucket - UseLevel7LoadBalancer - UiPathVersion - InstallerDownloadUrl - AddGpu - ExtraConfigKeys - SelfSignedCertificateValidity - Label: default: Automation Suite services Parameters: - Orchestrator - ActionCenter - AutomationHub - AutomationOps - Insights - DataService - TestManager - AiCenter - BusinessApps - DocumentUnderstanding - TaskMining - ASRobots - ProcessMining - Label: default: Automation Suite external Orchestrator configuration Parameters: - UseExternalOrchestrator - OrchestratorURL - IdentityURL - OrchestratorCertificate - IdentityCertificate - Label: default: DNS or SSL configuration Parameters: - UiPathFQDN - HostedZoneID - AcmCertificateArn - UseInternalLoadBalancer - Label: default: Amazon RDS configuration Parameters: - RDSEngine - RDSVersion - DatabaseKmsKeyId - Label: default: Partner Solution S3 bucket configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: AvailabilityZones: default: Availability Zones NumberOfAZs: default: Number of Availability Zones DeployBastion: default: Deploy bastion host KeyPairName: default: Instance key pair AmiId: default: Instance AMI ID GpuAmiId: default: GPU instance AMI ID IamRoleArn: default: IAM role ARN IamRoleName: default: IAM role name MultiNode: default: Deployment type EnableBackup: default: Enable cluster backup UseSharedBucket: default: Use a shared bucket for external storage UseLevel7LoadBalancer: default: Load balancer UiPathVersion: default: Automation Suite version InstallerDownloadUrl: default: Installer download URL ExtraConfigKeys: default: Extra configuration keys SelfSignedCertificateValidity: default: Validity of the self-signed certificate Orchestrator: default: Orchestrator ActionCenter: default: Action Center AutomationHub: default: Automation Hub AutomationOps: default: Automation Ops Insights: default: Insights TestManager: default: Test Manager DataService: default: Data Service AiCenter: default: AI Center BusinessApps: default: Apps DocumentUnderstanding: default: Document Understanding TaskMining: default: Task Mining ASRobots: default: Automation Suite Robots ProcessMining: default: Process Mining UseExternalOrchestrator: default: Connect AiCenter to an external Orchestrator OrchestratorURL: default: Orchestrator URL IdentityURL: default: Identity URL OrchestratorCertificate: default: Base64 encoded Orchestrator certificate IdentityCertificate: default: Base64 encoded Identity certificate AddGpu: default: Add GPU-enabled VMs UiPathFQDN: default: Hosting FQDN HostedZoneID: default: ID of Route 53-hosted zone UseInternalLoadBalancer: default: Use internal load balancer RDSEngine: default: Engine of SQL Server deployed on Amazon RDS RDSVersion: default: Version of SQL Server deployed on Amazon RDS DatabaseKmsKeyId: default: AWS KMS key ID used to encrypt Amazon RDS storage AcmCertificateArn: default: ARN of the ACM-hosted certificate QSS3BucketName: default: Template-hosting S3 bucket QSS3KeyPrefix: default: Template folder QSS3BucketRegion: default: Template-hosting S3 Region Parameters: AvailabilityZones: Description: >- Choose up to three Availability Zones for the VPC subnets. Type: "List" NumberOfAZs: AllowedValues: - '2' - '3' Default: '2' Description: >- Choose the number of Availability Zones to use in the VPC. This number must match the number of zones selected for the Availability Zones parameter. Type: String KeyPairName: Description: Existing key pair to connect to virtual machine (VM) instances. Type: 'AWS::EC2::KeyPair::KeyName' AmiId: Description: | Provide the Amazon Machine Image (AMI) ID to create the EC2 instances of the cluster. Leave empty to determine the AMI ID automatically during deployment. Type: String Default: '' GpuAmiId: Description: | Provide the AMI ID to create the GPU-enabled EC2 instance. Leave empty to determine the AMI ID automatically during deployment. Type: String Default: '' IamRoleArn: Description: Amazon Resource Name (ARN) of a predeployed IAM role with sufficient permissions for the deployment. Leave empty to create a new role automatically during deployment. Type: String Default: '' IamRoleName: Description: Name of a predeployed IAM role with sufficient permissions for the deployment. Leave empty to create a new role automatically during deployment. Type: String Default: '' MultiNode: Description: Install Automation Suite on a single node (recommended for evaluation/development purposes) or multinode (recommended for production purposes) environment. Type: String Default: 'Single Node' AllowedValues: - "Single Node" - "Multi Node" EnableBackup: Description: Choose false to disable cluster backup. Type: String Default: 'true' AllowedValues: - 'true' - 'false' UseSharedBucket: Description: Enable shared bucket across products. Process Mining and Data Service will require a dedicated bucket each if enabled. Type: String Default: 'false' AllowedValues: - 'true' - 'false' UseLevel7LoadBalancer: Description: Choose Application Load Balancer (ALB) or Network Load Balancer (NLB). Type: String Default: 'ALB' AllowedValues: - 'ALB' - 'NLB' UiPathVersion: Description: UiPath version to install. Type: String Default: '2022.10.2' AllowedValues: - '2022.10.2' InstallerDownloadUrl: Description: Custom URL for the installer download. Leave empty to use the UiPath version. Type: String Default: "" ExtraConfigKeys: Description: Extra configuration keys to add to the cluster configuration. Leave empty to use the default configuration. Type: String Default: "" SelfSignedCertificateValidity: Description: Validity of the self-signed certificate in days, used by the deployment to encrypt traffic inside the VPC. Type: String Default: "1825" AllowedValues: - "90" - "365" - "730" - "1825" - "3650" Orchestrator: Description: Choose false to disable Orchestrator installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' ActionCenter: Description: Choose false to disable Action Center installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' Insights: Description: Choose false to disable Insights installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' AutomationHub: Description: Choose false to disable Automation Hub installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' AutomationOps: Description: Choose false to disable Automation Ops installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' TestManager: Description: Choose false to disable Test Manager installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' DataService: Description: Choose false to disable Data Service installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' AiCenter: Description: Choose false to disable AI Center installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' BusinessApps: Description: Choose false to disable Apps installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' DocumentUnderstanding: Description: Choose false to disable Document Understanding installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' TaskMining: Description: Choose false to disable Task Mining installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' ASRobots: Description: Chose false to disable Automation Suite Robots installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' ProcessMining: Description: Choose false to disable Process Mining installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' AddGpu: Description: >- Choose true to add a GPU-enabled VM to the deployment. Type: String Default: 'false' AllowedValues: - 'true' - 'false' UseExternalOrchestrator: Description: >- Choose true to connect AiCenter to an external Orchestrator Type: String Default: 'false' AllowedValues: - 'true' - 'false' OrchestratorURL: Description: >- URL of the Orchestrator to which AiCenter connects Type: String Default: '' IdentityURL: Description: >- URL of the Identity server used to authorize AiCenter Type: String Default: '' OrchestratorCertificate: Description: >- Base64 encoded Orchestrator certificate Type: String Default: '' IdentityCertificate: Description: >- Base64 encoded Identity certificate Type: String Default: '' HostedZoneID: Description: ID of Route 53-hosted zone Leave empty to pause the deployment once the load balancer was created and manually configure the DNS. Type: String Default: '' UiPathFQDN: Description: >- Fully qualified domain name (FQDN) for Automation Suite. Name must be either a subdomain or root domain of the ID of the Route 53-hosted zone parameter. Type: String AllowedPattern: '(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)' ConstraintDescription: >- FQDNs can include numbers, lowercase letters, uppercase letters, and hyphens (-). AcmCertificateArn: Description: | ARN of certificate in AWS Certificate Manager (ACM) to use with the ALB. Leave empty to create the public certificate during deployment. Type: String Default: "" UseInternalLoadBalancer: Description: Deploy internal load balancer. Type: String Default: "false" AllowedValues: - 'true' - 'false' DeployBastion: Description: | Deploy a bastion host inside the public subnet. Choose false to skip deploying the bastion host. Type: String Default: "true" AllowedValues: - 'true' - 'false' RDSEngine: Type: String Description: Amazon Relational Database Service (Amazon RDS) SQL engine. Default: "sqlserver-se" AllowedValues: - "sqlserver-ee" - "sqlserver-se" - "sqlserver-web" RDSVersion: Type: String Description: Amazon RDS SQL version. Default: "15.00" AllowedValues: - "15.00" - "14.00" - "13.00" DatabaseKmsKeyId: Type: String Default: "" Description: AWS Key Management Service (AWS KMS) key ID to use for encrypting the Amazon RDS storage. Leave empty to skip encrypting the Amazon RDS storage. QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: >- The S3 bucket name can include numbers, lowercase letters, and hyphens (-), but it cannot start or end with a hyphen. Description: >- Name of the S3 bucket for your copy of the deployment assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new location. Type: String Default: uipath-s3-quickstart QSS3BucketRegion: Default: us-east-1 Description: >- AWS Region where the S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing the Region updates code references to point to a new location. When using your own bucket, specify the Region. Type: String AllowedPattern: (us(-gov)?|ap|ca|cn|eu|sa)-(central|(north|south)?(east|west)?)-\d ConstraintDescription: Must be a valid AWS Region code. QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*/$' ConstraintDescription: >- The S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), underscores (_), periods (.), asterisks (*), single quotes ('), open parenthesis ((), close parenthesis ()), and forward slashes (/). End the prefix with a forward slash. Default: aws-quickstart-sf/ Description: >- S3 key prefix that is used to simulate a folder for your copy of the deployment assets. Keep the default prefix unless you are customizing the template. Changing the prefix updates code references to point to a new location. Type: String AcceptLicenseAgreement: Description: >- Use of paid UiPath products and services is subject to the licensing agreement executed between you and UiPath. Unless otherwise indicated by UiPath, use of free UiPath products is subject to the associated licensing agreement available here: https://www.uipath.com/legal/trust-and-security/legal-terms (or successor website). Type true in the text input field to confirm that you agree to the applicable licensing agreement. Type: String AllowedPattern: ^true$ ConstraintDescription: >- You must accept the License Agreement. Conditions: UsingDefaultBucket: !Equals - !Ref QSS3BucketName - uipath-s3-quickstart 3AZCondition: !Equals - !Ref NumberOfAZs - '3' Resources: NetworkStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref QSS3BucketRegion Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones NumberOfAZs: !Ref NumberOfAZs VPCCIDR: "10.0.0.0/16" ServiceFabricStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/uipath-sf.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref QSS3BucketRegion Parameters: VPCCIDR: "10.0.0.0/16" VPCID: !GetAtt NetworkStack.Outputs.VPCID KeyPairName: !Ref KeyPairName PrivateSubnetIDs: !Join - ',' - - !GetAtt NetworkStack.Outputs.PrivateSubnet1AID - !GetAtt NetworkStack.Outputs.PrivateSubnet2AID - !If [ 3AZCondition, !GetAtt NetworkStack.Outputs.PrivateSubnet3AID, !Ref "AWS::NoValue" ] PublicSubnetIDs: !Join - ',' - - !GetAtt NetworkStack.Outputs.PublicSubnet1ID - !GetAtt NetworkStack.Outputs.PublicSubnet2ID - !If [ 3AZCondition, !GetAtt NetworkStack.Outputs.PublicSubnet3ID, !Ref "AWS::NoValue" ] NumberOfAZs: !Ref NumberOfAZs MultiNode: !Ref MultiNode EnableBackup: !Ref EnableBackup UseSharedBucket: !Ref UseSharedBucket UseLevel7LoadBalancer: !Ref UseLevel7LoadBalancer PerformInstallation: "true" AddGpu: !Ref AddGpu GpuAmiId: !Ref GpuAmiId ExtraConfigKeys: !Ref ExtraConfigKeys SelfSignedCertificateValidity: !Ref SelfSignedCertificateValidity UiPathFQDN: !Ref UiPathFQDN Orchestrator: !Ref Orchestrator ActionCenter: !Ref ActionCenter AutomationHub: !Ref AutomationHub AutomationOps: !Ref AutomationOps DataService: !Ref DataService Insights: !Ref Insights TestManager: !Ref TestManager AiCenter: !Ref AiCenter BusinessApps: !Ref BusinessApps DocumentUnderstanding: !Ref DocumentUnderstanding TaskMining: !Ref TaskMining ASRobots: !Ref ASRobots UseExternalOrchestrator: !Ref UseExternalOrchestrator OrchestratorURL: !Ref OrchestratorURL IdentityURL: !Ref IdentityURL OrchestratorCertificate: !Ref OrchestratorCertificate IdentityCertificate: !Ref IdentityCertificate ProcessMining: !Ref ProcessMining HostedZoneID: !Ref HostedZoneID QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix QSS3BucketRegion: !Ref QSS3BucketRegion InstallerDownloadUrl: !Ref InstallerDownloadUrl UiPathVersion: !Ref UiPathVersion RDSEngine: !Ref RDSEngine RDSVersion: !Ref RDSVersion AmiId: !Ref AmiId AcmCertificateArn: !Ref AcmCertificateArn UseInternalLoadBalancer: !Ref UseInternalLoadBalancer DatabaseKmsKeyId: !Ref DatabaseKmsKeyId DeployBastion: !Ref DeployBastion IamRoleArn: !Ref IamRoleArn IamRoleName: !Ref IamRoleName AcceptLicenseAgreement: !Ref AcceptLicenseAgreement Outputs: InterfaceTour: Value: "https://docs.uipath.com/automation-suite/docs/interface-tour" Description: |- The general-use Automation Suite user interface serves as a portal for both organization administrators and organization users. It is a common organization-level resource from where everyone can access all of your Automation Suite areas: administration pages, platform-level pages, service-specific pages, and user-specific pages. AutomationSuiteUrl: Description: Automation Suite portal. Value: !Sub "https://${UiPathFQDN}" AutomationSuiteSecret: Description: Credentials for Automation Suite portal. Value: !Join - '' - - !Sub "https://${AWS::Region}.console.aws.amazon.com/secretsmanager/home?region=${AWS::Region}#!/secret?name=" - !GetAtt ServiceFabricStack.Outputs.OrgSecret HostAdministrationUrl: Description: |- The host portal is for system administrators to configure the Automation Suite instance. The settings that you configure from this portal are inherited by all your organizations, and some can be overwritten at the organization level. Value: !Sub "https://${UiPathFQDN}" HostAdministrationSecret: Description: Credentials for Host Administration. Value: !Join - '' - - !Sub "https://${AWS::Region}.console.aws.amazon.com/secretsmanager/home?region=${AWS::Region}#!/secret?name=" - !GetAtt ServiceFabricStack.Outputs.PlatformSecret ArgoCd: Description: |- You can use the ArgoCD console to manage installed products. Value: !Sub "https://alm.${UiPathFQDN}" ArgoCdSecret: Description: Secret storing the ArgoCD administrator credentials. Value: !Join - '' - - !Sub "https://${AWS::Region}.console.aws.amazon.com/secretsmanager/home?region=${AWS::Region}#!/secret?name=" - !GetAtt ServiceFabricStack.Outputs.ArgoCdSecret MonitoringFqdn: Description: The Monitoring login page. Value: !Sub "https://monitoring.${UiPathFQDN}" InputJsonSecret: Description: Secret storing the input.json content. Value: !Join - '' - - !Sub "https://${AWS::Region}.console.aws.amazon.com/secretsmanager/home?region=${AWS::Region}#!/secret?name=" - !GetAtt ServiceFabricStack.Outputs.InputJsonSecret ClusterAdministrationURL: Description: The Unified UI for Cluster management page. Value: !Sub "https://${UiPathFQDN}/uipath-management/"