# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"). # You may not use this file except in compliance with the License. # A copy of the License is located at # # http://www.apache.org/licenses/LICENSE-2.0 # # or in the "license" file accompanying this file. This file is distributed # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either # express or implied. See the License for the specific language governing # permissions and limitations under the License. # The child templates we added an X to the end of the solutionID for so only the root template is counted in reporting. Description: (SO0153X) - __SOLUTION_NAME__ __VERSION__ Create a windows host with a custom volume size, create a role and security group as well. Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Amazon EC2 Configuration Parameters: - HostSubnetId - ExistingHostSecurityGroupID - KeyPairName - RemoteDisplayProtocol - TeradiciDownloadToken - FSxNetworkFileShare - SGWNetworkFileShare - Label: default: Microsoft Active Directory Configuration Parameters: - DomainDNSName - DomainNetBIOSName - DirectoryId - ADServer1PrivateIP - ADServer2PrivateIP - Label: default: CloudFormation Resource Location Parameters: - CloudFormationBucketName - CloudFormationKeyPrefix ParameterLabels: DomainDNSName: default: Domain DNS Name DomainNetBIOSName: default: Domain NetBIOS Name DirectoryId: default: Managed AD Directory ID ADServer1PrivateIP: default: First IP address of Managed AD ADServer2PrivateIP: default: Second IP address of Managed AD HostSubnetId: default: Subnet for edit host - should be public for remote access KeyPairName: default: Key Pair Name RemoteDisplayProtocol: default: Remote Display Protocol TeradiciDownloadToken: default: Teradici Download Token InstanceType: default: Amazon EC2 instance type for the video editing server ExistingHostSecurityGroupID: default: Security Group ID for the video editing server (e.g., sg-7f16e910) FSxNetworkFileShare: default: 'URI for FSx network file share' SGWNetworkFileShare: default: 'URI for Storage Gateway network file share' CloudFormationBucketName: default: CloudFormation S3 Bucket Name CloudFormationKeyPrefix: default: CloudFormation S3 Key Prefix Parameters: DirectoryId: Description: Managed AD Directory ID Type: String ADServer1PrivateIP: Description: IP address of first Managed AD Server Type: String ADServer2PrivateIP: Description: IP address of second Managed AD Server Type: String DomainDNSName: AllowedPattern: '[a-zA-Z0-9]+\..+' Default: example.com Description: Fully qualified domain name (FQDN) of the forest root domain e.g. corp.example.com MaxLength: '255' MinLength: '2' Type: String DomainNetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: example Description: NetBIOS name of the domain (upto 15 characters) for users of earlier versions of Windows e.g. CORP MaxLength: '15' MinLength: '1' Type: String DomainMemberSGID: Description: ID of the Domain Member Security Group (e.g., sg-7f16e910) Type: AWS::EC2::SecurityGroup::Id HostSubnetId: Description: Subnet for edit host - should be public for remote access Type: String KeyPairName: Type: String Description: Keypair for the instance RemoteDisplayProtocol: Description: Remote Display Protocol configured on the instance (Teradici PCoIP | NICE DCV) Type: String Default: teradici AllowedValues: - teradici - nicedcv TeradiciDownloadToken: Description: (REQUIRED if using Teradici). Download Token for Teradici Graphics Agent for Windows installer. Copy this 16-character token, located immediately after 'https://dl.teradici.com/' in the download URLs provided within the "Download using a script" section of https://docs.teradici.com/find/product/cloud-access-software, after signing in and agreeing to the EULA. Type: String InstanceType: Type: String Description: Amazon EC2 instance type for the video editing server Default: g4dn.4xlarge Windows2019AmiId: Type: 'AWS::SSM::Parameter::Value' Default: '/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-Base' ExistingHostSecurityGroupID: Description: ID of the Host Security Group allowing remote ingres (e.g., sg-7f16e910) Type: AWS::EC2::SecurityGroup::Id FSxNetworkFileShare: Description: 'URI for FSx network file share' Type: String Default: 'NONE' SGWNetworkFileShare: Description: 'URI for SGW network file share' Type: String Default: 'NONE' CloudFormationBucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: >- CloudFormation assets bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-) Description: >- S3 bucket name for the CloudFormation assets. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String CloudFormationKeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/\.]*$ ConstraintDescription: >- CloudFormation assets key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Description: >- S3 key prefix for the CloudFormation assets. The key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String Conditions: DeployTeradici: !Equals [!Ref RemoteDisplayProtocol, teradici] DeployNICEDCV: !Equals [!Ref RemoteDisplayProtocol, nicedcv] Resources: EditHostRole: Type: AWS::IAM::Role Properties: Policies: - PolicyDocument: Version: '2012-10-17' Statement: - Action: - s3:GetObject Resource: !Sub 'arn:aws:s3:::${CloudFormationBucketName}/${CloudFormationKeyPrefix}*' Effect: Allow - Action: - s3:ListBucket Resource: 'arn:aws:s3:::ec2-windows-nvidia-drivers' Effect: Allow - Action: - s3:GetObject Resource: 'arn:aws:s3:::ec2-windows-nvidia-drivers/*' Effect: Allow - !If - DeployNICEDCV - Action: - s3:GetObject Resource: !Sub 'arn:aws:s3:::dcv-license.${AWS::Region}/*' Effect: Allow - !Ref AWS::NoValue PolicyName: aws-s3-policy ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonSSMDirectoryServiceAccess - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore Path: / AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Principal: Service: - ec2.amazonaws.com Effect: Allow Version: '2012-10-17' IAMInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref 'EditHostRole' EditInstance: Type: AWS::EC2::Instance Metadata: AWS::CloudFormation::Authentication: S3AccessCreds: type: S3 roleName: !Ref 'EditHostRole' buckets: - !Ref 'CloudFormationBucketName' AWS::CloudFormation::Init: configSets: config: - setup - configInstance - !If - DeployNICEDCV - installNICEDCV - !Ref AWS::NoValue - !If - DeployTeradici - installTeradici - !Ref AWS::NoValue - finalize setup: services: windows: Audiosrv: ensureRunning: 'true' enabled: 'true' files: C:\cfn\scripts\Unzip-Archive.ps1: source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/Unzip-Archive.ps1' authentication: S3AccessCreds C:\cfn\modules\AWSQuickStart.zip: source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/AWSQuickStart.zip' authentication: S3AccessCreds commands: a-set-execution-policy: command: powershell.exe -Command "Set-ExecutionPolicy RemoteSigned -Force" waitAfterCompletion: '0' b-unpack-quickstart-module: command: powershell.exe -Command C:\cfn\scripts\Unzip-Archive.ps1 -Source C:\cfn\modules\AWSQuickStart.zip -Destination C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ waitAfterCompletion: '0' c-init-quickstart-module: command: !Join - '' - - powershell.exe -Command " - New-AWSQuickStartResourceSignal -Stack ' - !Ref 'AWS::StackName' - ''' -Resource ''EditInstance'' -Region ''' - !Ref 'AWS::Region' - '''"' waitAfterCompletion: '0' configInstance: files: C:\cfn\scripts\install-packages.ps1: source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/install-packages.ps1' authentication: S3AccessCreds C:\cfn\scripts\install-gpu-drivers.ps1: source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/install-gpu-drivers.ps1' authentication: S3AccessCreds C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\automount.bat: content: !Sub | @echo OFF if NOT "%username%" == "Administrator" ( if NOT "${SGWNetworkFileShare}" == "NONE" ( net use S: ${SGWNetworkFileShare} ) if NOT "${FSxNetworkFileShare}" == "NONE" ( net use F: ${FSxNetworkFileShare} ) ) else ( echo Administrator Login - No network mounts ) commands: '01-install-packages': command: 'powershell.exe -ExecutionPolicy Unrestricted C:\cfn\scripts\install-packages.ps1 -Verbose' waitAfterCompletion: '0' '05-install-gpu-drivers': command: 'powershell.exe -ExecutionPolicy Unrestricted C:\cfn\scripts\install-gpu-drivers.ps1 -Verbose' waitAfterCompletion: '0' # '10-reboot': # command: 'powershell.exe -ExecutionPolicy Unrestricted C:\cfn\scripts\Restart-Computer.ps1' # waitAfterCompletion: forever installNICEDCV: files: C:\cfn\scripts\install-nicedcv.ps1: source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/install-nicedcv.ps1' authentication: S3AccessCreds C:\Program Files\NICE\DCV\Server\conf\console-permissions.txt: content: | [permissions] %owner% allow builtin %any% allow builtin commands: '01-install-nicedcv': command: 'powershell.exe -ExecutionPolicy Unrestricted C:\cfn\scripts\install-nicedcv.ps1 -Verbose' waitAfterCompletion: '0' installTeradici: files: C:\cfn\scripts\install-teradici.ps1: source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/install-teradici.ps1' authentication: S3AccessCreds C:\cfn\scripts\conf.ps1: content: !Sub | $TeradiciDownloadToken = "${TeradiciDownloadToken}" commands: '01-install-teradici': command: 'powershell.exe -ExecutionPolicy Unrestricted C:\cfn\scripts\install-teradici.ps1 -Verbose' waitAfterCompletion: '0' restartComputer: files: C:\cfn\scripts\Restart-Computer.ps1: source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/Restart-Computer.ps1' authentication: S3AccessCreds commands: '01-restart-computer': command: 'powershell.exe -ExecutionPolicy Unrestricted C:\cfn\scripts\Restart-Computer.ps1' waitAfterCompletion: forever finalize: commands: 1-signal-success: command: powershell.exe -Command "Write-AWSQuickStartStatus" waitAfterCompletion: '0' Properties: BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: VolumeSize: 100 Encrypted: true InstanceType: !Ref 'InstanceType' IamInstanceProfile: !Ref 'IAMInstanceProfile' ImageId: !Ref Windows2019AmiId Tags: - Key: Name Value: win-host Monitoring: true ## Removed so that CFN can rollback successfully # DisableApiTermination: true NetworkInterfaces: - GroupSet: - !Ref 'ExistingHostSecurityGroupID' - !Ref DomainMemberSGID DeviceIndex: '0' SubnetId: !Ref HostSubnetId KeyName: !Ref 'KeyPairName' SsmAssociations: - DocumentName: "AWS-JoinDirectoryServiceDomain" AssociationParameters: - Key: "directoryId" Value: - !Ref DirectoryId - Key: "directoryName" Value: - !Ref DomainDNSName - Key: "dnsIpAddresses" Value: - !Ref ADServer1PrivateIP - !Ref ADServer2PrivateIP UserData: !Base64 Fn::Join: - '' - - "\n" CreationPolicy: ResourceSignal: Count: 1 Timeout: PT15M IPAddress: Type: AWS::EC2::EIP IPAssoc: Type: AWS::EC2::EIPAssociation Properties: InstanceId: !Ref 'EditInstance' EIP: !Ref 'IPAddress' Outputs: EditInstanceSG: Value: !Ref 'ExistingHostSecurityGroupID' Description: The SG for the Edit Instance Export: Name: !Sub '${AWS::StackName}-edit-instance-sg' InstanceId: Description: InstanceId of the newly created EC2 instance Value: !Ref 'EditInstance' InstanceIPAddress: Description: IP address of the newly created EC2 instance Value: !Ref 'IPAddress'