# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"). # You may not use this file except in compliance with the License. # A copy of the License is located at # # http://www.apache.org/licenses/LICENSE-2.0 # # or in the "license" file accompanying this file. This file is distributed # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either # express or implied. See the License for the specific language governing # permissions and limitations under the License. # AWSTemplateFormatVersion: '2010-09-09' Description: (SO0153) - __SOLUTION_NAME__ __VERSION__ # Solution Builder Specific Mappings Mappings: SourceCode: General: S3Bucket: "__BUCKET_NAME__" KeyPrefix: "__SOLUTION_NAME__/__VERSION__" S3TemplateBucket: "__TEMPLATE_BUCKET_NAME__" # Added for Application Registry Solution: Project: Id: "SO0153" Version: "__VERSION__" AppRegistryApplicationName: 'edit-in-the-cloud-on-aws' SolutionName: 'AWS Edit in the Cloud' ApplicationType: 'AWS-Solutions' AnonymizedData: SendAnonymizedData: Data: "Yes" Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network Configuration Parameters: - AvailabilityZones - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - Label: default: Amazon EC2 Configuration Parameters: - EditHostInstanceType - EditHostAccessCIDR - KeyPairName - RemoteDisplayProtocol - TeradiciDownloadToken - Label: default: Microsoft Active Directory Configuration Parameters: - DomainDNSName - DomainNetBIOSName - DomainAdminUser - DomainAdminPassword - ADEdition - Label: default: FSX Configuration Parameters: - FileSystemSize - FSxThroughput - AZDeploymentMode ParameterLabels: AvailabilityZones: default: Availability Zones DomainAdminUser: default: Domain Admin User ADEdition: default: Standard or Enterprise DomainAdminPassword: default: Domain Admin Password DomainDNSName: default: Domain DNS Name DomainNetBIOSName: default: Domain NetBIOS Name EditHostAccessCIDR: default: Edit Host Access CIDR KeyPairName: default: Key Pair Name RemoteDisplayProtocol: default: Remote Display Protocol TeradiciDownloadToken: default: Teradici Download Token EditHostInstanceType: default: Amazon EC2 instance type for the video editing server PrivateSubnet1CIDR: default: Private Subnet 1 CIDR PrivateSubnet2CIDR: default: Private Subnet 2 CIDR PublicSubnet1CIDR: default: Public Subnet 1 CIDR PublicSubnet2CIDR: default: Public Subnet 2 CIDR VPCCIDR: default: VPC CIDR FileSystemSize: default: FSx File System Size FSxThroughput: default: FSx Throughput AZDeploymentMode: default: FSx AZ Deployment Mode Parameters: AvailabilityZones: Description: >- Select 2 Availability Zones to use for the VPC subnets. Type: List ADEdition: Description: >- Active Directory edition to deploy. Type: String Default: Standard AllowedValues: - Standard - Enterprise DomainAdminUser: AllowedPattern: '[a-zA-Z0-9]*' Default: Admin Description: >- User name for the account that will be added as Domain Administrator. This is separate from the default "Administrator" account MaxLength: '25' MinLength: '5' Type: String DomainAdminPassword: AllowedPattern: (?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.* Description: >- Password for the domain admin user. Must be at least 8 characters containing letters, numbers and symbols MaxLength: '32' MinLength: '8' NoEcho: 'true' Type: String DomainDNSName: AllowedPattern: '[a-zA-Z0-9]+\..+' Default: example.com Description: Fully qualified domain name (FQDN) of the forest root domain e.g. example.com MaxLength: '255' MinLength: '2' Type: String DomainNetBIOSName: AllowedPattern: '[a-zA-Z0-9]+' Default: example Description: >- NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Windows e.g. EXAMPLE MaxLength: '15' MinLength: '1' Type: String EditHostAccessCIDR: ConstraintDescription: EditHostAccessCIDR parameter must be in the form x.x.x.x/FIXME Description: CIDR block to control access to the Edit Host Type: String EditHostInstanceType: Description: Amazon EC2 instance type for the Video Editing Servers Type: String Default: g4dn.4xlarge AllowedValues: - g4dn.xlarge - g4dn.2xlarge - g4dn.4xlarge - g4dn.8xlarge - g4dn.16xlarge - g4dn.12xlarge KeyPairName: Description: >- Public/private key pairs allow you to securely connect to your instance after it launches Type: AWS::EC2::KeyPair::KeyName RemoteDisplayProtocol: Description: Remote Display Protocol configured on the instance (Teradici PCoIP | NICE DCV) Type: String Default: nicedcv AllowedValues: - teradici - nicedcv TeradiciDownloadToken: Description: (REQUIRED if using Teradici). Download Token for Teradici Graphics Agent for Windows installer. Copy this 16-character token, located immediately after 'https://dl.teradici.com/' in the download URLs provided within the "Download using a script" section of https://docs.teradici.com/find/product/cloud-access-software, after signing in and agreeing to the EULA. Type: String PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Description: CIDR block for private subnet 1 located in Availability Zone 1 Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Description: CIDR block for private subnet 2 located in Availability Zone 2 Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/20 Description: CIDR Block for the public DMZ subnet 1 located in Availability Zone 1 Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.144.0/20 Description: CIDR Block for the public DMZ subnet 2 located in Availability Zone 2 Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR Block for the VPC Type: String Project: Description: Tag used for billing and resource groups Type: String Default: edit-in-the-cloud-on-aws FileSystemSize: Description: The storage capacity of the file system being created. 32 GiB - 65,536 GiB (64 TiB) Type: Number Default: 1024 MinValue: 32 MaxValue: 65536 FSxThroughput: Description: >- The throughput capacity of an Amazon FSx file system, measured in megabytes per second in powers of 2 (8, 16, 32, ... , 1024), with the recommended value based on the file system size: 8 for <800 GiB, 16 for <1600 GiB, ... 512 for <51200 GiB, 1024 for >=51200 GiB Type: Number Default: 16 AllowedValues: - 8 - 16 - 32 - 64 - 128 - 256 - 512 - 1024 - 2048 AZDeploymentMode: Description: 'Specifies the file system deployment type' Type: String Default: SINGLE_AZ_2 AllowedValues: - SINGLE_AZ_2 - MULTI_AZ_1 Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: https://aws-quickstart.s3.amazonaws.com/quickstart-aws-vpc/templates/aws-vpc.template.yaml Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' VPCCIDR: !Ref 'VPCCIDR' HostSecGrpStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Join - / - - https://s3.amazonaws.com - !FindInMap - SourceCode - General - S3TemplateBucket - !FindInMap - SourceCode - General - KeyPrefix - aws-edit-in-the-cloud-host-security-group.template Parameters: HostAccessCIDR: !Ref 'EditHostAccessCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' RemoteDisplayProtocol: !Ref 'RemoteDisplayProtocol' ADStack: DependsOn: HostSecGrpStack Type: AWS::CloudFormation::Stack Properties: TemplateURL: https://aws-quickstart.s3.amazonaws.com/quickstart-microsoft-activedirectory/templates/ad-3.template Parameters: DomainAdminPassword: !Ref 'DomainAdminPassword' ADEdition: Standard DomainDNSName: !Ref 'DomainDNSName' DomainNetBIOSName: !Ref 'DomainNetBIOSName' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' VPCCIDR: !Ref VPCCIDR VPCID: !GetAtt 'VPCStack.Outputs.VPCID' MgmtServer: 'false' KeyPairName: !Ref 'KeyPairName' CloudVideoEditingStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Join - / - - https://s3.amazonaws.com - !FindInMap - SourceCode - General - S3TemplateBucket - !FindInMap - SourceCode - General - KeyPrefix - aws-edit-in-the-cloud-edit-host.template Parameters: DirectoryId: !GetAtt 'ADStack.Outputs.DirectoryID' ADServer1PrivateIP: !GetAtt 'ADStack.Outputs.ADServer1PrivateIP' ADServer2PrivateIP: !GetAtt 'ADStack.Outputs.ADServer2PrivateIP' DomainDNSName: !Ref 'DomainDNSName' DomainMemberSGID: !GetAtt 'ADStack.Outputs.DomainMemberSGID' DomainNetBIOSName: !Ref 'DomainNetBIOSName' InstanceType: !Ref 'EditHostInstanceType' KeyPairName: !Ref 'KeyPairName' RemoteDisplayProtocol: !Ref 'RemoteDisplayProtocol' TeradiciDownloadToken: !Ref 'TeradiciDownloadToken' HostSubnetId: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' FSxNetworkFileShare: !GetAtt 'FSXDNSNameStack.Outputs.FSxNetworkShare' SGWNetworkFileShare: 'NONE' CloudFormationBucketName: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] CloudFormationKeyPrefix: !FindInMap ["SourceCode", "General", "KeyPrefix"] ExistingHostSecurityGroupID: !GetAtt 'HostSecGrpStack.Outputs.EditInstanceSG' FSXGatewayStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Join - / - - https://s3.amazonaws.com - !FindInMap - SourceCode - General - S3TemplateBucket - !FindInMap - SourceCode - General - KeyPrefix - aws-edit-in-the-cloud-fsx-filesystem.template Parameters: VPCID: !GetAtt 'VPCStack.Outputs.VPCID' DirectoryId: !GetAtt 'ADStack.Outputs.DirectoryID' FileSystemSize: !Ref FileSystemSize FSxThroughput: !Ref FSxThroughput AZDeploymentMode: !Ref AZDeploymentMode PrimarySubnetAccess: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' SecondarySubnetAccess: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' Project: !Ref Project DomainMemberSGID: !GetAtt 'ADStack.Outputs.DomainMemberSGID' HostAccessSGID: !GetAtt 'HostSecGrpStack.Outputs.EditInstanceSG' FSXDNSNameStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Join - / - - https://s3.amazonaws.com - !FindInMap - SourceCode - General - S3TemplateBucket - !FindInMap - SourceCode - General - KeyPrefix - aws-edit-in-the-cloud-fsx-dns-name.template Parameters: botoConfig: '{"user_agent_extra": "AwsSolution/SO0153/__VERSION__"}' Project: !Ref Project CloudFormationBucketName: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] LambdaFunctionS3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "fsx-dns-name.zip"]] Boto3LayerS3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "boto3-layer.zip"]] FSxFileSystemID: !GetAtt 'FSXGatewayStack.Outputs.FSxFileSystem' SendAnonymizedMetric: Fn::FindInMap: - AnonymizedData - SendAnonymizedData - Data ################################################################################ # # AppRegistry # ################################################################################ Application: Type: AWS::ServiceCatalogAppRegistry::Application Properties: Description: !Sub - Service Catalog application to track and manage all your resources. The Solution ID is ${solutionId} and Solution Version is ${solutionVersion}. - solutionId: !FindInMap - Solution - Project - Id solutionVersion: !FindInMap - Solution - Project - Version Name: !Join - "-" - - !FindInMap - Solution - Project - AppRegistryApplicationName - !Ref AWS::Region - !Ref AWS::StackName - !Ref AWS::AccountId Tags: { "Solutions:SolutionID": !FindInMap [Solution, Project, Id], "Solutions:SolutionName": !FindInMap [Solution, Project, SolutionName], "Solutions:SolutionVersion": !FindInMap [Solution, Project, Version], "Solutions:ApplicationType": !FindInMap [Solution, Project, ApplicationType], } DefaultApplicationAttributes: Type: AWS::ServiceCatalogAppRegistry::AttributeGroup Properties: Name: !Join ["-", [!Ref "AWS::Region", !Ref "AWS::StackName"]] Description: Attribute group for solution information. Attributes: { "ApplicationType": !FindInMap [Solution, Project, ApplicationType], "Version": !FindInMap [Solution, Project, Version], "SolutionID": !FindInMap [Solution, Project, Id], "SolutionName": !FindInMap [Solution, Project, SolutionName], } AppRegistryApplicationAttributeAssociation: Type: AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation Properties: Application: !GetAtt Application.Id AttributeGroup: !GetAtt DefaultApplicationAttributes.Id AppRegistryApplicationStackAssociation: Type: AWS::ServiceCatalogAppRegistry::ResourceAssociation Properties: Application: !GetAtt Application.Id Resource: !Ref AWS::StackId ResourceType: CFN_STACK CustomResourceRoleMetrics: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: lambda.amazonaws.com Version: '2012-10-17' Tags: - Key: SolutionId Value: SO0153 CustomResourcePolicyMetrics: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Effect: Allow Resource: Fn::Join: - '' - - 'arn:' - Ref: AWS::Partition - ":logs:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":log-group:/aws/lambda/*" Version: '2012-10-17' PolicyName: CustomResourcePolicyMetrics Roles: - Ref: CustomResourceRoleMetrics CustomResource: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "custom-resource.zip"]] Role: Fn::GetAtt: - CustomResourceRoleMetrics - Arn Description: Used to deploy resources not supported by CloudFormation Environment: Variables: SOLUTION_IDENTIFIER: AwsSolution/SO0153/__VERSION__ FunctionName: Fn::Join: - '' - - Ref: AWS::StackName - "-custom-resource" Handler: index.handler Runtime: nodejs18.x Tags: - Key: SolutionId Value: SO0153 Timeout: 30 DependsOn: - CustomResourcePolicyMetrics - CustomResourceRoleMetrics UUID: Type: AWS::CloudFormation::CustomResource Properties: ServiceToken: Fn::GetAtt: - CustomResource - Arn Resource: UUID UpdateReplacePolicy: Delete DeletionPolicy: Delete AnonymizedMetric: Type: AWS::CloudFormation::CustomResource Properties: ServiceToken: Fn::GetAtt: - CustomResource - Arn Resource: AnonymizedMetric SolutionId: SO0153 UUID: Fn::GetAtt: - UUID - UUID Version: __VERSION__ SendAnonymizedMetric: Fn::FindInMap: - AnonymizedData - SendAnonymizedData - Data UpdateReplacePolicy: Delete DeletionPolicy: Delete Outputs: VPCID: Value: !GetAtt 'VPCStack.Outputs.VPCID' Description: ID of the VPC just created PrimaryPrivateSubnetID: Value: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' Description: Primary Private Subnet for VPC Created SecondaryPrivateSubnetID: Value: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' Description: Secondary Private Subnet for VPC Created PrimaryPublicSubnetID: Value: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' Description: Primary Public Subnet for VPC Created SecondaryPublicSubnetID: Value: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' Description: Secondary Public Subnet for VPC Created HostSecurityGroupID: Value: !GetAtt 'HostSecGrpStack.Outputs.EditInstanceSG' Description: Host Security Group ID - for controlling ingress into remote edit host DomainMemberSGID: Value: !GetAtt 'ADStack.Outputs.DomainMemberSGID' Description: AD Domain Members Security Group ID DirectoryID: Value: !GetAtt 'ADStack.Outputs.DirectoryID' Description: Microsoft Active Directory ID EditHostInstanceID: Value: !GetAtt 'CloudVideoEditingStack.Outputs.InstanceId' Description: InstanceId of the newly created EC2 instance FSXSecurityGroup: Value: !GetAtt 'FSXGatewayStack.Outputs.FSXSecurityGroup' Description: Security group for the FSX FileSystem created FSxFileSystem: Value: !GetAtt 'FSXGatewayStack.Outputs.FSxFileSystem' Description: The FSX FileSystem Created FSxNetworkShare: Description: The Network Share Mapping for the FSX FileSystem Created Value: !GetAtt FSXDNSNameStack.Outputs.FSxNetworkShare