# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"). # You may not use this file except in compliance with the License. # A copy of the License is located at # # http://www.apache.org/licenses/LICENSE-2.0 # # or in the "license" file accompanying this file. This file is distributed # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either # express or implied. See the License for the specific language governing # permissions and limitations under the License. # The child templates we added an X to the end of the solutionID for so only the root template is counted in reporting. AWSTemplateFormatVersion: 2010-09-09 Description: (SO0153X) - __SOLUTION_NAME__ __VERSION__ Create an FSx for Windows file system. Parameters: VPCID: Description: VPC ID for Storage Gateway Type: AWS::EC2::VPC::Id DirectoryId: Description: The ID for an existing AWS Managed Microsoft Active Directory (AD) instance that the file system should join when it's created. Type: String AllowedPattern: "^d-[0-9a-f]{10}$" FileSystemSize: Description: The storage capacity of the file system being created. 32 GiB - 65,536 GiB (64 TiB) Type: Number Default: 1024 MinValue: 32 MaxValue: 65536 FSxThroughput: Description: > The throughput capacity of an Amazon FSx file system, measured in megabytes per second in powers of 2 (8, 16, 32, ... , 1024), with the recommended value based on the file system size: 8 for <800 GiB, 16 for <1600 GiB, ... 512 for <51200 GiB, 1024 for >=51200 GiB Type: Number AllowedValues: - 8 - 16 - 32 - 64 - 128 - 256 - 512 - 1024 - 2048 AZDeploymentMode: Description: "Specifies the file system deployment type" Type: String Default: SINGLE_AZ_2 AllowedValues: - SINGLE_AZ_2 - MULTI_AZ_1 PrimarySubnetAccess: Description: Specifies the primary subnet that the file system will be accessible from Type: AWS::EC2::Subnet::Id SecondarySubnetAccess: Description: Specifies the subnets that the file system will be accessible from Type: AWS::EC2::Subnet::Id Project: Description: Tag used for resources and billing Type: String Default: cloud-edit-fsx DomainMemberSGID: Description: ID of the Domain Member Security Group (e.g., sg-7f16e910) Type: AWS::EC2::SecurityGroup::Id HostAccessSGID: Description: ID of the Host Access Security Group (e.g., sg-7f16e910) Type: AWS::EC2::SecurityGroup::Id Conditions: MultiAZ: !Equals [!Ref AZDeploymentMode, MULTI_AZ_1] Resources: FSXBaseSG: Type: "AWS::EC2::SecurityGroup" Metadata: cfn_nag: rules_to_suppress: - id: W5 reason: "Using open egress so that FSX has full internet access" - id: W29 reason: "Using open egress so that FSX has full internet access" Properties: GroupDescription: Base Security Group for SecGrp VpcId: !Ref VPCID SecurityGroupEgress: - IpProtocol: udp Description: "All UDP Traffic" FromPort: 0 ToPort: 65535 CidrIp: 0.0.0.0/0 - IpProtocol: tcp Description: "All TCP Traffic" FromPort: 0 ToPort: 65535 CidrIp: 0.0.0.0/0 SecurityGroupIngress: - IpProtocol: tcp Description: "Directory Services SMB file sharing" SourceSecurityGroupId: !Ref DomainMemberSGID FromPort: 445 ToPort: 445 - IpProtocol: tcp Description: "WinRM 2.0 (Microsoft Windows Remote Management)" SourceSecurityGroupId: !Ref DomainMemberSGID FromPort: 5985 ToPort: 5985 FSxFileSystem: Type: AWS::FSx::FileSystem Properties: FileSystemType: WINDOWS SecurityGroupIds: - !Ref DomainMemberSGID - !GetAtt "FSXBaseSG.GroupId" StorageCapacity: !Ref FileSystemSize SubnetIds: - !Ref PrimarySubnetAccess - !If [MultiAZ, !Ref SecondarySubnetAccess, !Ref "AWS::NoValue"] Tags: - Key: Name Value: !Sub "${Project}-FSx" WindowsConfiguration: ActiveDirectoryId: !Ref DirectoryId AutomaticBackupRetentionDays: 0 DeploymentType: !Ref AZDeploymentMode PreferredSubnetId: !If [MultiAZ, !Ref PrimarySubnetAccess, !Ref "AWS::NoValue"] ThroughputCapacity: !Ref FSxThroughput Outputs: FSXSecurityGroup: Value: !Ref "FSXBaseSG" Description: Security group for the FSX FileSystem created FSxFileSystem: Value: !Ref "FSxFileSystem" Description: The FSX FileSystem Created