AWSTemplateFormatVersion: 2010-09-09 Description: >- This template deploys UiPath Automation Suite into an existing VPC. (qs-1r2g4122s) Metadata: UnusedParameter: !Ref AcceptLicenseAgreement QuickStartDocumentation: EntrypointName: Launch into an existing VPC Order: "1" 'AWS::CloudFormation::Interface': ParameterGroups: - Label: default: Network configuration Parameters: - VPCCIDR - VPCID - NumberOfAZs - PublicSubnetIDs - PrivateSubnetIDs - DeployBastion - Label: default: Automation Suite instance configuration Parameters: - KeyPairName - AmiId - GpuAmiId - IamRoleArn - IamRoleName - Label: default: Automation Suite deployment configuration Parameters: - MultiNode - EnableBackup - UseSharedBucket - UseLevel7LoadBalancer - PerformInstallation - UiPathVersion - InstallerDownloadUrl - AddGpu - ExtraConfigKeys - SelfSignedCertificateValidity - Label: default: Automation Suite services Parameters: - Orchestrator - ActionCenter - AutomationHub - AutomationOps - Insights - DataService - TestManager - AiCenter - BusinessApps - DocumentUnderstanding - TaskMining - ASRobots - ProcessMining - Label: default: Automation Suite external Orchestrator configuration Parameters: - UseExternalOrchestrator - OrchestratorURL - IdentityURL - OrchestratorCertificate - IdentityCertificate - Label: default: DNS or SSL configuration Parameters: - UiPathFQDN - HostedZoneID - AcmCertificateArn - UseInternalLoadBalancer - Label: default: Amazon RDS configuration Parameters: - RDSEngine - RDSVersion - DatabaseKmsKeyId - Label: default: Partner Solution S3 bucket configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: VPCCIDR: default: VPC CIDR VPCID: default: VPC ID NumberOfAZs: default: Number of Availability Zones PublicSubnetIDs: default: Public subnet IDs PrivateSubnetIDs: default: Private subnet IDs DeployBastion: default: Deploy bastion host KeyPairName: default: Instance key pair AmiId: default: Instance AMI ID GpuAmiId: default: GPU instance AMI ID IamRoleArn: default: IAM role ARN IamRoleName: default: IAM role name MultiNode: default: Deployment type EnableBackup: default: Enable cluster backup UseSharedBucket: default: Use a shared bucket for external storage UseLevel7LoadBalancer: default: Load balancer PerformInstallation: default: Perform installation UiPathVersion: default: Automation Suite version InstallerDownloadUrl: default: Installer download URL ExtraConfigKeys: default: Extra configuration keys SelfSignedCertificateValidity: default: Validity of the self-signed certificate Orchestrator: default: Orchsestrator ActionCenter: default: Action Center AutomationHub: default: Automation Hub AutomationOps: default: Automation Ops Insights: default: Insights TestManager: default: Test Manager DataService: default: Data Service AiCenter: default: AI Center BusinessApps: default: Apps DocumentUnderstanding: default: Document Understanding TaskMining: default: Task Mining ASRobots: default: Automation Suite Robots ProcessMining: default: Process Mining UseExternalOrchestrator: default: Connect AiCenter to an external Orchestrator OrchestratorURL: default: Orchestrator URL IdentityURL: default: Identity URL OrchestratorCertificate: default: Base64 encoded Orchestrator certificate IdentityCertificate: default: Base64 encoded Identity certificate AddGpu: default: Add GPU-enabled VMs UiPathFQDN: default: Hosting FQDN HostedZoneID: default: ID of Amazon Route 53-hosted zone UseInternalLoadBalancer: default: Use internal load balancer RDSEngine: default: Engine of SQL Server deployed on Amazon RDS RDSVersion: default: Version of SQL Server deployed on Amazon RDS DatabaseKmsKeyId: default: AWS KMS key ID used to encrypt Amazon RDS storage AcmCertificateArn: default: ARN of the ACM-hosted certificate QSS3BucketName: default: Template-hosting S3 bucket QSS3KeyPrefix: default: Template folder QSS3BucketRegion: default: Template-hosting S3 Region Parameters: VPCCIDR: AllowedPattern: '^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$' ConstraintDescription: Must be a valid CIDR format (e.g 10.0.0.0/16) Default: 10.0.0.0/16 Description: VPC CIDR block Type: String VPCID: Type: 'AWS::EC2::VPC::Id' Description: VPC ID PublicSubnetIDs: Description: | List of public subnet IDs to deploy the internet-facing load balancer and the bastion host. Leave empty to deploy internal load balancer and skip deployment of the bastion host. Type: CommaDelimitedList Default: '' PrivateSubnetIDs: Description: List of private subnet IDs. Type: CommaDelimitedList NumberOfAZs: AllowedValues: - '2' - '3' Default: '2' Description: >- Choose the number of Availability Zones to use in the VPC. This number must match the number of zones selected in the Availability Zones parameter. Type: String KeyPairName: Description: Existing key pair to connect to virtual machine (VM) instances. Type: 'AWS::EC2::KeyPair::KeyName' AmiId: Description: | The Amazon Machine Image (AMI) ID used to create the EC2 instances of the cluster. Leave empty to determine the AMI ID automatically during deployment. Type: String Default: '' GpuAmiId: Description: | The AMI ID used to create the GPU-enabled EC2 instance. Leave empty to determine the AMI ID automatically during deployment. Type: String Default: '' IamRoleArn: Description: Amazon Resource Name (ARN) of a predeployed IAM role with sufficient permissions for the deployment. Leave empty to create a new role automatically during deployment.. Type: String Default: '' IamRoleName: Description: Name of a pre-deployed IAM Role with sufficient permissions for the deployment. Leave empty to create the role Type: String Default: '' MultiNode: Description: Install Automation Suite on a single node (recommended for evaluation/development purposes) or multinode (recommended for production purposes) environments. Type: String Default: 'Single Node' AllowedValues: - "Single Node" - "Multi Node" EnableBackup: Description: Choose false to disable cluster backup. Type: String Default: 'true' AllowedValues: - 'true' - 'false' UseSharedBucket: Description: Enable shared bucket across products. Process Mining and Data Service will require a dedicated bucket each if enabled. Type: String Default: 'false' AllowedValues: - 'true' - 'false' UseLevel7LoadBalancer: Description: Choose Application Load Balancer (ALB) or Network Load Balancer (NLB). Type: String Default: 'ALB' AllowedValues: - 'ALB' - 'NLB' PerformInstallation: Description: | Perform the Automation Suite installation. Choose false to perform only infrastructure provisioning and configuration. Type: String Default: 'true' AllowedValues: - 'true' - 'false' UiPathVersion: Description: UiPath version to install. Type: String Default: '2022.10.2' AllowedValues: - '2022.10.2' InstallerDownloadUrl: Description: Custom URL for installer download. Leave empty to use the UiPath version. Type: String Default: "" ExtraConfigKeys: Description: Extra configuration keys to add to the cluster config. Leave empty to use default config. Type: String Default: "" SelfSignedCertificateValidity: Description: Validity of the self-signed certificate in days, used by the deployment to encrypt traffic inside the VPC. Type: String Default: "1825" AllowedValues: - "90" - "365" - "730" - "1825" - "3650" Orchestrator: Description: Choose false to disable Orchestrator installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' ActionCenter: Description: Choose false to disable Action Center installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' Insights: Description: Choose false to disable Insights installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' AutomationHub: Description: Choose false to disable Automation Hub installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' AutomationOps: Description: Choose false to disable Automation Ops installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' TestManager: Description: Choose false to disable Test Manager installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' DataService: Description: Choose false to disable Data Service installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' AiCenter: Description: Choose false to disable AI Center installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' BusinessApps: Description: Choose false to disable Apps installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' DocumentUnderstanding: Description: Choose false to disable Document Understanding installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' TaskMining: Description: Choose false to disable Task Mining installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' ASRobots: Description: Chose false to disable Automation Suite Robots installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' ProcessMining: Description: Choose false to disable Process Mining installation. Type: String Default: 'true' AllowedValues: - 'true' - 'false' UseExternalOrchestrator: Description: >- Choose true to connect AiCenter to an external Orchestrator Type: String Default: 'false' AllowedValues: - 'true' - 'false' OrchestratorURL: Description: >- URL of the Orchestrator to which AiCenter connects Type: String Default: '' IdentityURL: Description: >- URL of the Identity server used to authorize AiCenter Type: String Default: '' OrchestratorCertificate: Description: >- Base64 encoded Orchestrator certificate Type: String Default: '' IdentityCertificate: Description: >- Base64 encoded Identity certificate Type: String Default: '' AddGpu: Description: >- Choose true to add a GPU-enabled VM to the deployment. Type: String Default: 'false' AllowedValues: - 'true' - 'false' HostedZoneID: Description: ID of Amazon Route 53-hosted zone. Leave empty to pause the deployment once the load balancer was created and manually configure the DNS. Type: String Default: '' UiPathFQDN: Description: >- Fully qualified domain name (FQDN) for Automation Suite. Name must be either a subdomain or root domain of the of ID of Amazon Route 53-hosted zone parameter. Type: String AllowedPattern: '(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)' ConstraintDescription: >- FQDNs can include numbers, lowercase letters, uppercase letters, and hyphens (-). AcmCertificateArn: Description: | ARN of certificate present in AWS Certificate Manager (ACM) to use with the ALB. Leave empty to create the public certificate during deployment. Type: String Default: "" UseInternalLoadBalancer: Description: Deploy internal load balancer. Type: String Default: "false" AllowedValues: - 'true' - 'false' DeployBastion: Description: | Deploy a bastion host inside the public subnet. Choose false to skip deploying the bastion host. Type: String Default: "true" AllowedValues: - 'true' - 'false' RDSEngine: Type: String Description: Amazon RDS SQL Server engine. Default: "sqlserver-se" AllowedValues: - "sqlserver-ee" - "sqlserver-se" - "sqlserver-web" RDSVersion: Type: String Description: Amazon RDS SQL Server version. Default: "15.00" AllowedValues: - "15.00" - "14.00" - "13.00" DatabaseKmsKeyId: Type: String Default: "" Description: AWS Key Management Service (AWS KMS) key II to encrypt Amazon RDS storage. Leave empty to skip encrypting Amazon RDS storage. QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: >- The S3 bucket name can include numbers, lowercase letters, and hyphens (-), but it cannot start or end with a hyphen. Description: >- Name of the S3 bucket for your copy of the deployment assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new location. Type: String Default: uipath-s3-quickstart QSS3BucketRegion: Default: us-east-1 Description: >- AWS Region where the S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing the Region updates code references to point to a new location. When using your own bucket, specify the Region. Type: String AllowedPattern: (us(-gov)?|ap|ca|cn|eu|sa)-(central|(north|south)?(east|west)?)-\d ConstraintDescription: Must be a valid AWS Region code. QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*/$' ConstraintDescription: >- The S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), underscores (_), periods (.), asterisks (*), single quotes ('), open parenthesis ((), close parenthesis ()), and forward slashes (/). End the prefix with a forward slash. Default: aws-quickstart-sf/ Description: >- S3 key prefix that is used to simulate a folder for your copy of the deployment assets. Keep the default prefix unless you are customizing the template. Changing the prefix updates code references to point to a new location. Type: String AcceptLicenseAgreement: Description: >- Use of paid UiPath products and services is subject to the licensing agreement executed between you and UiPath. Unless otherwise indicated by UiPath, use of free UiPath products is subject to the associated licensing agreement available here: https://www.uipath.com/legal/trust-and-security/legal-terms (or successor website). Type true in the text input field to confirm that you agree to the applicable licensing agreement. Type: String AllowedPattern: ^true$ ConstraintDescription: >- You must accept the license agreement. Conditions: UsingDefaultBucket: !Equals - !Ref QSS3BucketName - uipath-s3-quickstart UsingAlb: !Equals - !Ref UseLevel7LoadBalancer - "ALB" UsingExistingSslCertificate: !Not [!Equals [!Ref AcmCertificateArn, ""]] GenerateSslCertificate: !And - !Not [!Condition UsingExistingSslCertificate] - !Condition UsingAlb DeployIam: !Or - !Equals ["", !Ref IamRoleArn] - !Equals ["", !Ref IamRoleName] IsMultiNode: !Equals - !Ref MultiNode - "Multi Node" UsingCustomUrl: !Not [!Equals [!Ref InstallerDownloadUrl, '']] IsBackupEnabled: !Equals [ !Ref EnableBackup, "true" ] IsProductionPM: !And - !Equals [!Ref ProcessMining, "true"] - !Condition IsMultiNode FindingAmiAtDeploy: !Equals - !Ref AmiId - '' UsingSharedBucket: !Equals [!Ref UseSharedBucket, "true"] NotUsingSharedBucket: !Not [!Condition UsingSharedBucket] DeployDataServiceStorageBucket: !Equals [!Ref DataService, "true"] DeployProcessMiningStorageBucket: !Equals [!Ref ProcessMining, "true"] DeployOrchestratorStorageBucket: !And - !Equals [!Ref Orchestrator, "true"] - !Condition NotUsingSharedBucket DeployAppsStorageBucket: !And - !Equals [!Ref BusinessApps, "true"] - !Condition NotUsingSharedBucket DeployTestManagerStorageBucket: !And - !Equals [!Ref TestManager, "true"] - !Condition NotUsingSharedBucket DeployAiCenterStorageBucket: !And - !Equals [!Ref AiCenter, "true"] - !Condition NotUsingSharedBucket DeployDocumentUnderstandingStorageBucket: !And - !Equals [!Ref DocumentUnderstanding, "true"] - !Condition NotUsingSharedBucket DeployTaskMiningStorageBucket: !And - !Equals [!Ref TaskMining, "true"] - !Condition NotUsingSharedBucket Resources: FindAmiLambdaRole: Type: 'AWS::IAM::Role' Condition: DeployIam Properties: Description: >- IAM role to be assumed by Lambda functions that find AMI IDs. AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: root PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 'ec2:DescribeImages' Resource: '*' - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub 'arn:${AWS::Partition}:logs:*:*:*' - Effect: Allow Action: - 'xray:PutTraceSegments' Resource: '*' FindAMIFunction: Type: 'AWS::Lambda::Function' Properties: Description: Finds a matching AMI ID. Handler: lambda_function.handler Role: !If [DeployIam, !GetAtt FindAmiLambdaRole.Arn, !Ref IamRoleArn] Code: S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Key: !Sub '${QSS3KeyPrefix}functions/packages/FindAmi/lambda.zip' Runtime: python3.9 Timeout: 30 TracingConfig: Mode: Active RDSPassword: Type: 'AWS::SecretsManager::Secret' Properties: Description: Password for the SF RDS instance. GenerateSecretString: SecretStringTemplate: '{"username": "admin"}' GenerateStringKey: "password" PasswordLength: 30 ExcludePunctuation: false ExcludeCharacters: '"@/\' OrgSecret: Type: 'AWS::SecretsManager::Secret' Properties: Description: Org secret SecretString: '{}' PlatformSecret: Type: 'AWS::SecretsManager::Secret' Properties: Description: Password for the SF platform. GenerateSecretString: SecretStringTemplate: '{"username": "admin"}' GenerateStringKey: "password" PasswordLength: 30 ExcludePunctuation: true ArgoCdSecret: Type: 'AWS::SecretsManager::Secret' Properties: Description: Password for ArgoCd. GenerateSecretString: SecretStringTemplate: '{"username": "admin"}' GenerateStringKey: "password" PasswordLength: 30 ExcludePunctuation: true ArgoCdUserSecret: Type: 'AWS::SecretsManager::Secret' Properties: Description: Password for ArgoCd readonly User argocdro. GenerateSecretString: SecretStringTemplate: '{"username": "argocdro"}' GenerateStringKey: "password" PasswordLength: 30 ExcludePunctuation: true InstallerDownloadUrlSSMParameter: Type: AWS::SSM::Parameter Properties: Name: !Sub "/${AWS::StackName}/InstallerDownloadUrl" Type: String Value: !If [UsingCustomUrl, !Ref InstallerDownloadUrl, !Sub "https://download.uipath.com/automation-suite/${UiPathVersion}/installer-${UiPathVersion}.zip"] Description: SSM Parameter for storing the Automation Suite Installer URL. RoutingStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/routing.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref QSS3BucketRegion Parameters: VPCID: !Ref VPCID VPCCIDR: !Ref VPCCIDR PublicSubnetIDs: !Join [",", !Ref PublicSubnetIDs] PrivateSubnetIDs: !Join [",", !Ref PrivateSubnetIDs] Fqdn: !Ref UiPathFQDN HostedZoneID: !Ref HostedZoneID SSLCertificateArn: !If [UsingAlb, !If [GenerateSslCertificate, !GetAtt ConfigureSSLStack.Outputs.ACMCertificate, !Ref AcmCertificateArn], ""] UseLevel7LoadBalancer: !Ref UseLevel7LoadBalancer UseInternalLoadBalancer: !Ref UseInternalLoadBalancer QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix ExternalStorageStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/external-storage.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref QSS3BucketRegion Parameters: UseSharedBucket: !Ref UseSharedBucket Orchestrator: !Ref Orchestrator Apps: !Ref BusinessApps TestManager: !Ref TestManager DataService: !Ref DataService AiCenter: !Ref AiCenter DocumentUnderstanding: !Ref DocumentUnderstanding TaskMining: !Ref TaskMining ProcessMining: !Ref ProcessMining QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix ServerStack: Type: 'AWS::CloudFormation::Stack' DependsOn: CreateInputJson Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/server.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref QSS3BucketRegion Parameters: VPCID: !Ref VPCID VPCCIDR: !Ref VPCCIDR PrivateSubnetIDs: !Join [",", !Ref PrivateSubnetIDs] PublicSubnetIDs: !Join [",", !Ref PublicSubnetIDs] DeploymentTargetGroupArn: !GetAtt - RoutingStack - Outputs.DeploymentTargetGroupArn KubeTargetGroupArn: !GetAtt - RoutingStack - Outputs.KubeTargetGroupArn Rke2RegistrationTargetGroupArn: !GetAtt - RoutingStack - Outputs.Rke2RegistrationTargetGroupArn BackupFileSystemDns: !If [ IsBackupEnabled, !GetAtt BackupStack.Outputs.BackupFileSystemDns, "" ] KeyPairName: !Ref KeyPairName AmiId: !Ref AmiId GpuAmiId: !Ref GpuAmiId InstanceType: !GetAtt ComputeResourceSize.InstanceType ASRobotsInstanceType: !GetAtt ComputeResourceSize.ASRobotsInstanceType ServerDiskSize: !GetAtt ComputeResourceSize.ServerDiskSize TmInstanceType: !GetAtt ComputeResourceSize.TmInstanceType GpuInstanceType: !GetAtt ComputeResourceSize.GpuInstanceType ServerInstanceCount: !GetAtt ComputeResourceSize.ServerInstanceCount AgentInstanceCount: !GetAtt ComputeResourceSize.AgentInstanceCount MultiNode: !Ref MultiNode PerformInstallation: !Ref PerformInstallation FindAMIFunctionArn: !GetAtt - FindAMIFunction - Arn QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix InputJsonSecretArn: !Ref InputJsonSecret KubeconfigSecretArn: !Ref KubeconfigSecret TaskMining: !Ref TaskMining ASRobots: !Ref ASRobots UseExternalOrchestrator: !Ref UseExternalOrchestrator OrchestratorCertificate: !Ref OrchestratorCertificate IdentityCertificate: !Ref IdentityCertificate AddGpu: !Ref AddGpu DeployBastion: !Ref DeployBastion InstallerDownloadUrlParameterName: !Ref InstallerDownloadUrlSSMParameter SharedStorageBucket: !If [UsingSharedBucket, !GetAtt ExternalStorageStack.Outputs.SharedStorageBucket, ''] PlatformStorageBucket: !If [NotUsingSharedBucket, !GetAtt ExternalStorageStack.Outputs.PlatformStorageBucket, ''] OrchestratorStorageBucket: !If [DeployOrchestratorStorageBucket, !GetAtt ExternalStorageStack.Outputs.OrchestratorStorageBucket, ''] AppsStorageBucket: !If [DeployAppsStorageBucket, !GetAtt ExternalStorageStack.Outputs.AppsStorageBucket, ''] TestManagerStorageBucket: !If [DeployTestManagerStorageBucket, !GetAtt ExternalStorageStack.Outputs.TestManagerStorageBucket, ''] DataServiceStorageBucket: !If [DeployDataServiceStorageBucket, !GetAtt ExternalStorageStack.Outputs.DataServiceStorageBucket, ''] AiCenterStorageBucket: !If [DeployAiCenterStorageBucket, !GetAtt ExternalStorageStack.Outputs.AiCenterStorageBucket, ''] DocumentUnderstandingStorageBucket: !If [DeployDocumentUnderstandingStorageBucket, !GetAtt ExternalStorageStack.Outputs.DocumentUnderstandingStorageBucket, ''] TaskMiningStorageBucket: !If [DeployTaskMiningStorageBucket, !GetAtt ExternalStorageStack.Outputs.TaskMiningStorageBucket, ''] ProcessMiningStorageBucket: !If [DeployProcessMiningStorageBucket, !GetAtt ExternalStorageStack.Outputs.ProcessMiningStorageBucket, ''] ConfigureSSLStack: Type: AWS::CloudFormation::Stack Condition: GenerateSslCertificate Properties: TemplateURL: !Sub - "https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-acm-certificate/templates/quickstart-aws-acm-certificate.template.yml" - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Sub "${QSS3KeyPrefix}submodules/quickstart-aws-acm-certificate/" DomainName: !Ref UiPathFQDN HostedZoneID: !Ref HostedZoneID IamRoleArn: !Ref IamRoleArn DatabaseStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/database.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref QSS3BucketRegion Parameters: VPCID: !Ref VPCID VPCCIDR: !Ref VPCCIDR SubnetIDs: !Join [",", !Ref PrivateSubnetIDs] RDSPasswordSecretArn: !Ref RDSPassword MultiAZ: !If [IsMultiNode, "true", "false"] IsProductionPM: !If [IsProductionPM, "true", "false"] RDSEngine: !Ref RDSEngine RDSVersion: !Ref RDSVersion KmsKeyId: !Ref DatabaseKmsKeyId BackupStack: Condition: IsBackupEnabled Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/backup.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref QSS3BucketRegion Parameters: VPCID: !Ref VPCID VPCCIDR: !Ref VPCCIDR PrivateSubnetIDs: !Join [",", !Ref PrivateSubnetIDs] NumberOfAZs: !Ref NumberOfAZs CreateInputJsonLambdaRole: Type: 'AWS::IAM::Role' Condition: DeployIam Properties: Description: >- IAM Role to be assumed by Lambda functions which find AMI ids AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: root PolicyDocument: Version: 2012-10-17 Statement: - Action: - "secretsmanager:GetSecretValue" - "secretsmanager:PutSecretValue" Resource: - !Ref InputJsonSecret - !Ref PlatformSecret - !Ref RDSPassword - !Ref OrgSecret - !Ref ArgoCdSecret - !Ref ArgoCdUserSecret Effect: Allow - Effect: Allow Action: - 'autoscaling:DescribeAutoScalingGroups' - 'autoscaling:DescribeAutoScalingInstances' Resource: '*' - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub 'arn:${AWS::Partition}:logs:*:*:*' - Effect: Allow Action: - 'xray:PutTraceSegments' Resource: '*' - Action: - ec2:DescribeImages - ec2:DescribeInstanceTypes - ec2:DescribeInstanceTypeOfferings Resource: - "*" Effect: Allow CreateInputJsonFunction: Type: 'AWS::Lambda::Function' Properties: Description: Create input json file Handler: lambda_function.handler Role: !If [DeployIam, !GetAtt CreateInputJsonLambdaRole.Arn, !Ref IamRoleArn] Code: S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Key: !Sub '${QSS3KeyPrefix}functions/packages/CreateInputJson/lambda.zip' Runtime: python3.9 Timeout: 30 TracingConfig: Mode: Active CreateInputJson: Type: 'Custom::CreateInputJson' Properties: ServiceToken: !GetAtt CreateInputJsonFunction.Arn RegionName: !Ref 'AWS::Region' AwsUrlSuffix: !Ref 'AWS::URLSuffix' TargetSecretArn: !Ref InputJsonSecret RDSPasswordSecretArn: !Ref RDSPassword PlatformSecretArn: !Ref PlatformSecret OrgSecretArn: !Ref OrgSecret ArgoCdSecretArn: !Ref ArgoCdSecret ArgoCdUserSecretArn: !Ref ArgoCdUserSecret Fqdn: !Ref UiPathFQDN RDSDBInstanceEndpointAddress: !GetAtt - DatabaseStack - Outputs.RDSDBInstanceEndpointAddress PMRDSDBInstanceEndpointAddress: !GetAtt - DatabaseStack - Outputs.PMRDSDBInstanceEndpointAddress MultiNode: !Ref MultiNode KubeLoadBalancerDns: !GetAtt - RoutingStack - Outputs.KubeLoadBalancerDns Orchestrator: !Ref Orchestrator ActionCenter: !Ref ActionCenter AutomationHub: !Ref AutomationHub AutomationOps: !Ref AutomationOps Insights: !Ref Insights TestManager: !Ref TestManager DataService: !Ref DataService AiCenter: !Ref AiCenter BusinessApps: !Ref BusinessApps DocumentUnderstanding: !Ref DocumentUnderstanding TaskMining: !Ref TaskMining ASRobots: !Ref ASRobots ProcessMining: !Ref ProcessMining UseExternalOrchestrator: !Ref UseExternalOrchestrator OrchestratorURL: !Ref OrchestratorURL IdentityURL: !Ref IdentityURL OrchestratorCertificate: !Ref OrchestratorCertificate IdentityCertificate: !Ref IdentityCertificate AddGpu: !Ref AddGpu ServerInstanceCount: !GetAtt ComputeResourceSize.ServerInstanceCount AgentInstanceCount: !GetAtt ComputeResourceSize.AgentInstanceCount PrivateSubnetIDs: !Join [",", !Ref PrivateSubnetIDs] ExtraConfigKeys: !Ref ExtraConfigKeys SelfSignedCertificateValidity: !Ref SelfSignedCertificateValidity SharedStorageBucket: !If [UsingSharedBucket, !GetAtt ExternalStorageStack.Outputs.SharedStorageBucket, ''] PlatformStorageBucket: !If [NotUsingSharedBucket, !GetAtt ExternalStorageStack.Outputs.PlatformStorageBucket, ''] OrchestratorStorageBucket: !If [DeployOrchestratorStorageBucket, !GetAtt ExternalStorageStack.Outputs.OrchestratorStorageBucket, ''] AppsStorageBucket: !If [DeployAppsStorageBucket, !GetAtt ExternalStorageStack.Outputs.AppsStorageBucket, ''] TestManagerStorageBucket: !If [DeployTestManagerStorageBucket, !GetAtt ExternalStorageStack.Outputs.TestManagerStorageBucket, ''] DataServiceStorageBucket: !If [DeployDataServiceStorageBucket, !GetAtt ExternalStorageStack.Outputs.DataServiceStorageBucket, ''] AiCenterStorageBucket: !If [DeployAiCenterStorageBucket, !GetAtt ExternalStorageStack.Outputs.AiCenterStorageBucket, ''] DocumentUnderstandingStorageBucket: !If [DeployDocumentUnderstandingStorageBucket, !GetAtt ExternalStorageStack.Outputs.DocumentUnderstandingStorageBucket, ''] TaskMiningStorageBucket: !If [DeployTaskMiningStorageBucket, !GetAtt ExternalStorageStack.Outputs.TaskMiningStorageBucket, ''] ProcessMiningStorageBucket: !If [DeployProcessMiningStorageBucket, !GetAtt ExternalStorageStack.Outputs.ProcessMiningStorageBucket, ''] ComputeResourceSizeLambdaRole: Type: 'AWS::IAM::Role' Condition: DeployIam Properties: Description: >- IAM Role to be assumed by Lambda functions which find AMI ids AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: root PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 'autoscaling:DescribeAutoScalingGroups' - 'autoscaling:DescribeAutoScalingInstances' - 'ec2:DescribeInstances' - 'ec2:DescribeInstanceTypeOfferings' - 'ec2:DescribeInstanceTypes' Resource: '*' - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub 'arn:${AWS::Partition}:logs:*:*:*' - Effect: Allow Action: - 'xray:PutTraceSegments' Resource: '*' ComputeResourceSizeFunction: Type: 'AWS::Lambda::Function' Properties: Description: Create input json file Handler: lambda_function.handler Role: !If [DeployIam, !GetAtt ComputeResourceSizeLambdaRole.Arn, !Ref IamRoleArn] Code: S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Key: !Sub '${QSS3KeyPrefix}functions/packages/ComputeResourceSize/lambda.zip' Runtime: python3.9 Timeout: 30 TracingConfig: Mode: Active ComputeResourceSize: Type: 'Custom::ComputeResourceSize' Properties: ServiceToken: !GetAtt ComputeResourceSizeFunction.Arn RegionName: !Ref 'AWS::Region' MultiNode: !Ref MultiNode Orchestrator: !Ref Orchestrator ActionCenter: !Ref ActionCenter AutomationHub: !Ref AutomationHub AutomationOps: !Ref AutomationOps Insights: !Ref Insights DataService: !Ref DataService TestManager: !Ref TestManager AiCenter: !Ref AiCenter BusinessApps: !Ref BusinessApps DocumentUnderstanding: !Ref DocumentUnderstanding TaskMining: !Ref TaskMining ProcessMining: !Ref ProcessMining ASRobots: !Ref ASRobots AddGpu: !Ref AddGpu InputJsonSecret: Type: 'AWS::SecretsManager::Secret' Properties: Description: Input Json file for the deployment SecretString: '{}' KubeconfigSecret: Type: 'AWS::SecretsManager::Secret' Properties: Description: The deployment kubeconfig file SecretString: '{}' ManagementStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/ec2-management.template.yaml - S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref QSS3BucketRegion Parameters: InstanceAMIImageNameSSMParameter: !If [FindingAmiAtDeploy, !GetAtt ServerStack.Outputs.InstanceAMIImageNameSSMParameter, ''] InstanceAMIIdSSMParameter: !GetAtt ServerStack.Outputs.InstanceAMIIdSSMParameter AgentAsgName: !GetAtt ServerStack.Outputs.AgentAsgName ServerAsgName: !GetAtt ServerStack.Outputs.ServerAsgName AsRobotsAsgName: !GetAtt ServerStack.Outputs.AsRobotsAsgName GpuAgentInstanceId: !GetAtt ServerStack.Outputs.GpuAgentInstanceId TMAgentInstanceId: !GetAtt ServerStack.Outputs.TMAgentInstanceId ServerLaunchTemplateName: !GetAtt ServerStack.Outputs.ServerLaunchTemplateName AgentLaunchTemplateName: !GetAtt ServerStack.Outputs.AgentLaunchTemplateName ASRobotsLaunchTemplateName: !GetAtt ServerStack.Outputs.ASRobotsLaunchTemplateName InstanceIamRoleArn: !GetAtt ServerStack.Outputs.InstanceIamRoleArn ExistingIamRole: !If [DeployIam, 'false', 'true'] UseExternalOrchestrator: !Ref UseExternalOrchestrator QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix Outputs: FQDNLoadBalancer: Description: UiPath Service Fabric login page. Value: !Sub "https://${UiPathFQDN}" Postdeployment: Description: See the documentation for post-deployment steps. Value: https://docs.uipath.com/automation-suite/docs/aws-post-deployment-steps InputJsonSecret: Description: Secret storing the input.json content. Value: !Ref InputJsonSecret PlatformSecret: Description: Secret storing the platform host tenant credentials. Value: !Ref PlatformSecret ArgoCdSecret: Description: Secret storing the ArgoCD administrator credentials. Value: !Ref ArgoCdSecret ArgoCdUserSecret: Description: Secret storing the ArgoCD read-only user credentials. Value: !Ref ArgoCdUserSecret OrgSecret: Description: Secret storing the organization administrator credentials. Value: !Ref OrgSecret ClusterAdministrationURL: Description: The Unified UI for Cluster management page. Value: !Sub "https://${UiPathFQDN}/uipath-management/"